Surprising Privacy Dangers of IPv6!

Поделиться
HTML-код
  • Опубликовано: 15 дек 2024

Комментарии • 270

  • @magneticshrimp7429
    @magneticshrimp7429 4 года назад +55

    There are some problems with IPv6, but these are not it.
    All ISP customer routers I've seen blocks inbound IPv6 by default when IPv6 is enabled.
    Most devices these days randomize their interface identifier part of the address either periodically or hashing the prefix + some local secret + eui (or some other stable identifier). This way the MAC/EUI/"serial" is not encoded into the address, and also does not stay the same when moving to other networks. The way IPv6 SLAAC *used to* address using the MAC/EUI was madness. That design was from before the internet became a privacy nightmare and has fallen out of favor (well more or less.)
    Neighbor Discovery is similar to ARP in IPv4 and has many of the same security problems. It is also just local to your network segment so doesnt really matter in the grand scheme of things. If you absolutely must secure it, the mechanisms to do so is very similar in IPv4 and IPv6 - quite complicated for both - and not suitable for a home-type environment.
    The localization of prefixes is total, and utter ???. That is not how the space is allocated at all. I cant even. However: there will still be geoip databases - like with IPv4 - and chunks of addresses tends to be used in one area - like with IPv4.
    fe80:: addresses are local to your LAN (a single network segment - it's in the name - link-local), not internal to ISP. Although they do often control your router and could theoretically reach them - just like your internal addresses with IPv4.
    I probably forgot several things, but I'm not watching this one more time.
    One actual IPv6 privacy issue is: when a VPN provider does not support IPv6 properly, or at least account for it, it will leak left and right if IPv6 is available on the network. VPN providers needs to to better.

    • @WyzerDev
      @WyzerDev 4 года назад +3

      NAT require RAM and CPU on Modem/Router, IPv6 is more efficient, may by 40% less lantency, don't recalculate CRC on each jump/router as IPv4.
      IPv6 Allow direct comunication for IoT ... or VoIP calls, without a server recording our call ;-).
      Many ISP today need use CGNAT (Carrier Grade NAT) for IPv4, it's NAT over NAT, then one public IP is Shared by 8, 16, or to many client, and all devices on his homes, this not allow open ports or a VPN Server.
      IPv6 have too many address ... a hacker need to many years to found your IPv6 address ... avoid use "::1", "::2" ... on static address for that.
      EUI-64 may be obsolete on near future, and replaced by a new formula to use the same address for a prefix. For a different prefix will assign another persistent address.

    • @robbraxmantech
      @robbraxmantech  4 года назад +27

      The other problem is that the IPV6 Prefix is even more specific with location identification in a more precise way than IPV4. Maybe great for networking infrastructure but very bad for privacy

    • @Ultrajamz
      @Ultrajamz 4 года назад +2

      Luis de la Barra my ping testing to local sites showed ipv6 had MORE latency also... I’m sure it depends on the site and my isp

    • @m0wao690
      @m0wao690 4 года назад +6

      I'm using IPv6 since 2003 and can't really agree with this video in many ways. Sure you have to have the right equipment and settings to be secure but that's for everything connected to the Internet. And since when is NAT secure? Probably never heard of SlipStream NAT... Anyway everyone it's pleasure

    • @tmoney3996
      @tmoney3996 3 года назад

      Check out proton vpn. They have features to stop ipv6 leaking on its vpn service

  • @revravenli
    @revravenli 3 года назад +26

    There are so many misconceptions about IPv6 (and networking in general) in this video for someone who supposedly builds router software.
    Even the cheapest consumer grade routers (regardless of whether they have IPv6 enabled) have a built in firewall to block incoming connections. NAT is not responsible for this functionality in a home router. NAT is NOT firewalling!
    NAT64 is a transition technology meant for ISPs and enterprises (those with publicly accessibly resources) to migrate to IPv6 while continuing to support IPv4. In essence NAT64 translates a publicly routable IPv6 address to a public IPv4 and vice-versa. It is not meant to translate Private IPs to a Public IP as you are implying. There is no reasonable use case to implement it on a consumer router.
    Man-in-the-middle attacks are possible are just as possible on IPv4 as on IPv6. One of the many solutions is encryption. IPv6 unlike IPv4 natively supports IPSec to mitigate this risk.
    There are several issues with IPv6 as it is today and I really enjoy your videos but I think you missed the ball on this one.

    • @tamask
      @tamask 2 года назад +1

      "Even the cheapest consumer grade routers (...) have a built-in firewall to block incoming connections" This is simply not true. I'm not sure the router my ISP gave me has one. I have not seen it, there are no settings for it, and it's not in the documentation. With IPv6, all your devices just get a direct, public IP address, and you are out there in plain sight, exposed to any potential threats. There is no router, no firewall, nothing. (Apart from the software firewalls which may or may not have security vulnerabilities.) If someone did this just 5-10 years ago with IPv4, it was very bad practice, and potentially dangerous. And now, all of a sudden, this is the norm with IPv6.
      IPv4 NAT is not a firewall, but it surely acts like one! It won't let anything in, unless you specifically set up a port-forward rule for it. Yes, the same thing can be done with IPv6, without NAT, but the crappy router your ISP gives you won't do it. They'll rather save costs.

    • @revravenli
      @revravenli 2 года назад

      @@tamask What is the make of the router your ISP gave you?

    • @tamask
      @tamask 2 года назад

      @@revravenli Kaon CG3000

  • @paulshankster
    @paulshankster 3 года назад +10

    OK, let's talk about device fingerprinting: The auto assigned IPv6 address that uses the MAC address (7th bit flipped) begins with FE80 and is NOT routable - much like the 192 / 172 / 10 prefixes on IPv4. It is only used on the local network. On the other hand, smart phones on cellular data connections almost always use public IPv6 addresses (like 2001) yet are still secure. The problems you mention are problems of implementation not protocol. Any potential problem with IPv6 is also a potential problem with IPv4. However, IPv6 actually solves several problems which required work arounds on IPv4.

    • @nd-costa
      @nd-costa 3 месяца назад

      Wrong! Routers assign at least 3 IPs, one of which is for the internal network, link-local type, and is not routable as you said, but the other two are always global and dynamic. Worse still, these IPs are not behind a NAT, meaning that your device is on the street, is open, and any port will be accessible from OUTSIDE the internet. One of these two global IPs will be marked as non-expirable (forever), it is like a fixed IP; the other global IP will be expiring for a period of time, usually 24 hours or a little more. The problem is that those damn cell phones never allow you to disable IPv6, which would be ideal for these type of devices. A real disaster waiting to happen.

  • @James_Knott
    @James_Knott 3 года назад +9

    It sounds like someone isn't competent or is trying to push a product that doesn't support IPv6. Devices that are IPv4 only are not affected by having IPv6 available. IPv4 hasn't been adequate for many years, due to the address shortage. As a result, many people are stuck behind carrier grade NAT, which means they cannot access their own network from elsewhere. Also, NAT breaks some protocols. This is why it's necessary to use STUN for VoIP and some games. It also breaks IPSec Authentication Headers, which reduces security. As for the "automatic firewall", firewalls by default block everything and you have to open what you need. As for each device having a routeable address, yes that is true. However, with SLAAC, you get one consistent address, which you'd use for incoming connections and random number based "privacy" addresses, which change every day, for outgoing. Further, you have at least a /64 prefix, which contains 2^64 addresses, which means that port scanning, a common attack with IPv4, is simply not feasible with IPv6. As for an ISP knowing who's doing something they shouldn't, while they may not be able to tie an address to a specific device, they can tie a prefix to a customer, just as they would with the single IPv4 address. Also, the MAC address is only used if enabled in the consistent address. Very often a random number is used, even for the consistent address. The MAC is never used in the privacy addresses. Further, even with IPv4, your general location is still more or less available. Certainly your ISP is identified.
    In short, this video is based largely on ignorance.

    • @robbraxmantech
      @robbraxmantech  3 года назад

      You understand only what you understand.

    • @James_Knott
      @James_Knott 3 года назад +10

      @@robbraxmantech Given I have been working with IPv6 for 11 years and am also a CCNA, I know quite a lot, enough to know there were significant errors in your presentation. For example, you said your MAC address would be revealed. Well, that's only true if you configure your system so that the address is based on the MAC and you do not use privacy addresses. Privacy addresses, used for outgoing connections, are based on random numbers that change every day. No trace of the MAC there. Even the consistent address, which you'd use for servers etc, so you can use DNS with them, can be either MAC based or random number, your choice. That is just one serious error of many. If you don't understand this, then you don't understand the security risks. I suggest you read up on SLAAC and privacy addresses to understand this point.

    • @yegfreethinker
      @yegfreethinker 19 дней назад

      My God how dumb are you dude how many bits are guids/uuids by the way and how many bits is an IPv6 address? do the math

  • @briangreen7797
    @briangreen7797 4 года назад +9

    Thank you Rob, I find your talks very informative.
    My ISP provider told me I had to change my IPv4 router for an IPv6 router or loose my cable Internet service. They said that they would give me a replacement router, but when it arrived I found that it was not a router but a hub! So I searched on the Internet and found that there was an Mobile Use Only option. I made connection via fast ethernet cable to a Draytek Vigor 2860ac router that allow me to use IPv4 and IPv6 as well as specifying 2.4G or 5G and Dos protection, and power levels ...
    I also found on my android phone that there were other frequencies other than my selected ones which were also transmitting. I had to go back into the set up system and turn them off. Which reminds me, I had better go and check that my settings haven't been changed.
    For window, I find Sphinx is excellent.
    I am looking for a secure Linux OS. Would you use Alpine Linux?

    • @robbraxmantech
      @robbraxmantech  4 года назад +10

      If my ISP gave me that ultimatum I'd say zuck you to them. Or have them pay for a security appliance in between

    • @briangreen7797
      @briangreen7797 4 года назад +2

      @@robbraxmantech
      It was Virginmedia operated by Google.

    • @briangreen7797
      @briangreen7797 4 года назад

      @Max Raider
      I thought that too, but after watching many programmes of 'Eli the Computer Guy' on Utube, I realised what I had received was a Hub or that it didn't have the functionality of my previous router or the Draytek router I subsequently purchased.

  • @nuncaleite
    @nuncaleite 4 года назад +7

    No joke: I changed providers recently and got a dual IP (v4 and v6) configuration. When I checked the DNS for the ipv6 I couldn't believe my eyes: they were using a HUAWEI dns server! And there was no option to turn it off or change the dns (there were options for the ipv4 though). Fortunately I managed to access it another way and turn it off, but my jaw is still dropped. I am nowhere near China for it to use a chinese DNS, and they're installing it as standard config for all users.

    • @robbraxmantech
      @robbraxmantech  4 года назад +7

      Get my BraxRouter and it will route the DNS away

  • @whothefoxcares
    @whothefoxcares 4 года назад +25

    didn't Obama say *"If you like your IPv4, you can keep it?"*

    • @lb4660
      @lb4660 2 года назад

      😂 no that was health insurance

  • @TheJackiMonster
    @TheJackiMonster 4 года назад +22

    There are actually things you gain from IPv6. First of all you can remove the whole NAT garbage from many routers and use proper firewalls instead. IPv4 introduced for many applications this whole crap of NAT traversal, hole-punching and pricing IPv4 addresses and sub-nets completely unnecessary. The only reason IPv4 stayed so long was compatibility to old systems and devices. Disabling IPv6 now is only a temporary solution... all related problems have to be solved differently in long term.
    What me bugs the most is that the IPv4 actually had very neat features like multicast groups you could have used for decentralized streaming, podcasting or messaging. This would have reduced traffic, latency and server cost. But they turned this service down in favor of more addresses because of the lack of address space. So IPv6 brings this feature back hopefully for everyone.

    • @robbraxmantech
      @robbraxmantech  4 года назад +14

      btw don't be so certain that enterprise firewalls are good to go with IPV6. Checkpoint firewalls just block all IPV6 extension headers since it doesn't know how to handle them. A lot is unknown. And will you install a NAT64 firewall in your house then? If the average person knew how to do that then there is no issue

    • @TheJackiMonster
      @TheJackiMonster 4 года назад +3

      @@robbraxmantech I don't want to use enterprise wirewalls. There are open source firewalls, I would use. It shouldn't be difficult to close all incoming connections by default. I also think it is in any case important to make sure your devices don't have any open ports for incoming connections. So a firewall should be installed or all services closed anyway. Otherwise you are still vulnerable in other peoples networks or open ones. The most privacy concerns of IPv6 could actually be work-arounded by generating a static address with urandom. The range of IPv6 would allow something like that.

    • @magneticshrimp7429
      @magneticshrimp7429 4 года назад +6

      @@robbraxmantech NAT64 is not a firewall thing. All it does is translating between IPv6-only devices to IPv4 services. IPv6 firewall is simply firewalling.

    • @m0wao690
      @m0wao690 4 года назад +1

      @@TheJackiMonster Indeed you can build your own like OPNsense for example

    • @petevenuti7355
      @petevenuti7355 2 года назад +1

      come on, really?!?, that makes you sound like someone who's mom still balances their checkbook and does their laundry cuz they just don't want to learn how themselves.. (I really hope that's not true).
      Seriously though, I know setting up nat traversal can be a pain, but at least it forces one to learn something so you can make it work. Learning how helps put you in some control and gives understanding of what's going on. Would you really want all your devices publicly addressable like putting everything in the DMZ of your old ipv4 router?
      I can't imagine anyone would want to be committed to an institution just because they don't feel like taking care of themselves any more then I could conceive of giving a stranger maid power of attorney to clean up my life.
      In the same vein, why would anyone want their ISP automatically configurating all their personal devices inside their own network for them?
      and if you are curious, I was that geek that was totally against plug and Play devices when they came out and I miss setting jumpers. at least back then windows didn't have to report back to Microsoft to tell me how I want to set up my own computer.

