top | item 45577002 (no title) swinglock | 4 months ago You should block the whole /64, at least. It's often a single host. It's often but not always a single host, that's standardized. discuss order hn newest vladvasiliu|4 months ago Usually a /64 is a "local network", so in the case of consumer ISPs that's all the devices belonging to a given client, not a single device.Some ISPs provide multiple /64s, but in the default configuration the router only announces the first /64 to the local network. TZubiri|4 months ago Presumably a compromised device can request arbitrarily new ipv6 from the dhcp so the entire block would be compromised. It would be interesting to see if standard dhcp could limit auto leasing to guard reputation of the network load replies (1) swinglock|4 months ago In mobile networks it's usually a single device.
vladvasiliu|4 months ago Usually a /64 is a "local network", so in the case of consumer ISPs that's all the devices belonging to a given client, not a single device.Some ISPs provide multiple /64s, but in the default configuration the router only announces the first /64 to the local network. TZubiri|4 months ago Presumably a compromised device can request arbitrarily new ipv6 from the dhcp so the entire block would be compromised. It would be interesting to see if standard dhcp could limit auto leasing to guard reputation of the network load replies (1) swinglock|4 months ago In mobile networks it's usually a single device.
TZubiri|4 months ago Presumably a compromised device can request arbitrarily new ipv6 from the dhcp so the entire block would be compromised. It would be interesting to see if standard dhcp could limit auto leasing to guard reputation of the network load replies (1)
vladvasiliu|4 months ago
Some ISPs provide multiple /64s, but in the default configuration the router only announces the first /64 to the local network.
TZubiri|4 months ago
swinglock|4 months ago