Problem is, yes it’s hard to implement but it’s even a lot harder to get it properly secured. Especially because few people are using it, and not securing it is worse than disabling it.
My detailed explanation at my old job is that the dev team was full of idiots who hardcoded ipv4 addresses into their fucking code. Seriously. When we migrated from data center to cloud they had to go patch everything. The CTO wouldn’t do shit about it and the director was just there riding things out until retirement.
It’s vulnerable af. And I mean really, it’s as bad as Netscalers or Fortigate shit. Like https://www.bleepingcomputer.com/news/security/hackers-abuse-ipv6-networking-feature-to-hijack-software-updates/ or https://www.bleepingcomputer.com/news/security/hackers-abuse-ipv6-networking-feature-to-hijack-software-updates/
Problem is, yes it’s hard to implement but it’s even a lot harder to get it properly secured. Especially because few people are using it, and not securing it is worse than disabling it.
Just a heads up, you linked to the same article twice
Clipboards are also hard
That’s odd, but truly sorry.
And I would consider a detailed argument on why it is more secure to disable it to be a good reason.
Personally? I consider an IT team who don’t know how to secure an ipv6 enabled network to not be competent. But that is a different conversation.
Yeah, I run dual stack without much trouble myself. I believe it is mainly difficult for people because eyeball diagnostics are impossible with 6.
My detailed explanation at my old job is that the dev team was full of idiots who hardcoded ipv4 addresses into their fucking code. Seriously. When we migrated from data center to cloud they had to go patch everything. The CTO wouldn’t do shit about it and the director was just there riding things out until retirement.
It has less eyes on it due to it being less popular. It also introduces an extra vector of attack.
It does not have less eyes on and it’s 50% of Google traffic.
Think they mean local networks.
If an IT department carefully curates IPv4 but ignores IPv6, then a rogue actor can set up a parallel IPv6 network largely without being noticed.
IPv6 can be managed, just that it is a blindside for a lot of these departments.
Don’t see how that is anymore vulnerable then up 4.
But you could do the same thing with a rogue DHCP server I IPv4… With similar methods to prevent the misbehavior on networks