  • @MadCowMusic
    @MadCowMusic 4 года назад +5

    I've been pretty sketched out ever since I read the wiki description of ipv6; says it's used to 'identify and locate computers'....

    • @robbraxmantech
      @robbraxmantech  4 года назад +5

      The way IPV6 is assigned will point the address to specific neighborhoods. Instantly. IPv4 is more vague and requires a database of locations through wifi-triangulation to pinpoint.

    • @mjducharme
      @mjducharme 2 года назад

      @@robbraxmantech Not true. Both require the database. The way IPv6 is assigned will NOT point to specific neighborhoods. It is assigned the same way as IPv4.

  • @Alex74ch
    @Alex74ch 3 года назад +8

    Rob brings complex tech to normies who have no idea how zucked they are. In other words, he is a saint like citizen who we need 👏🏻

    • @James_Knott
      @James_Knott 3 года назад +3

      He brought a load of nonsense and he clearly does not understand how IPv6 is used.
      I don't know what his qualifications are, but I'm a CCNA and have been working with IPv6 for about 11 years.

    • @robinhammond4446
      @robinhammond4446 3 года назад

      @@James_Knott Agreed. Also earned a CCNA and worked with v6 for more years than I care. As a Bayesian if this person claimed the sky were blue, I'd decrease my believe that it were.

  • @Hecurles-sz1jz
    @Hecurles-sz1jz 2 года назад

    So I have a question?
    My ipv6 and ipv4 change randomly and sometimes they go out out randomly as well. This happens when I'm on a VPN on my cell phone and when I'm off a VPN. The vpn takes the ipv6 away but the ipv4 still changes randomly. Sometimes 3hrs sometimes 1hr, 4 min. I'm curious to why it does this?
    Then my ipv6 changes and sometimes my ipv4 will remain the same. And sometimes they change at the same time.

  • @RobertBelcher
    @RobertBelcher 4 года назад +9

    This was one of the most important videos I've watched all year about security. Fantastic job.

  • @darrenlomax1283
    @darrenlomax1283 3 года назад +2

    Rob, if all routers are set to use dhcp, and a typical IP address is 192.168.1.1/2/3/4/5 etc couldn't someone fire a packet through a nat firewall by guessing a PC is using Skype for example and get a malicious packet into a network? Or is the nat firewall more sophisticated than that?

    • @Andrew-jh2bn
      @Andrew-jh2bn 3 года назад +1

      Yes, you are right. The way this is actually done is a little more technical: samy.pl/slipstream/
      This video is full of misinformation. Just because your network is behind nat doesn't mean it is somehow more secure. Rob seems to think that ipv6 just leaves your network completely open to the internet, but this isn't true. Firewalls are still used and extremely important, no matter which ip version you are using. Nat simply allows you to use more devices on the same address, it's not some magic security tool.

    • @darrenlomax1283
      @darrenlomax1283 3 года назад

      Steve Gibson of GRC.com said a similar thing to rob a few years ago regarding nat and ipv6 so I don't consider this video to be full of misinfo. The industry has moved on a bit.

    • @Andrew-jh2bn
      @Andrew-jh2bn 3 года назад +2

      @@darrenlomax1283 there definitely are are security and privacy concerns associated with ipv6, but what Rob brings up in this video really misses the mark. This video does a much better job of going over the pros and cons: ruclips.net/video/SbgbExbu1kk/видео.html
      Funnily enough it was actually Rob that posted a link to this video, so I don't know how he got it so wrong.

  • @johndrexmond8138
    @johndrexmond8138 4 года назад +3

    Please make a quick video on how to set up a basic router for defense! Can't wait to hear about other hidden threats you're discovering

  • @chazfaz3595
    @chazfaz3595 4 года назад +4

    Thanks Rob! Where do we go if we need answers to questions we have about your products, that arn't provided in the description?

    • @robbraxmantech
      @robbraxmantech  4 года назад +3

      Talk on Brax.me and ask

    • @chazfaz3595
      @chazfaz3595 4 года назад +1

      @@robbraxmantech Thanks.
      At the end of the video you mentioned that you do live stream Q&A at 8 pm pacific time. Where is that hosted?

    • @MadCowMusic
      @MadCowMusic 4 года назад +2

      @@chazfaz3595 Fridays, right here on RUclips.

    • @chazfaz3595
      @chazfaz3595 4 года назад +1

      @@MadCowMusic Sweet

    • @christopherhoy592
      @christopherhoy592 4 года назад +2

      @@MadCowMusic sometimes simulcasted on Periscope and posted to Ibry.com

  • @davesmith1929
    @davesmith1929 4 года назад +23

    Great videos, but I think you are overstating the privacy risks of IPv6, and falling for a few misconceptions here:
    1. FE80 "link local" addresses are equivalent to non-routeable IPv4 addresses (like 192.168.0.1). They're local only and NOT routed to your ISP's network*.
    2. EUI-64 (where IPv6 addresses are based on a device's MAC address) is NOT used in the example you give (around 16m20s+). Any EUI-64 address can be identified as it has __FF:FE__ in the middle:
    networklessons.com/ipv6/ipv6-eui-64-explained
    The RFC4941 from 2007, "Privacy Extensions for SLAAC in IPv6", means that the MAC address is no longer used to generate devices' IPv6 addresses. Even my cheapo, years-old ISP router doesn't use EUI-64.
    Wikipedia: en.wikipedia.org/wiki/IPv6#Stateless_address_autoconfiguration_(SLAAC)
    RFC4941: tools.ietf.org/html/rfc4941
    3. The location identifiers of IPv6 are pretty much the same as in IPv4. A public IPv4 address will reveal which ISP you use, and which subnet of that ISP you are connected to (which can narrow-down a more accurate location). How is IPv6 any different?
    ---
    * - One "feature" that exposes your local network to the ISP is TR-069. ISPs use this on their routers to remotely update the firmware, but can also see all the devices and IP addresses (IPv4 and IPv6) on your local network.
    en.wikipedia.org/wiki/TR-069

  • @buddyadams4781
    @buddyadams4781 4 года назад +1

    Partial solution? For ISP modem/router combo: turn off wifi, connect to Nighthawk router by cat5, use that wifi?

  • @efrongoedel9042
    @efrongoedel9042 3 года назад

    Is ipv6 good on a apn for phone im having trouble with my data when I go to my house it completely turns off I lose data and sometimes when I go out side I have to either put it in airplane mode and then put it back to normal to get data again can u please help me with my apn for metro pcs

  • @personanongratis
    @personanongratis 4 года назад +18

    I give up,every step we take is being "recorded", I'm going to become a lonely monk!

