Hacker News new | past | comments | ask | show | jobs | submit login

Network metadata is sometimes valuable all by itself. Investment firms buy satellite imagery to identify the number and models of cars in corporate parking lots, for better inferring internal business conditions. Frequency of pizza deliveries to the Pentagon revealed when major ops were taking place.

A private network will ideally present as an opaque black box to the outside.




This site is about securing consumer level routers. Nobody using one of those has a network where the internal layout is valuable to a bad guy.


> A private network will ideally present as an opaque black box to the outside.

Good luck (trying to) scanning a IPv6 /64 subnet.

I've been in IT for 20+ years, and I have yet to find a situation where blocking ICMP(v6) caused more benefits than problems.

Ditto for my home network: my last ISP had IPv6, and I had an Asus router which blocked unsolicited incoming connections: I could not SSH to any of my Macs from the outside (by default), but could ping if I knew the address (but good luck guessing 2^64).

If you want to try to enumerate the equivalent of 4.3 billion IPv4 Internets that is a single IPv6 subnet, have fun.


RFC 4890 is a long read but the end result for home networks does have you block a handful of them.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: