you do know single network devices can have more than one ip address?
afaics, the biggest issue with ipv6 is if its active all devices on a network can easily be coaxed to never route traffic anywhere near the router/firewall the network admistrator intended, simply by handing out extra routing info for alternate networks.
> afaics, the biggest issue with ipv6 is if its active all devices on a network can easily be coaxed to never route traffic anywhere near the router/firewall the network admistrator intended, simply by handing out extra routing info for alternate networks.
This is not unique to IPv6.
ARP spoofing is the v4 version of this attack. RA spoofing is the v6 version of the attack. In both cases, the solution is the same: lock down your L2 by enabling MAC / ARP / RA filtering on your switch.
I have 32 IPv4 addresses, how do I utilize them to hack Amazon?
It doesn't matter that you can get IPv6 addresses, you still need to be able to get onto the L2 network of your victim company to be able to mount RA attacks. You also will somehow need to force them to announce your IPv6 space to their peers.
with IPv4 you cant really, because getting traffic routed to those ips is a major undertaking.
with IPv6, every IPv6 capable device is potentially capable of handing out something like the entire IPv4 space of public ip addresses regardless of how a single firewall or router is configured.
"trying to configure connectivity and access resources using only IPv6 addresses is borderline insane"
what difference do you think it makes who controls the public ipv6 address.
with ipv6, they got one, all devices on the network are now by default accessible from the public internet instead of invisible to it . Thats the whole point of ipv6.