    • @Techie-ks9nh
      @Techie-ks9nh 4 года назад +4

      Every day that goes by we find out that we're screwed over 20 different ways than the day before I know we still have ways to mitigated but it gets damn depressing I just don't brother watching each video immediately until I get money to by the needed hardware to do half of these things

    • @locutusofborg7122
      @locutusofborg7122 4 года назад +8

      @Timi - Timi, I was feeling the same way earlier today too. I think we all are going to feel thay way from time to time, but we must not give up the fight! I say this to encourage you, myself, and everyone else. Listen, we all are not a Rob Braxman, so we just have to take baby steps, educating ourselves a little at a time by good, knowledgeable people like Rob --- and knowing we all will be discouraged at times.
      Eventually, as we learn, we'll become more and more savvy until we reach a point where we finally can feel competent --- and have a confidence --- at what we've accomplished; knowing, feeling, and realizing just how far we have come --- which will catapult us onward in the fight!

    • @cloudsinthesky67
      @cloudsinthesky67 4 года назад +2

      @@locutusofborg7122 Like George Floyd, they have a foothold on your necks especially if you're an active targeted individual. Only way to change this is to make it a 'political issue' but espionage benefits them, they want all the power kept on your necks to make you feel powerless, so how to make change: ruclips.net/video/Z6lFonmQTEU/видео.html

    • @robbraxmantech
      @robbraxmantech  4 года назад +8

      They exist but don't get used much (I2P). Maybe awareness will spark a change

  • @paaao
    @paaao 4 года назад +7

    So much wrong with this video, I'm not sure where to begin.

  • @Tru-dp9yt
    @Tru-dp9yt 4 года назад

    Thanks for your very expert and incisive analysis which has become so indespensible!

  • @danilamiroshnichenko2035
    @danilamiroshnichenko2035 3 года назад +3

    NAT is not a Firewall. What’s a shame

  • @James_Knott
    @James_Knott 3 года назад +4

    BTW, you forgot to mention Unique Local Addresses, which are the IPv6 equivalent of IPv4 RFC1918 addresses and can be used for local networks.

  • @muskrat7312
    @muskrat7312 4 года назад +5

    Ipv6 is not as horrible as some think. You dont need stateless autoconfig if you dont want although most will use it by default. True, v6 is not the greatest design but it is just another addressing scheme. NAT is security through obscurity and is not a real security control. The biggest privacy issue is the mac address can be known through stateless autoconfig but there are solutions to prevent that through ipv6 extensions.

    • @robbraxmantech
      @robbraxmantech  4 года назад +4

      The issue is that it is premature for ISP's to be defaulting to IPV6 when the average household has no NAT64 appliance to protect the network. Suddenly separate firewalls are needed (but not before with IPV4).

    • @muskrat7312
      @muskrat7312 4 года назад

      @@robbraxmantech I worked at an ISP and the deployments have been delayed for years. NAT is not a security boundary. It is true that it would be nice for customers to have more knowledge and ensure their firewalls/routers have full dual-stack capabilities and ensure they can hide their private MAC IDs but since most people are not technical this is the consequence.

    • @magneticshrimp7429
      @magneticshrimp7429 4 года назад

      @@robbraxmantech The average consumer router and even ISP provided ones filters incoming IPv6. Are you confusing NAT64 with NAT66 to hide addressing details?

    • @WyzerDev
      @WyzerDev 4 года назад +2

      @@robbraxmantech NAT64 is a protocol for IPv6 only host to reach IPv4 only hosts. It's not needed on Dual-Stack and don't protect your network

    • @WyzerDev
      @WyzerDev 4 года назад

      @@magneticshrimp7429 NAT66 don't have RFC up to now. A "Prefix Translation" (NPTv6) option is under discussion, maybe it will not be approved, although it will be very useful

  • @vatevor
    @vatevor 3 года назад +1

    I'm honestly quite clueless but I only configured IPv6 because my ISP modem router combo and personal router are causing double NAT. Somehow, enabling IPv6 solved double NAT issues for me.

  • @josephinebell4682
    @josephinebell4682 3 года назад

    Thanks for looking out for us!

  • @nd-costa
    @nd-costa 3 месяца назад

    The problem with disabling IPv6 is that websites are switching to IPv6 and disabling IPv4. Eventually, it will no longer be possible to access any website via IPv4. There is no turning back from this trend and it is necessary to create a way to protect ourselves with IPv6.

  • @audrunasgruslys9243
    @audrunasgruslys9243 4 месяца назад

    I said a lot of truths, especially about fingerprinting, but getting rid of NAT does not immediately imply getting rid of a firewall.

  • @kali_yuga4140
    @kali_yuga4140 4 года назад +1

    I found an option in the KDE wifi settings under the tab "IPv6" then Privacy, where you can set it to generate a "public" or "temporary" address.
    Not exactly sure what that does, but it probably does something so I guess I'll turn that on.

    • @frederikholfeld868
      @frederikholfeld868 4 года назад +3

      as i understand it, the part that would normally be filled with your hardware address / mac address is then substituted by a randomly generated one. that random address is apparently also discarded and regenerated every day or so, in order that you're less traceable over time, hence temporary address.

    • @kali_yuga4140
      @kali_yuga4140 4 года назад

      @@frederikholfeld868 so it's a good thing then..

  • @romana2816
    @romana2816 4 года назад

    I'm learning so much from you. Really appreciate your time and effort. When I build my house, I will take all the necessary steps to protect my privacy.

  • @robinhammond4446
    @robinhammond4446 3 года назад +2

    NAT 64 IS NOT A FIREWALL.

  • @frederikholfeld868
    @frederikholfeld868 4 года назад +2

    as far as i'm aware the mac address part of the address is using a randomly generated address by default, at least on linux and windows, instead of the mac. does anybody know if rob is right on it not being this way?

    • @robbraxmantech
      @robbraxmantech  4 года назад +3

      By default, machines use SLAAC which is based on MacAddress. It can be reconfigured though specifically how by device is not clear. However, this is the least part of your problems. The IPV6 PREFIX alone is enough to spot your location pretty closely since it is a more accurate location assignment than IPV4

    • @frederikholfeld868
      @frederikholfeld868 4 года назад +3

      @@robbraxmantech it seems to me that my pc running manjaro linux uses some random address generation. /etc/dhcpcd.conf at least has the "slaac private" option enabled:
      # Generate SLAAC address using the Hardware Address of the interface
      #slaac hwaddr
      # OR generate Stable Private IPv6 Addresses based from the DUID
      slaac private
      this leads me to believe that it wouldn't use my mac-address for ipv6 addresses.
      however, our old router doesn't seem to support ipv6, so it doesn't matter in my case either way. but the fact that the vendor specific part of your address exposes so much information about you already is certainly cause for concern. some orwellian shit we got us in :O

  • @benpracht2655
    @benpracht2655 4 года назад +2

    I have ATT Fios, and was told I.absolutely have to use their modem and router. The only thing I was able to do was put my router between theirs and my devices and configure it as bridge mode. Please help me keep Fios, but ditch their equipment. Also, is my setup insecure? Thx

    • @robbraxmantech
      @robbraxmantech  4 года назад +2

      Sometimes that's the only way. Put a router it between with NAT. But maybe a wired module would work better. BraxRouter does that and also VPN's the trunk

  • @meslevres
    @meslevres 4 года назад +7

    This video feeds wrong information. NAT is neither a security feature nor a prerequisite for firewall. So stop feeding misinformation. IPv6 is the future.

