“Compromises all devices running … an IPv6 address.”
Oh so no one is effected. (other then network nerds, and they are not real)
Looking at the IP logs of the users on a website of mine shows that many people are already using IPv6 alongside IPv4. Some ISPs even don’t use IPv4 anymore unless you pay extra (Germany/Austria)
IPv6 is enabled by default on windows.
I’ve just queried it my IP is V4 so presumably I’m fine.
Depending on your ISP and network setup, you could very well have both v4 and v6 addresses.
you can have both addresses at the same time - this site shows both if you have them: https://whatismyipaddress.com/
Or, just type
ping -6 google.com
from a command prompt. It won’t work if you don’t have ipv6.
IPV6 is already rolled out in parts of the world. My provider has a Dual Stack lite architecture, the home connection is over IPV6, IPV4 is normally being tunneled through a provider grade NAT.
As I AM a network nerd, I pay for a dedicated IPV4 address every month, so I can reach my stuff from outside from old IPV4 only networks.
Why not instead use the money to pay for a domain name and use a router with a dynamic DNS daemon?
Because behind the carrier grade NAT I don’t get a routable IPV4 at all, so no inbound connections.
With the IPV4 I use I do use dyndns now, so I can resolve it from outside.
Some ISPs have basically destroyed their segment of the Internet, turning it into a cable tv network.
they certainly don’t run windows.
Unfortunately (or fortunately, it depends on how you see it), some providers are already on IPv6. My Italian ISP has IPv6 with CGNAT, so all its users are on IPv6 without even knowing what it is.
Dang Italian network nerds! That will teach them for believing in a better tech future.
IPv6 huh? There are dozens of us!
I updated Windows so hard Linux popped out.
And it’s Arch, by the way.
It sure is 😜
Token Ring FTW /s
Nah, bus with terminators is better.
Dude 10-Base2 won, get over it!
I just updated and now my audio sounds like shit.
That’s pretty odd. Did you try turning it off and on again?
One restart post-update restarts changed it and helped, but something was still off. Took me like 30 minutes but it looks like my nvidia HDMI audio output got reset to a really low 16 bit sample rate. Got that set back to a decent 24 bit and its closer, but something is still off. I don’t think I had any settings/levels/enchanments.
Sounds like windows changed your audio driver. I’d download the most recent audio driver available through nvidia, then uninstall your current audio driver in device manager and manually install nvidias.
16 bit audio is normal like 320kbps mp3 and not low bitrate
Switch to Linux, be done with all of this Microsoft software nonsense
not that easy if you play games unfortunately
I used to agree with this statement, but I’m no longer that sure.
I built a new PC a week ago, installed windows first then Linux. The idea was that I needed Windows for gaming.
Thought I’d try proton + Steam, regardless, just to see how it stacks up.
No performance difference. HDR works through gamescope. The window manager of the DE isn’t insane and I can alt tab around my OS without problem.
Pretty good stuff. Still have windows for work and Valorant, but otherwise I play all my games on Linux these days. The only part that’s lacking, in my opinion, is hot plugging controllers. Annoying that that doesn’t work.
What graphics and processor are you using?
For graphics an RX 7900 XTX, and for CPU a Ryzen 9 7900X.
Actually it is 100% that simple, proton has fixed gaming on Linux.
It doesn’t work for a few rare games that install a rootkit on your Windows PC, but that’s already silly and irresponsible of you to allow a game to do anyway, in my opinion.
Nearly all the games i play run worse on linux than windows. Counterstrike, the finals, vrising. Im sure at least one of them dont have rootkit installed. Even got glorious egg proton profiles and still no luck.
Counterstrike 2 is native to Linux, doesn’t use proton so should have 0 preforman impact
My LAN has ipv6 disabled. So there.
What about reactOS?
Yay, new Xbox jailbreak method, can’t wait for new modded warfare videos about it
Serious question - I haven’t touched my Xbox one for about 4 years , it wasn’t powered and wasn’t connected to the internet - I would love to jailbreak it and run Linux on it. Can it be done?
About Linux, it’s not yet feasible, probably soon, right now Xbox one/series jailbreak scene is only making first steps with dumping of games and launching roms and emulators without dev mode
I tried to roll out ipv6 when I was sysadmin for a small ISP. ARIN gave me a /32 block with no fuss. I started handing them out only to discover most routers at the time couldn’t use them. Not much has changed. No one offers them and I just turned it off at my present job. None of my windows machine have the ipv6 stack enabled.
Hah! Joke’s on you. I accidentally restarted my PC and updated it without wanting to.
Linux time?
Linux always
A working clock is always right!
Yeah? Well I was playing a game and it rebooted in the middle of a boss fight!
Tell me you didnt take a look at your windows update settings without saying so.
I was mid-proposal. She said, “Yes, as long as this call doesn’t e…” Thanks a lot, Microsoft!
i was using it to control the robot arms to operate my patient. at least its secure now!
Mine restarted while I was watching a movie.
Thanks Windows.
Sick my isp doesn’t even support ipv6
Be the change you want to see in the world, send an email asking for IPv6.
I did that years ago, and they said basically “never”. Then a couple years later all of a sudden, there it was.
😏🐧
I like Linux, but it can have security issues just as well.
Sure can. Just more eyeballs it, who are from from 3rd parties.
Not every exploit is discovered minutes to hours after a git push. Some go unnoticed for years.
Just say you run Arch and move on.
