IPv6 huh? There are dozens of us!
I just updated and now my audio sounds like shit.
That’s pretty odd. Did you try turning it off and on again?
One restart post-update restarts changed it and helped, but something was still off. Took me like 30 minutes but it looks like my nvidia HDMI audio output got reset to a really low 16 bit sample rate. Got that set back to a decent 24 bit and its closer, but something is still off. I don’t think I had any settings/levels/enchanments.
Sounds like windows changed your audio driver. I’d download the most recent audio driver available through nvidia, then uninstall your current audio driver in device manager and manually install nvidias.
16 bit audio is normal like 320kbps mp3 and not low bitrate
I’m not running my computer with an IPv6 address. Only my modem has an IPv6 address. Does that mean I’m not affected?
I’ll make sure to updats either way though.
What about reactOS?
Well, not ALL Windows machines…
“Systems are not affected if IPv6 is disabled on the target machine.”
I can’t remember the last time I saw an IPv6 machine…
It is on by default in Windows… More likely people have routers with it disabled.
And disabling it fucks with Windows AD.
Definitely on by default on my laptop
It’s on by default with Win10 at least.
I disable it on all machines I build. And use GP to ensure it stays disabled.
Same, ain’t nobody got time to memorize IPv6 addresses! Lmao
There’s just no need for it on small networks. Just another thing running that can go wrong (as it did here).
It also contributes to increased troubleshooting when networking is acting funny, because now you have 2 stacks to consider.
IPv6 is enabled by default on windows. Additionally, MS does no testing against machines with ipv6 turned off. People that go through the effort of turning it off may run into problems.
Where I work, everything is on IPv6. Both the infrastructure for the software services that we run, and our own internal corporate network.
My ISP also provides publicly routable IPv6 prefixes over DHCP. Any layman in my city with this ISP will be on IPv6 by default.
I also use IPv6 for my LAN.
Like, it’s just kind of the default in my neck of the woods…
I have two different ISPs offering gigabit fiber to the home, neither offers IPv6 at all. One of thes years I’ll tunnel an IPv6 prefix or two onto my network to actually get some real world experience with…
That’s strange. Mine dual routes. So we get both. I don’t know they generally tell you the ipv6 unless you ask though as most internal networks are still using primarily ipv4
My entire network runs IPv6. I don’t have any windows machines though.
My ISP enabled native IPv6 for me a few months back. It’s pretty great. I don’t have any windows machines, but I doubt my wife has disabled it on hers.
Anyway, our router is set up to drop incoming IPv6 traffic by default, sanely enough.
Hah! Joke’s on you. I accidentally restarted my PC and updated it without wanting to.
Mine restarted while I was watching a movie.
Thanks Windows.
Yeah? Well I was playing a game and it rebooted in the middle of a boss fight!
Tell me you didnt take a look at your windows update settings without saying so.
I was mid-proposal. She said, “Yes, as long as this call doesn’t e…” Thanks a lot, Microsoft!
i was using it to control the robot arms to operate my patient. at least its secure now!
Linux time?
Linux always
A working clock is always right!
😏🐧
If Linux is so great, then explain why I can’t even install this latest security patch for Windows on my Tumbleweed??
You need to sudo zypper install win_patch
Great, it worked!
But now I have ads on my desktop, tiler, and all the menues feature ‘sponsored’ content instead of my shit.That’s a feature!
spoiler
An anti-feature, thanks proprietary software!
I like Linux, but it can have security issues just as well.
Sure can. Just more eyeballs it, who are from from 3rd parties.
Not every exploit is discovered minutes to hours after a git push. Some go unnoticed for years.
Just say you run Arch and move on.
Just say you run Arch and move on.
You run Arch and move on.
I run Arch and move on.
Not THAT’S a story I can FEEL. Thank you.
Well, it’s not like you lost a pen, now, is it?
Is it a Pilot G-2? 0.7mm?
Lies, you never move!
Mobility scooter. Duh.
btw.
I disabled ipv6 long ago and never moved. Not even blinked.
I ran Arch and moved on
People always talk about Arch. I wonder what people think of other oses and the people who run them lol. Like I’m a bearded Debian user (closer to the look of the Dilbert comic unix guy).
I think those are really the only two options when it comes to Linux (that’s why I main Windows 10). Hacker man or Dilbert.