  • @Lesterandsons
    @Lesterandsons 4 года назад +1

    Will I have to put my edge router behind my isp modem/router ?

    • @robbraxmantech
      @robbraxmantech  4 года назад +1

      Or just dump the ISP router. Keep it simple. Saves you money too

  • @NightHawk1870
    @NightHawk1870 2 года назад

    What about turning on IVP6 an android TV?

  • @gordonfreeman8796
    @gordonfreeman8796 2 года назад +1

    I don't know much about ipv6 but these are the things immediately concerned me. Thanks for this video. Literally nobody talks about it.

  • @michaelm1
    @michaelm1 2 года назад

    Tell me how an attacker can pinpoint a particular IPv6 of your home computer. There are hackers continuously scanning IPv4 addresses for vulnerabilities, because going through 4 billion possibilities is easy. With IPv6, a hacker randomly stumbling upon your IPv6 address is an effective impossibility. The odds are truly astronomical. Actually, IPv6 is much better this way. And privacy extensions make things even better.

  • @chakrameditation6677
    @chakrameditation6677 3 года назад

    I need this answered, please.
    Can't you change your public IPV6 address anytime you wish?

    • @robbraxmantech
      @robbraxmantech  3 года назад +2

      absolutely not. An IPV6 is localized and many times will use the mac address of your device.

    • @chakrameditation6677
      @chakrameditation6677 3 года назад

      @@robbraxmantech Thank you for replying Rob, but I'm shocked out of 340 undecillion, You cannot change your address?
      So if you're playing online gaming and someone DDOS's your connection, There's not a way to get back online with IPV6?

    • @revravenli
      @revravenli 3 года назад +4

      @@chakrameditation6677 You can CERTAINLY change your IPv6 address!!! In fact, your home router can do this for you depending on how SLACC is configured. The smallest subnet you can be assigned by your ISP in IPv6 is a /64. That is 18,446,744,073,709,551,616 possible IP addresses just for your home network. ALL PC operating systems beyond Windows XP no longer use the mac address of your device during IPv6 address auto-configuration. Instead the last 48-bits of your IPv6 address are randomized. I cannot understand why Rob chooses to ignore this fact yet it has been pointed out to him so many times in the comments.
      Regarding localization, even IPv4 addresses are localized. Everyone already knows which ISP you are connected to just by looking at your public IPv4 address.
      So in short, if you get DDOSed, you can manually change your devices IPv6 address if you want.

  • @Wayne-Jones
    @Wayne-Jones 3 года назад

    I’m glad I watched your video, I was thinking of setting up IPv6 tomorrow, I’ve always used my own router but using my isp’s modem.

  • @DanWahrenberger
    @DanWahrenberger 3 года назад +6

    Lots of well intentioned but misinformed information here based on out of date thought processes.
    The biggest one is is that NAT IS NOT A FIREWALL and shouldn't be used as such. NAT creates many issues with the advanced networking tasks many home users are trying to accomplish. For example NAT can interfere with the end to end communication needed for Video Conferencing or even just trying to run more than one gaming console simultaneously.
    Given that many ISP's are implementing CG-NAT (Carrier Grade NAT) and not giving a true routable IPv4 address NOW is the time to be embracing IPv6 in the home environment.

  • @tesses50
    @tesses50 3 года назад

    my problem is that I have a double nat my router and a LiteBeam 5AC Gen2
    so the LiteBeam 5AC Gen2 (its out at the end of the driveway) can't be replaced due to thats how I get my satelite internet
    I guess I could request my ISP to turn the litebeam into bridge mode or dmz my router

  • @johng.4959
    @johng.4959 4 года назад +2

    It's getting to the point where I'm ready to abandon the internet completely. What a dystopian future we all have waiting for us.

  • @cyberedu2996
    @cyberedu2996 4 года назад

    I'm in Canada ISP default routers are combo modem and router in my province. Since day 1, I had the ipv6 disabled, only ipv4 enabled at all time. Nonetheless, doesn't help against APTs. Difficult to find justa modem standalone that will work with the ISP with the appropriate matching mbps to set up the Brax router, I've looked at several sites. Therefore, haven't properly set up mine. Any suggestions?

    • @robbraxmantech
      @robbraxmantech  4 года назад +2

      For home use just a standard Wifi router will be fine. Just don't do port forwarding

    • @volodumurkalunyak4651
      @volodumurkalunyak4651 2 года назад

      @@robbraxmantech There is nouthingh wrong with port forwarding. Why should one avoid using that?

    • @technerd9655
      @technerd9655 Год назад

      Regardless of IPv4/IPv6 and any potential security and privacy issues, you should always use your own router and put your modem in Bridge mode (or use PPPoE passthrough if on DSL or Bell Fibre with PPpoE and no true bridge mode). The ISP provided gateway devices, although far better than the ones provided in the past) are not great devices, don't handle wifi congestion well, don't handle more than handful of devices well, create privacy concerns with the ISP being able to see and control every aspect of your home network. Your home network is not their responsibility, neither is wifi. They have no business seeing into and controlling your network and every device on it. Your home network, including the wifif, is completely independent of your internet service, but never it's on the same device remotely managed by the ISP, you are at their mercy, they control firmware updates, they control what configuration settings are exposed in the modem/router's webUI, they control what config settings are exposed in their app and cloud portal. They limit what you can do. Due to terrible marketing (from a technical perspective) most people conflate wifi and internet service as they same thing, it's not. Wifi is a value add. If budget allows, get a Ubiquiti UniFi system, otherwise I like the TP-Link hybrid powerline mesh wifi systems (current model in the US is Deco PX50, unfortunately not sold in Canada), these use wifi and powerline networking for backhaul allowing you to place these in more optimum locations for better coverage in your home.

  • @HelplessHawk
    @HelplessHawk 4 года назад +1

    Very interesting and enlightening article, thanks. I’ve read that a growing number of websites are blocking “non ipv6” address. Is this correct and if so is there anyway round this?

    • @robbraxmantech
      @robbraxmantech  4 года назад +2

      IPv6 is not generally used yet. It is mostly used inside the ISP's network.

  • @traderflorstock9497
    @traderflorstock9497 4 года назад

    Hi Rob. I use a modem/router combo. I can get into firewall settings and see ipv6 and firewall setting low- med - high. Should I implement those settings or turn them off completely since the modem router is it’s own firewall?

  • @mysnackr
    @mysnackr 4 года назад

    Regarding security from outside attacks: So you're saying if you're using one of these Spectrum modem/routers the ISP will give a public-facing IP address to each device in the home? How is that possible when the greater internet is running IPv4.. each device in your home would need its own internet IPv4 address to be reachable from the outside. there would be no other way the Spectrum router would know how to route incoming connections without using port forwarding, just like a standard router would do. Unless I"m missing something here?

