Hacker News new | ask | show | jobs
by concrete_head 688 days ago
Would you be willing to share a few details on how you do this. And how do you prevent someone spamming your devices or is the risk so low you don't care?

Unfortunately most ISP's in my area don't dish out IPv6 addresses without ridiculous monthly charges. I hope one day it becomes more commonplace.
4 comments
jeroenhd 688 days ago
> Unfortunately most ISP's in my area don't dish out IPv6 addresses without ridiculous monthly charges

If you've got an IPv4 address that responds to ICMP, HE's https://tunnelbroker.net/ offers free IPv6 ranges (a bunch of /64s and a /48) for free. You can configure a tunnel to work through many routers, but with some setup you could also have something like a Raspberry Pi announce itself as an IPv6 router.

Sites like Netflix treat HE tunnels as VPNs, though, so if you run into weird playback errors, consider configuring your device's DNS server/network not to use IPv6 for that.

As for your questions:

> how you do this

Open port 8888 to (prefix):abcd:ef01:2345:56, or whatever IP your device obtains, in your firewall. It's the same process as with IPv4, except you can use the same port on multiple devices.

> And how do you prevent someone spamming your devices or is the risk so low you don't care?

While some services have started scanning IPv6, a home network from a semi-competent ISP will contain _at least_ 2^64 IPv6 addresses. Scanning the entire IPv6 network is unfeasible for most automated scanners.

link
ffsm8 688 days ago
> And how do you prevent someone spamming your devices or is the risk so low you don't care?

That's the job of a firewall and is unchanged between ipv4 and IPv6. Theyre both equally vulnerable to denial of service attacks

link
immibis 688 days ago
You just plug a device into your network. The device acquires an address. You can type that address into another device on the Internet to attempt a connection to your device. If your device is running a web server that allows access from the whole Internet, this brings up the home page. If you have a firewall, tell the firewall to enable connections to that web server from the whole internet.

What do you mean by spamming? People are scanning the Internet the whole time to see what's there, and it isn't a threat unless you are doing something terribly insecure. Scanning IPv6 is impossible in practice anyway, due to the high number of available addresses.

link
concrete_head 688 days ago
Thanks for your response. Spamming was a poor choice of words on my part. I really meant DDos or just generally people sending erroneous requests or being a nuisance wasting data/resources once they know the address, say if it was leaked.
link
immibis 688 days ago
How do you already stop them from doing that today?
link
fullspectrumdev 687 days ago
There’s a lot of work that has been done on address space reduction for IPv6 scanning. It’s not “impossible”, it’s just very very hard :)
link
justsomehnguy 688 days ago
They need to find them first.
link