Blog index–Rollingš„blog–Permalink
I've noticed that all of the devices connected to my WiFi router have their own IPv6 address (if they support it) and that when accessing the internet that is the IP address that gets logged in remote servers (if they support IPv6, of course). What this means is, when banning IPv6 addresses, there are a lot more devices that could connect to you from the same house. For some reason my main computer has two IPv6 addresses. One stays static and the other changes but I am unsure of the frequency of changes.
If/when IPv6 becomes the de facto standard, the implications of this can be... spooky. Who is assigning the IPv6 addresses to each of the internet devices? The ISP most likely (albeit through an automated system). This seems like it can be used in a way for an ISP to be able to tell if there is a new internet device connected to the router (if Mr. Hacker Man accesses your router to do 'bad stuff' it will have his own IPv6 address which would hopefully aid you legally, somehow [probably not, gotta keep that conviction ratio up!]. Thinking more about it, if Mr. Hacker Man connects to a lot of random routers... they all have to get their IPv6 address from the ISP so the ISP could determine stuff about the device if they wanted to, maybe, I don't know, I do not know anything about assigning IP addresses*). A way of mitigating this, I suppose, is to attach your own router to the ISP's router and have all of your devices connect to your router. If my thinking is correct and there is a very good chance that it is not, it should seem, to the ISP router, there is only one device connected? Maybe some kind of communication between routers will tell the ISP router that there are 'x' devices connected to it and each need their own IPv6 address.
Ok, I did a search and discovered that there are 340,282,366,920,938,463,463,374,607,431,768,211,456 IPv6 addresses.
IPv6 addresses usually are assigned under a prefix, so baning IPv6 addresses would probably start at /64 and eventually all the way up to /48 and probably even high if abuse from an IPv6 address prefix keeps coming.
One thing I've realized is, due to the high amount of IP addresses assigned even to a /64, it is very easy to hide services such as SSH and other applications since automated scanners will have to scan BILLIONS of addresses. And each scan can take a really long time anyway.