    • @robbraxmantech
      @robbraxmantech  4 года назад +4

      Yes did you not watch the video????? We are talking about IPV6!

  • @dave24-73
    @dave24-73 Год назад

    From what I can gather IPV6 offers point to point so outside devices can access internal without NAT (could be wrong here), but this equally means you have made a Hackers job easier and you are broadcasting your devices. So it appears IPV6 has a lot of security issues. Many man in the middle attacks take advantage of an IPv6 exploit, so I’d say turn IPv6 off if you don’t need it.

  • @saho9447
    @saho9447 4 года назад +1

    Doesn't it not matter whether or not ipv6 is exposed or not, since it changes regularly?

  • @russellm7530
    @russellm7530 3 года назад

    I was checking out my Spectrum internet account and it showed each device that's been connected to my WiFi and supposedly I can block any of them from the website.
    But watching this video made me realize that Yes, not only do they have your router or home internet address but each device hooked to it.
    I also started checking out Google account settings too and see they have each device I've logged on with also.
    I think I'd seen somewhere on my Spectrum account that the router is ipv6.
    So if I had just an ipv4 modem/router then would all these devices not be known to Spectrum? How about Google?
    Thank you Rob and God bless you and your family.

    • @robbraxmantech
      @robbraxmantech  3 года назад +1

      Yes exactly that is my point. And you won't believe the negative comments like I don't know what I'm talking about

    • @saywhat9158
      @saywhat9158 2 года назад

      @@robbraxmantech So many people [even so called techy people] do not understand the difference between security and privacy especially as seen in so many comments here that “NAT’ing is not a firewall”. No shit but it was a privacy layer and served as a gatekeeper which should not have been necessarily excluded from use in IPv6.

    • @yuriireshetylo2454
      @yuriireshetylo2454 Год назад

      Google or any other website still can identify your devices just by reading the user agent even when IPv4 is in use. User agent can be spoofed as well as the IPv6 MAC portion of address. My android phone spoof the MAC "fingerprint" portion of the address by default. Non an issue at all

  • @jmonlive
    @jmonlive 22 дня назад

    11:20 Only a perk maybe, but not security filtering/inspecting.

  • @Protikugen
    @Protikugen 3 года назад

    THANKS ROB FOR ALL THIS INFORMATION, THIS HELPS A LOT SPECIALLY THOSE LIKE ME I AM NOT SO EXPECT SO ALL THIS INFORMATION HELPS ME OUT.

  • @michaelschult9435
    @michaelschult9435 4 года назад +2

    Incredible amount of Information you are sharing, Thank you for all these Efforts

  • @charliecharliecharliecharl8554
    @charliecharliecharliecharl8554 2 года назад +1

    Hackers using IPv6 to attack my devices

    • @Hecurles-sz1jz
      @Hecurles-sz1jz 2 года назад

      Explain

    • @charliecharliecharliecharl8554
      @charliecharliecharliecharl8554 Год назад

      Hackers gained access to my pc and used teredo tunneling using IPv6 protocol and lanman workstation on win 7 ,my pc was constantly sending multicast IP out over my network 224.0 using different services to send these packets used peerblock to see all IPS and TCP view for checking services and port numbers I deleted IPv6 protocols from my registry ,I don't have a network of pcs over a network just a router and pc and tablet

  • @finnk1289
    @finnk1289 3 года назад +1

    People think a higher number is better with anything.

  • @nancypagan4790
    @nancypagan4790 3 года назад

    Thank you Mr. Braxman.

  • @locutusofborg7122
    @locutusofborg7122 4 года назад +3

    @Rob Braxman Tech - Exceptional vid! When you're at the top of your game, it's hard to out-do yourself---but you did on this one!

    • @robbraxmantech
      @robbraxmantech  4 года назад +4

      Much appreciated!

    • @Ultrajamz
      @Ultrajamz 4 года назад

      Rob Braxman Tech one thing I think is a “solution” if the ISP mandates ipv6, you can still buy your own router and put all your devices behind that router, and disable ipv6 on that router.

  • @robinhammond4446
    @robinhammond4446 3 года назад

    Many avenues of attack can also be found focusing on IPv4. Or USB ports. Or Bluetooth. Or your web browser.

  • @Durkhead
    @Durkhead 4 года назад +1

    Doesn't ur isp have its own firewall software on the modem router they provide?

  • @BobJones-dq9mx
    @BobJones-dq9mx 4 года назад

    What an excellent tutorial! What are your thoughts about TAILS?

  • @locutusofborg7122
    @locutusofborg7122 4 года назад +3

    I was upgraded to a new ATT modem recently, for free, so the first thing I did was go into the router and untick the radio button for IPv6.
    Since ATT buys only barebones modems/routers for the consumer market, and has them flashed with their proprietary firmware, there is no extra per-month cost for renting or buying the device; at least that is my case where I live in the US.

    • @christopherhoy592
      @christopherhoy592 4 года назад

      Ask AT&T - you might find that if you have your own Wifi Routers, you'll be charged about $10. less each month.

  • @danielbuenrostro
    @danielbuenrostro 4 года назад +6

    Thanks for the info, Rob.

  • @MadCowMusic
    @MadCowMusic 4 года назад +1

    I really want to know who's walking around with 4 billion+ or even just 3.7 billion machines on their local network and worried about running out of ipv4 addresses...

    • @maynnemillares
      @maynnemillares 4 года назад +3

      Seems like you are not aware of private and public IP addressing.
      The part that already ran out was the routable public-IP. ISPs are cycling their limited public IPv4 supply by using carrier-grade NAT. Carrier-grade NAT is bad if you are hosting server services.

    • @robbraxmantech
      @robbraxmantech  4 года назад +2

      Max you are a breath of fresh air... thank you for lending your expertise. I wou;dn't have the reading time quote an RFC!

  • @definitely-not-daniel
    @definitely-not-daniel Год назад

    IPv6 is like trying to protect a house with 1 door vs with 7 doors. Now instead of worrying with one you need to awry with 7. And who wants that 😭😭

  • @omgMBP
    @omgMBP 2 года назад +1

    there's a lot of misinformation here...

  • @yegfreethinker
    @yegfreethinker 19 дней назад

    for computer illiterate an IPv6 address is a tattoo mustache elimination place in poland. You don't want that. Great thing about IP before is that it reuses name so many times around the world that it's almost impossible to identify an end user definitively. It's safeguards your anonymity. IPv6 is essentially a universally unique ID which is not good privacy wise

  • @autumnloving420
    @autumnloving420 4 года назад +1

    Thanks for the info. I had to go into the modem/router settings to turn off ip6 :)

  • @wildmanjeff42
    @wildmanjeff42 4 года назад +2

    Thanks for the video !

