this post was submitted on 19 Jun 2024
314 points (85.7% liked)

Programmer Humor

19564 readers
1030 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 1 year ago
MODERATORS
 

Today in our newest take on "older technology is better": why NAT rules!

you are viewing a single comment's thread
view the rest of the comments
[โ€“] [email protected] 5 points 5 months ago* (last edited 5 months ago) (1 children)

I wouldn't rely on the size of the address space to provide security. It's possible to find hosts through methods other than brute force scanning. I remember seeing a talk from a conference (CCC? DEF CON? I can't remember) where they were able to find hosts in government IPv6 address space (might have been DOD?) through stuff like certificate transparency logs and other DNS side channels.

Man, I need to go find that talk now....

Edit: I don't think this is the one I saw previously but is in a similar vein: https://www.youtube.com/watch?v=AayifEqLbhI

[โ€“] [email protected] 2 points 4 months ago* (last edited 4 months ago)

Will take a look at the talk once I get time, thanks. If you can find the original one you were talking about, please link.

For servers, there is some truth that the address space does not provide much benefit since the addressing of them is predictable most of the time.

However, it is a huge win in security for private internet. Thanks to the privacy extension, those IPs are not just generated completely random, they also rotate regularily.

It should not be the sole source of security but it definitely adds to it if done right.