How many people will get burnt with IPV6 tunnels?

I have just spent the arvo playing with IPv6 and brought up a tunnel using my web server as the tunnel endpoint in my network.

Next thing I know every machine on the network (OS X/Windows/Linux) have been allocated IPv6 addresses in the /56 network I requested from the broker.  Turns out I activated the routing functionality and all the machines on the network received a broadcast routing update.  IPv6 has a thing called stateless autoconfiguration that the devices then use to grab an IP address (based off the MAC address).

And because the tunnel goes through the firewall, everything is visible on the Internet (found a nice site that lets you port scan IPv6 addresses and verified).

As IPv6 becomes more available, I wonder how many people are going to find themselves opening up their network without realising it?  I wonder also if the bad guys have started scanning IPv6 address ranges – or is it still not worth the effort.  And if so – for how long.

Now playing with ip6tables before I bring that tunnel back up…..

Leave a Reply