  • @junialter
    @junialter 4 года назад +10

    This is piled up with misinformation. Don't listen to this guy. Read a book or watch legitimate videos about IPv6.

    • @robbraxmantech
      @robbraxmantech  4 года назад +5

      Why don't you watch serious discussions on RUclips about the flaws of IPV6 instead of reading your zucking book?

    • @robbraxmantech
      @robbraxmantech  4 года назад +4

      Yes watch this. ruclips.net/video/SbgbExbu1kk/видео.html And go make your videos about IPV6. I make videos about privacy

  • @vivekjindal578
    @vivekjindal578 4 года назад +1

    in android you can go to APN settings and change setting to obtain ipv4 only.
    secondly, add iptables rules to drop all ipv6 traffic.

    • @vivekjindal578
      @vivekjindal578 4 года назад

      additionally, using sysfs you can disable ipv6 from network interfaces.

  • @presentcent1473
    @presentcent1473 2 года назад

    Someone hacked me and I'm sure they unencrypted my ipv6 to gain access to my electronics and I got NO help from anyone in government I reached out to other hackers at one point and got no help there either.... I'm still looking for help to this day.

    • @presentcent1473
      @presentcent1473 2 года назад

      I can see the word unencrypted on my network on my laptop and on my tower so they definitely took advantage of this info maybe even the same video to hack me who knows.

  • @SomeDumbRandomUser
    @SomeDumbRandomUser 4 года назад

    Yes, NAT isnt important anymore ...
    But in Germany we will definetely still have Firewall-Routers using NAT.
    Isn't the IANA-Location based IP Adresses already in use with IPv4? My IP pinpoints me to my region and isp in germany already.

    • @robbraxmantech
      @robbraxmantech  4 года назад +1

      IPV6 points very precisely, not like a general IPV4 location of the ISP. Combined with 5G Beamforming we are truly zucked.

  • @efrongoedel9042
    @efrongoedel9042 3 года назад

    And I also have wifi and I use spectrum I really don't like it cause of hackers trying to get my identity or information so I would like more information on my phone service apn setting to get the most out of my phone thank u n great video

  • @user-r1g5i
    @user-r1g5i 3 года назад

    We are running out of 4B IPv4 addresses because Java always has been running on 3B devices 🙃

    • @bparisi
      @bparisi 3 года назад +1

      @Cody Weber Somebody doesn't understand sarcasm. Sigh

  • @robinhammond4446
    @robinhammond4446 3 года назад

    Today I learnt the fact that things are made up of two parts if you split them in half. That is all.

    • @robinhammond4446
      @robinhammond4446 3 года назад

      LINK-LOCAL addresses, which start fe80: do not traverse routers. I have no idea what the "LOCAL LINK" your shouting about is.

  • @BobJones-dq9mx
    @BobJones-dq9mx 4 года назад

    How do I access your EU market?

  • @humbertoabrego6775
    @humbertoabrego6775 4 года назад +4

    We created nat to extend the life of ipv4

    • @robbraxmantech
      @robbraxmantech  4 года назад +1

      Max I did not know about that semantic distinction. Thank you.

  • @plenus7392
    @plenus7392 4 месяца назад

    I have my router as a VPN gateway and tunnel for my LAN just because having a big fat target pointing directly at my phone that is routeable over the web? No thank you

  • @whothefoxcares
    @whothefoxcares 4 года назад

    Why not limit corporations to 254 public IP addresses?

  • @nd-costa
    @nd-costa 3 месяца назад

    Even though it is a serious privacy issue, there is nothing you can do about it. I don't think it is a good idea to disable it because IPv4 will be killed, and there is no going back. If you can't implement a way to make IPv6 secure, this workaround won't do much good.

  • @doublej4077
    @doublej4077 4 года назад +1

    Yes I wish you would give steps on setting a router up , or some links to some good vids on it ! I am no guru in this stuff and appreciate your information . I am glad you are discussing not only phones but computer security. Big brother & criminals are always ahead of the power curve on us it seems like all the time .

  • @fyodorx5428
    @fyodorx5428 3 года назад

    I recently tried to configure port forwarding on a router to one of my devices, and was surprised that the router only had an IPv6 address.
    I can confirm that MAC addresses were used to generate the IPv6 addresses of local devices.
    However, I actually couldn't make the device/port available from the outside Internet (v6). The firewall blocks all traffic by default, and it probably was buggy, I couldn't enable it at all -- I created an ALLOW ALL rule and it didn't even work. The most I could achieve was that traceroute6 could reach the device, but even ping6 didn't work, not even talking of TCP (I actually needed the port available over IPv4, so I just played with it, but didn't bring this up with ISP support)

    • @robbraxmantech
      @robbraxmantech  3 года назад

      IPV6 doesn't need port forwarding. IPV6 is direct device access

    • @fyodorx5428
      @fyodorx5428 3 года назад

      @@robbraxmantech Right, but I need to support IPv4 clients.

  • @ikomwrestling3088
    @ikomwrestling3088 4 года назад +6

    NAT is not a firewall. Please don't confusing people with this misleading information.

    • @maynnemillares
      @maynnemillares 4 года назад

      Yes, the video uploader is embarassing.
      Any practicing system administrator knows that NAT =/= to firewall.
      NAT is only a life-support system to extend the life of IPV4.

    • @robbraxmantech
      @robbraxmantech  4 года назад +2

      If you're some system admin, why don't you believe what you want to believe and I'll hack your network. Then let's see who believes what

    • @robbraxmantech
      @robbraxmantech  4 года назад +2

      Why don't you watch videos like these and listen well
      ruclips.net/video/SbgbExbu1kk/видео.html

    • @robbraxmantech
      @robbraxmantech  4 года назад +2

      This is so basic it's not even worth responding. NAT makes non-routable IP addresses. So in essence it acts as a firewall! Now obviously it is not a commercial firewall with other features like Checkpoint but in a home Network it is the first line of defense firewall! Then in theory every device has it's own firewall. Don't spread disinformation!

    • @maynnemillares
      @maynnemillares 4 года назад

      @@robbraxmantech Go ahead, feel free to hack me right now. I do not run Windows btw, so goodluck with that.

  • @MrRefael33
    @MrRefael33 4 года назад +3

    Thanks, great video 👍
    I didn't have a clue about it.

  • @anielrivera7977
    @anielrivera7977 4 года назад

    yes i notied that too ,i have a hidden router .com router which is also a vpn router and google was still monitoring me on ivpn6 so i had ipvanish to couter that ,so i have both vpns on software and hardware

  • @lorenzo42p
    @lorenzo42p 3 года назад

    just because you can doesn't mean you should

  • @a.d.r.m.7730
    @a.d.r.m.7730 4 года назад

    This would be beneficial if we ever create a proper and legal way to use IPv6 imbedded trackable chips to replace the American predator registry. Which is actually very much needed.

  • @dubstepper4647
    @dubstepper4647 3 года назад

    excuse me sir, did you say "zucked" ?

