nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpqnyqeg55nq5eudx30py8fgff82ensxt9j063w6chkzu4leyfjygwslsa0g8 (nprofile…a0g8) god damn, the amount of ipv6 hate in here. Learn to firewall. Just because IPv6 is public address space, doesn't mean it needs to be accessible. I fully agree that NAT is a layer of protection against public to private traffic flow. Upper can invalidate all of that. But I've is NOT a weakness. If you have a router at your edge doing v6PD , then you create a rule that blocks incoming v6 traffic. Easy. You should allow ICMP for PMTUD to work but have you ever scanned a /64?!?!
The easymode way to track valid V6 hosts is to be like shodan and run 1000s of v6 ntp servers to log requestor IPv6 addresses, then scan them. But those scans are worthless if you have any amount of firewall in place.
kajer /
npub172…l9jvc
2024-12-07 03:34:19
in reply to nevent1q…kkdm
Author Public Key
npub172wtlhn33vzj8qvavut8ewxnhmnarhkrgcltmv4lzs3eenfxnj9s3l9jvcSeen on
wss://relay.nostr.bandPublished at
2024-12-07 03:34:19Event JSON
{
"id": "7dfcea68276e3357d1a78b787ef29c9a600f3ebf730521a2c94f04777eae6335",
"pubkey": "f29cbfde718b0523819d67167cb8d3bee7d1dec3463ebdb2bf14239ccd269c8b",
"created_at": 1733542459,
"kind": 1,
"tags": [
[
"p",
"99019452930533c69a2f090e9425275667032cb27ea2ed62f6172bfc9132221d",
"wss://relay.mostr.pub"
],
[
"p",
"5d0910049da6eacaad9e891d5afb88fa613f4ab514d8a6c4fb51a03edeb60ede",
"wss://relay.mostr.pub"
],
[
"e",
"3bbee6a331aa7548644556bb35b588082fde87aaa42c6f798a3d44cd563fc959",
"wss://relay.mostr.pub",
"reply"
],
[
"proxy",
"https://infosec.exchange/users/kajer/statuses/113609438604222792",
"activitypub"
]
],
"content": "nostr:nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpqnyqeg55nq5eudx30py8fgff82ensxt9j063w6chkzu4leyfjygwslsa0g8 god damn, the amount of ipv6 hate in here. Learn to firewall. Just because IPv6 is public address space, doesn't mean it needs to be accessible. I fully agree that NAT is a layer of protection against public to private traffic flow. Upper can invalidate all of that. But I've is NOT a weakness. If you have a router at your edge doing v6PD , then you create a rule that blocks incoming v6 traffic. Easy. You should allow ICMP for PMTUD to work but have you ever scanned a /64?!?!\n\nThe easymode way to track valid V6 hosts is to be like shodan and run 1000s of v6 ntp servers to log requestor IPv6 addresses, then scan them. But those scans are worthless if you have any amount of firewall in place.",
"sig": "d0b98f0e94128aed2ea1489fc281c10643f040901e893c2a9be38f47901512da6b2f652fd3eac96c1bdb0f1d6431ea803a14e2bedc10686a64c2bcabf22eaee1"
}