People always talk about Arch. I wonder what people think of other oses and the people who run them lol. Like I’m a bearded Debian user (closer to the look of the Dilbert comic unix guy).
I think those are really the only two options when it comes to Linux (that’s why I main Windows 10). Hacker man or Dilbert.
Well, I’d like to think I’m just a normal looking dude who blends in in a crowd. I just use Debian ‘cause I got sick of Windows’ shit a long time ago, like, back when telemetry was introduced in Windows XP. That was the first sign of things to come. When we would start losing control of our own OS and computers and losing privacy as well. I shouldn’t even notice the OS when I do normal computer shit, and I want to keep it that way. Those who are old enough to have grown up with PCs in the 90s get what I’m saying. We had control.
Ah man, you toughed it out clear into XP? Win2k was the last version I ever ran here. That whole shit of “oh you inserted a USB drive, please reboot” really got on my nerves. Plus trying to write code and having Windows crash once a week.
having Windows crash once a week
Several times per day sometimes if you came from the Win9x line like us normies had to use and not NT.
I haven’t seen a Windows BSOD in a long time on any of my systems…
I wish I could find something to help me convert my dell laptop into a Debian device. It would be all sorts of fun.
Ive had luck with puppy on older laptops. I have one running on a 2008 machine. Works ok.
That “something” is called a USB thumb drive.
They’re pretty cheap these days.
I just like my build working. What’s wrong with that?
So it took a little while before I could run stable diffusion, I can now!
Still waiting for a distro named “Arch btw”
I run Arch and move on.
Lies, you never move!
Mobility scooter. Duh.
btw.
Not THAT’S a story I can FEEL. Thank you.
Well, it’s not like you lost a pen, now, is it?
Is it a Pilot G-2? 0.7mm?
I ran Arch and moved on
I disabled ipv6 long ago and never moved. Not even blinked.
You run Arch and move on.
(Am I doing this right?)
Just say you run Arch and move on.
You run Arch and move on.
🐧🌿 (♏)
🌀🐧
🇸🐧
😀🚬
I run Arch and since then moved on.
I thought he was saying he’s sexually attracted to punguins…
If Linux is so great, then explain why I can’t even install this latest security patch for Windows on my Tumbleweed??
You need to sudo zypper install win_patch
Great, it worked!
But now I have ads on my desktop, tiler, and all the menues feature ‘sponsored’ content instead of my shit.That’s a feature!
spoiler
An anti-feature, thanks proprietary software!
This would presumably mainly be an issue for computers open to the internet. So not so much for home PCs, unless the router’s firewall is opened up.
I’ve not read the CVE but assuming it works on any IPv6 address including the privacy extensions addresses, it’s a problem. Depending on what most routers do in terms of IPv6 firewalling.
My opinion is, IPv6 firewalls should, by default, offer similar levels of security to NAT. That is, no unsolicited incoming connections but allow outgoing ones freely.
In my experience, it’s a bit hit-and-miss whether they do or not.
Now, if this works on privacy extension addresses, it’s a problem because the IPv6 address could be harvested from outgoing connections and then attacked. If not, then scanning the IPv6 space is extremely hard and by default addresses are assigned randomly inside the /64 most people have assigned by their ISP means that the address space just within your own LAN is huge to scan.
If it doesn’t work on privacy extension IPs, I would say the risk is very low, since the main IPv6 address is generally not exposed and would be very hard to find by chance.
Here’s the big caveat, though. If these packets can be crafted as part of a response to an active outgoing TCP circuit/session. Then all bets are off. Because a popular web server could be hacked, adjusted to insert these packets on existing circuits/sessions in the normal response from the web server. Meaning, this could be exploited simply by visiting a website.
Harvesting IP addresses shouldn’t be a problem, since the firewall shouldn’t allow packets from a peer you haven’t talked to first. But true, if you can be attacked in response by a server you’re connecting to that would be bad.
IPv6 firewalls should, by default, offer similar levels of security to NAT
I think you’re probably right. We had decades of security experts saying that NAT is not a firewall and everyone on the planet treated it like one anyway. Now we’re overexposed for a no-NAT IPV6 internet.
What about torrenting through a VPN with IPv6? Would that make you vulnerable to this exploit?
I think it depends on all the caveats I mentioned. If it could have worked with an outgoing connection, then someone with a bad client could execute it for sure. The VPN wouldn’t protect you.
For a professional sysadmin’s home network? Maybe. For the average Joe who probably has their 12-year-old toaster still connected to their wifi? I wouldn’t bank on it.
To note: It shows even Windows Server 2008 as affected. Since MS is only testing against OSses they support, it is possible this has existed as a problem all the way back since IPv6 was first introduced to Windows XP.
Also, for all of you “disable IPv6 because I don’t understand it” people… unless you are running Windows 8 or older, just update Windows. IPv4 has been out of addresses for so long that CGNAT is a thing, which means connectivity problems when you’re hosting stuff, and more latency and packet drops from ISP routers getting saturated with NAT tasks. IPv6 is alive on the internet since 2011 and very much used on the internet, does not tie up routers by requiring NAT translation, and therefore just performs better. Plus, if you use your network printer’s or network device’s link-local ipv6 to connect locally, you will never have to deal with static ip address or changing ipv4 lan address pain, as link-local (non-routable on the internet) addresses don’t change unless you force it.
Also don’t use $35 routers for your internet. If your router does not support ipv6 firewalling, it is long since time to fix that with one that does.
just update Windows
I’m still on 22h2 lol
Every version of 10 going back to 15.07 original release is affected.