  • @MattInIllinois
    @MattInIllinois 3 года назад

    Always good info thanks! I was about to switch to IPV6 to be like one of the cool kids but thankfully I saw this first.

  • @lorenzo42p
    @lorenzo42p 3 года назад

    wow, I didn't know ipv6 could expose your mac address. who is deciding how these things should work? this is wrong.

    • @vista9434
      @vista9434 3 года назад +1

      It doesn't... If you're running mainstream OSes that were released since 2007. RFC4941 solves the MAC address exposing problem as it means that the "MAC Address" part of your IPv6 is randomly generated.

    • @revravenli
      @revravenli 3 года назад +2

      I echo Vista's sentiments. To be honest, this video should be taken down because of how misleading it is. The uploader is obviously not an expert but presents himself as one. The worst part is that he refuses to accept that he is WRONG. @Pete, do yourself a favour and don't listen to him. Do your own research. You can start here: www.internetsociety.org/resources/deploy360/2014/privacy-extensions-for-ipv6-slaac/

  • @patrickdee7365
    @patrickdee7365 4 года назад +1

    Fantastic video very well explained

  • @willsmith6639
    @willsmith6639 3 года назад

    Hi Rob, thanks for educating and informing us!

  • @ebreckpo6563
    @ebreckpo6563 4 года назад +2

    Thank you Rob, for clarifying this bag of worms called IPv6! I still have a modem from my ISP as I refused to have one of those crappy all in one devices they rolled out to other customers with are configured as dual stack. My modem was recently "upgraded" to dual stack without any comment. As my basic router had performance problems I finally updated my router with a Pfsense box where I disabled the IPv6 stack.
    Not only is this "under the hood" implementation a serious thread regarding privacy (that unfortunately we do not have anymore) but even more concerning it is a major security threat. Perhaps not the data that is available from a simple citizens computer but your computer can be used without your knowledge for infiltrating other computers. The current implementation of IPv6 will just facilitate these threats. With IOT getting more popularized this is calling for a major disaster.
    In the last 1 1/2 year I never heard so much companies in my country affected by hacking, data breaches, etc. These are the ones hitting the news, not speaking of the others hiding...
    I thought we learned about what happened 10+ years ago in one of the Baltic states . That state had to literally unplug their routers going to international sites because they were bombarded from all over the world. All banking, government,... facilities were down for several weeks. They even tried to kill the power plants but fortunately these were older platforms adapted to digital and they still had "manual controls" .
    I am getting more and more concerned about the computer infrastructures from my country as most people have a blind faith into the security implementations of these platforms.
    I still remember the quote from one of our teachers " security is a matter of time" . Most systems have no manual override because to expensive....
    When I look through the log files of my Pfsense router I am surprised regarding all the port scans that happens on my router external IP address, some are targeted to the common ports, others are random ports. These addresses originate from countries like Iran, Russia, China, Bulgaria,... to mention the top 4.

  • @DamjanDimitrioski
    @DamjanDimitrioski 4 года назад +2

    I am excited when I click IpV6 disable on each wifi connection :).

  • @GaryCameron780
    @GaryCameron780 4 года назад

    It's newer so it must be better!

  • @S13Pauly
    @S13Pauly 3 года назад

    Thank you. Just saved me a big risk. Top explanation. Was going to set up for gaming. After your video I don't think it will make a difference. Thank you again.

  • @Milosz_Ostrow
    @Milosz_Ostrow 4 года назад

    My Motorola SurfBoard cable modem only supports IPv4, even though I believe it supported IPv6 when it left the factory, but the ISP clobbered its firmware some years ago and the control panel to select IPv4 or IPv6 operation is entirely missing. After watching this video, I think I'll leave it that way, instead of "upgrading" to an IPv6-capable modem.

  • @zachsandvik1867
    @zachsandvik1867 4 года назад +1

    Very good Rob! 🤓

  • @cyberp0et
    @cyberp0et 4 года назад

    We are so zucked!

  • @mrwhitebp
    @mrwhitebp 4 года назад +4

    I tell you something , you run out topics and then you read a little be in internet and claim to be an expert . You go to the live stream drunk and start screaming your frustration but the reality is that you need to study your topics very well. if you have IPV6 in every single device you don't need NAT to protected your devices with a firewall, search for a transparent firewalls. I think you area a good guy with good intentions but what is bothering people is that you claim to be an expert when you are not. maybe you know something like everybody does but you need to be more humble man because you are clearly not an expert in those topics. real experts in security doesn't need to be in internet dealing with this crap. they just never show up online , they are always anonymous

    • @robbraxmantech
      @robbraxmantech  4 года назад +2

      Sigh....I hope everyone reads your comment.

    • @robbraxmantech
      @robbraxmantech  4 года назад +2

      Your lack of knowledge just shows here. "if you have IPV6 in every single device you don't need NAT". What do you really know? You make such an obvious statement that truly has nothing to do with my point of privacy. Before you make negative comments, understand the subject matter. The subject matter is NOT IPV6 but the PRIVACY problem with IPV6.

    • @mrwhitebp
      @mrwhitebp 4 года назад

      @@robbraxmantech PLEASE READ what I said, I am telling you that if you configure an IPv6 in every single device, you don't need to be worry because you can easily firewall it and this is a security comment relate to your topic. STOP scaring people in internet, your video should said, "People be aware that if in the future you receive an IPv6 per device in your home, the IP will be public yes BUT don't worry because you can firewall it , so nothing to be worry PEOPLE. The problem here is that you spread your fear on the people using them to sell your bullshit overprice equipment. My respect from you dropped to the floor when you cannot accept the circumstances and show kinder garden videos about networking. Just because you were dealing with networks since I was not even born that doesn't mean you understood networking and to understand security you need networking first, so again study your Topics or don't but don't claim to be an expert. and PLEASE PLEASE stop bullshiting people as you do a hard work about telling people to be more careful about their privacy, I am doing hard work to stop people like you. I prefer you delivery videos every 3 weeks with accurate info that bullshiting people because you have content to delivery to make money BTW so STOP , nothing wrong making money but with an accurate info and DO WORK!!

    • @robbraxmantech
      @robbraxmantech  4 года назад +2

      Sorry friend but your understanding of the privacy issue is incomplete. The issue is not firewalling IPV6 but the device fingerprinting that results from an identity at the device level that now can be matched to other data coming out of the phone. At least in IPV4 the IP address is not at the device level. Firewalling may be fine for cybersecurity but does nothing for privacy protection. NAT at least obfuscates the device information. Now granular traffic can be attributed to individual devices rather than a router. This may mean nothing to you but to a bulk data mining collector (like Facebook) this is manna from heaven.

    • @mrwhitebp
      @mrwhitebp 4 года назад +1

      @@robbraxmantech you are totally mixing Topics here man. It is going to be impossible explaining you the different levels of protection you can have because your vision is very limited and this is how you are scaring people. The only thing I have for you is a bless. " The most profitable business in this world is FEAR". enjoy it !!