Well, I’d like to think I’m just a normal looking dude who blends in in a crowd. I just use Debian ‘cause I got sick of Windows’ shit a long time ago, like, back when telemetry was introduced in Windows XP. That was the first sign of things to come. When we would start losing control of our own OS and computers and losing privacy as well. I shouldn’t even notice the OS when I do normal computer shit, and I want to keep it that way. Those who are old enough to have grown up with PCs in the 90s get what I’m saying. We had control.
Ah man, you toughed it out clear into XP? Win2k was the last version I ever ran here. That whole shit of “oh you inserted a USB drive, please reboot” really got on my nerves. Plus trying to write code and having Windows crash once a week.
I haven’t seen a Windows BSOD in a long time on any of my systems…
having Windows crash once a week
Several times per day sometimes if you came from the Win9x line like us normies had to use and not NT.
I wish I could find something to help me convert my dell laptop into a Debian device. It would be all sorts of fun.
Ive had luck with puppy on older laptops. I have one running on a 2008 machine. Works ok.
That “something” is called a USB thumb drive.
They’re pretty cheap these days.
I just like my build working. What’s wrong with that?
So it took a little while before I could run stable diffusion, I can now!
🐧🌿 (♏)
🌀🐧
🇸🐧
😀🚬
You run Arch and move on.
(Am I doing this right?)
I thought he was saying he’s sexually attracted to punguins…
Still waiting for a distro named “Arch btw”
I run Arch and since then moved on.
Lmao good thing we’re all on ipv4
Sick my isp doesn’t even support ipv6
Be the change you want to see in the world, send an email asking for IPv6.
I did that years ago, and they said basically “never”. Then a couple years later all of a sudden, there it was.
Is this for Windows 11?
My windows XP laptop is good right?
Our windows XP laptop
Can’t tell if you’re russian, or room mates.
They own the botnet.
Could also be a joke on how there was a single XP serial number used by nearly everyone that got it from, uhh, non-official sources. FCKGW FTW.
Just anyone with a windows xp machine really
Why would you make it accessible to the world?
In this case? Research, but you are correct in that it’s incredibly unlikely that someone today has their computer directly connected to the internet without a router or something preventing any incoming connection
What about Windows 3.1!?
Does 3.1 even go online?
Pshhh “zoomers” amiright?!
Eh, they’re alright. They had to deal with more bullshit than I ever had to in high school.
They had to deal with the daily threat that a school shooting could be their school. All I had to deal with was teenage girls having a war over who was hotter. Backstreet Boys, or N-Sync.
Which to be fair, if you said the wrong one to a teenage girl in the 90s, she’d be likely to flip out on you. Still though, they wouldn’t pull a gun!
I’m honestly surprised that the closest we ever got to a parody boy band was Justin Timberlake singing Dick in a Box with Lonely Island. Seems like SOMEBODY should have made a parody band! Weird Al can’t do EVERYTHING, ok???
Zoomers are fine, just making fun of the concept of young people thinking Windows 3.1 couldn’t connect to the internet. America Online, bitch. A/S/L? Also Zi could type my friend’s phone # into Doom and it’d call his modem and we could play each other
They had to deal with the daily threat that a school shooting could be their school.
What kinda hellscape country is that?
Oh wait. I know this one.
New Kids on the Block you millennial.
3.11 goes online
With workgroups.
Fuckin DOS could go online.
Winsock baby.
modem noises
I updated Windows so hard Linux popped out.
And it’s Arch, by the way.
It sure is 😜
To note: It shows even Windows Server 2008 as affected. Since MS is only testing against OSses they support, it is possible this has existed as a problem all the way back since IPv6 was first introduced to Windows XP.
Also, for all of you “disable IPv6 because I don’t understand it” people… unless you are running Windows 8 or older, just update Windows. IPv4 has been out of addresses for so long that CGNAT is a thing, which means connectivity problems when you’re hosting stuff, and more latency and packet drops from ISP routers getting saturated with NAT tasks. IPv6 is alive on the internet since 2011 and very much used on the internet, does not tie up routers by requiring NAT translation, and therefore just performs better. Plus, if you use your network printer’s or network device’s link-local ipv6 to connect locally, you will never have to deal with static ip address or changing ipv4 lan address pain, as link-local (non-routable on the internet) addresses don’t change unless you force it.
