Today in our newest take on “older technology is better”: why NAT rules!

  • Forbo
    link
    fedilink
    5
    edit-2
    5 months ago

    I wouldn’t rely on the size of the address space to provide security. It’s possible to find hosts through methods other than brute force scanning. I remember seeing a talk from a conference (CCC? DEF CON? I can’t remember) where they were able to find hosts in government IPv6 address space (might have been DOD?) through stuff like certificate transparency logs and other DNS side channels.

    Man, I need to go find that talk now…

    Edit: I don’t think this is the one I saw previously but is in a similar vein: https://www.youtube.com/watch?v=AayifEqLbhI

    • Domi
      link
      fedilink
      2
      edit-2
      5 months ago

      Will take a look at the talk once I get time, thanks. If you can find the original one you were talking about, please link.

      For servers, there is some truth that the address space does not provide much benefit since the addressing of them is predictable most of the time.

      However, it is a huge win in security for private internet. Thanks to the privacy extension, those IPs are not just generated completely random, they also rotate regularily.

      It should not be the sole source of security but it definitely adds to it if done right.