|
|
|
|
|
|
by Dagger2
2141 days ago
|
|
|
Security is provided by a firewall. But a lot of IoT botnet stuff comes from people opening inbound connections to their cameras/NASs/etc so they can access them from elsewhere. These are hosts where the network security has been deliberately disabled. The large address space of v6 at least reduces the odds of someone finding the device -- an insecure, unexploited device is better than an insecure exploited one. You could sort of consider the 64 bit host ID to be a cookie, stored in DNS, that has to be provided by the client to connect to the server. Viewed like this, the IP itself would be considered a layer of security, since it forces the client to know the correct DNS name (or spend a lot of time guessing) to connect. |
|
|
Right so as I said elsewhere I'll be dropping all packets for incoming connections at the firewall. I was heavily downvoted for that comment... I guess a lot of folk will leave insecure devices open to the world.