Also don’t use $35 routers for your internet. If your router does not support ipv6 firewalling, it is long since time to fix that with one that does.
just update Windows
I’m still on 22h2 lol
Every version of 10 going back to 15.07 original release is affected.
This is why I get Linux or Apple.
“There but for the grace of god go thee.”
Or, to be less poetic, “don’t get cocky”.
Hacks can happen to anyone. Better lessons to learn is “don’t enable or install what you don’t need” and “keep machines you don’t trust off your local network”
This would presumably mainly be an issue for computers open to the internet. So not so much for home PCs, unless the router’s firewall is opened up.
I’ve not read the CVE but assuming it works on any IPv6 address including the privacy extensions addresses, it’s a problem. Depending on what most routers do in terms of IPv6 firewalling.
My opinion is, IPv6 firewalls should, by default, offer similar levels of security to NAT. That is, no unsolicited incoming connections but allow outgoing ones freely.
In my experience, it’s a bit hit-and-miss whether they do or not.
Now, if this works on privacy extension addresses, it’s a problem because the IPv6 address could be harvested from outgoing connections and then attacked. If not, then scanning the IPv6 space is extremely hard and by default addresses are assigned randomly inside the /64 most people have assigned by their ISP means that the address space just within your own LAN is huge to scan.
If it doesn’t work on privacy extension IPs, I would say the risk is very low, since the main IPv6 address is generally not exposed and would be very hard to find by chance.
Here’s the big caveat, though. If these packets can be crafted as part of a response to an active outgoing TCP circuit/session. Then all bets are off. Because a popular web server could be hacked, adjusted to insert these packets on existing circuits/sessions in the normal response from the web server. Meaning, this could be exploited simply by visiting a website.
Harvesting IP addresses shouldn’t be a problem, since the firewall shouldn’t allow packets from a peer you haven’t talked to first. But true, if you can be attacked in response by a server you’re connecting to that would be bad.
What about torrenting through a VPN with IPv6? Would that make you vulnerable to this exploit?
I think it depends on all the caveats I mentioned. If it could have worked with an outgoing connection, then someone with a bad client could execute it for sure. The VPN wouldn’t protect you.
IPv6 firewalls should, by default, offer similar levels of security to NAT
I think you’re probably right. We had decades of security experts saying that NAT is not a firewall and everyone on the planet treated it like one anyway. Now we’re overexposed for a no-NAT IPV6 internet.
For a professional sysadmin’s home network? Maybe. For the average Joe who probably has their 12-year-old toaster still connected to their wifi? I wouldn’t bank on it.
“Compromises all devices running … an IPv6 address.”
Oh so no one is effected. (other then network nerds, and they are not real)
IPV6 is already rolled out in parts of the world. My provider has a Dual Stack lite architecture, the home connection is over IPV6, IPV4 is normally being tunneled through a provider grade NAT.
As I AM a network nerd, I pay for a dedicated IPV4 address every month, so I can reach my stuff from outside from old IPV4 only networks.
Why not instead use the money to pay for a domain name and use a router with a dynamic DNS daemon?
Because behind the carrier grade NAT I don’t get a routable IPV4 at all, so no inbound connections.
With the IPV4 I use I do use dyndns now, so I can resolve it from outside.
Some ISPs have basically destroyed their segment of the Internet, turning it into a cable tv network.
they certainly don’t run windows.
Unfortunately (or fortunately, it depends on how you see it), some providers are already on IPv6. My Italian ISP has IPv6 with CGNAT, so all its users are on IPv6 without even knowing what it is.
Dang Italian network nerds! That will teach them for believing in a better tech future.
IPv6 is enabled by default on windows.
I’ve just queried it my IP is V4 so presumably I’m fine.
Depending on your ISP and network setup, you could very well have both v4 and v6 addresses.
you can have both addresses at the same time - this site shows both if you have them: https://whatismyipaddress.com/
Or, just type
ping -6 google.comfrom a command prompt. It won’t work if you don’t have ipv6.
Looking at the IP logs of the users on a website of mine shows that many people are already using IPv6 alongside IPv4. Some ISPs even don’t use IPv4 anymore unless you pay extra (Germany/Austria)
