IPv6 networks do apparently get probed

This reminds me of AWS&#x27;s solution for everybody selecting the first 2 availability zones which made the 3rd one to be under-used, and the first 2 over-used.<p>So they introduced AZ IDs <a href="https:&#x2F;&#x2F;docs.aws.amazon.com&#x2F;AWSEC2&#x2F;latest&#x2F;UserGuide&#x2F;using-regions-availability-zones.html#az-ids" rel="nofollow">https:&#x2F;&#x2F;docs.aws.amazon.com&#x2F;AWSEC2&#x2F;latest&#x2F;UserGuide&#x2F;using-re...</a> which create a per-account randomized mapping of region to actual availability zone.<p>And it&#x27;s logical that we do so. We clean up, we put things in corners, we sort things. So I suppose many people set static IPv6 addresses at the bottom of their &#x2F;64?

ISP gives me &#x2F;24 and I configure my router at .1: I do nothing.<p>ISP gives me &#x2F;64 and I configure my router at ::1: <i>in WarCraft I orcs voice</i> We are under attack!<p>There is really no difference between setting <i>anything</i> on &quot;::3, ::5, ::7, ::a, ::b, ::c, ::f&quot; for IPv6 and for .1, .2, .3, .10, .11 on IPv4. Using these addresses do not lower you security in any way <i>compared to IPv4</i>.<p>The real difference is what with IPv4 you can just scan the whole &#x2F;24 in seconds, while with IPv6... it&#x27;s not seconds at least.

&gt; One of the things that I take away from this is that I may not want to put servers on these low IPv6 addresses in the future. Certainly one should have firewalls and so on, even on IPv6, but even then you may want to be a little less obvious and easily found<p>And my takeaway here is that &quot;Security through Obscurity&quot; isn&#x27;t actually that secure is it?<p>&gt; Certainly one should have firewalls and so on<p>Just because every device has a public IP doesn&#x27;t mean every device is available publicly. Your public little IPv6 network still goes through a router and that device can control the flow of traffic, through routing and firewalling.<p>This whole read really just feels like someone discovering IPv6 for the first time and fundamentally not understanding basic networking.

Not if you disable your IPv6 stack.<p>Or you can be smart and &quot;easily&quot; address such probing attacks in your FW rules... <a href="https:&#x2F;&#x2F;nvd.nist.gov&#x2F;vuln&#x2F;detail&#x2F;CVE-2024-50252" rel="nofollow">https:&#x2F;&#x2F;nvd.nist.gov&#x2F;vuln&#x2F;detail&#x2F;CVE-2024-50252</a>

Here’s an RFC on the topic: <a href="https:&#x2F;&#x2F;datatracker.ietf.org&#x2F;doc&#x2F;html&#x2F;rfc7707" rel="nofollow">https:&#x2F;&#x2F;datatracker.ietf.org&#x2F;doc&#x2F;html&#x2F;rfc7707</a>