Where Have All the Firewalls Gone? Security Consequences of Residential IPv6 Transition

• URL: http://arxiv.org/abs/2509.04792v1
• Date: Fri, 05 Sep 2025 04:09:47 GMT
• Title: Where Have All the Firewalls Gone? Security Consequences of Residential IPv6 Transition
• Authors: Erik Rye, Dave Levin, Robert Beverly,
• Abstract summary: As the Internet transitions to majority IPv6, residential connections no longer require the use of NAT.<n>We show that we are able to reach more printers, iPhones, and smart lights over IPv6 than full IPv4-wide scans could.
• Score: 5.833756501605651
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: IPv4 NAT has limited the spread of IoT botnets considerably by default-denying bots' incoming connection requests to in-home devices unless the owner has explicitly allowed them. As the Internet transitions to majority IPv6, however, residential connections no longer require the use of NAT. This paper therefore asks: has the transition from IPv4 to IPv6 ultimately made residential networks more vulnerable to attack, thereby empowering the next generation of IPv6-based IoT botnets? To answer this question, we introduce a large-scale IPv6 scanning methodology that, unlike those that rely on AI, can be run on low-resource devices common in IoT botnets. We use this methodology to perform the largest-scale measurement of IPv6 residential networks to date, and compare which devices are publicly accessible to comparable IPv4 networks. We were able to receive responses from 14.0M distinct IPv6 addresses inside of residential networks (i.e., not the external-facing gateway), in 2,436 ASes across 118 countries. These responses come from protocols commonly exploited by IoT botnets (including telnet and FTP), as well as protocols typically associated with end-user devices (including iPhone-Sync and IPP). Comparing to IPv4, we show that we are able to reach more printers, iPhones, and smart lights over IPv6 than full IPv4-wide scans could. Collectively, our results show that NAT has indeed acted as the de facto firewall of the Internet, and the v4-to-v6 transition of residential networks is opening up new devices to attack.

Related papers

• ReDAN: An Empirical Study on Remote DoS Attacks against NAT Networks [20.9399920902894]
  We show that Internet attackers operating outside local NAT networks can remotely identify a NAT device and terminate TCP connections initiated from the identified NAT device to external servers. We identify NAT devices on the Internet by exploiting inadequacies in the PMTUD mechanism within NAT specifications. Our experimental results reveal widespread security vulnerabilities in existing NAT devices.
  arXiv  Detail & Related papers  (2024-10-29T12:14:20Z)
• IDEATOR: Jailbreaking and Benchmarking Large Vision-Language Models Using Themselves [64.46372846359694]
  We propose IDEATOR, a novel jailbreak method that autonomously generates malicious image-text pairs for black-box jailbreak attacks.<n>In experiments, IDEATOR achieves a 94% attack success rate (ASR) in jailbreaking MiniGPT-4 with an average of only 5.34 queries.<n>Building on IDEATOR's strong transferability and automated process, we introduce the VLJailbreakBench, a safety benchmark comprising 3,654 multimodal jailbreak samples.
  arXiv  Detail & Related papers  (2024-10-29T07:15:56Z)
• A New Model for Testing IPv6 Fragment Handling [0.0]
  We propose a novel model to check IPv6 fragmentation handling specifically suited for the reassembling strategies of modern operating systems. Our results suggest that IPv6 fragmentation can still be considered a threat and that more effort is needed to solve related security issues.
  arXiv  Detail & Related papers  (2023-09-07T07:15:34Z)
• GhostNetV2: Enhance Cheap Operation with Long-Range Attention [59.65543143580889]
  We propose a hardware-friendly attention mechanism (dubbed DFC attention) and then present a new GhostNetV2 architecture for mobile applications. The proposed DFC attention is constructed based on fully-connected layers, which can not only execute fast on common hardware but also capture the dependence between long-range pixels. We further revisit the bottleneck in previous GhostNet and propose to enhance expanded features produced by cheap operations with DFC attention.
  arXiv  Detail & Related papers  (2022-11-23T12:16:59Z)
• MogaNet: Multi-order Gated Aggregation Network [61.842116053929736]
  We propose a new family of modern ConvNets, dubbed MogaNet, for discriminative visual representation learning.<n>MogaNet encapsulates conceptually simple yet effective convolutions and gated aggregation into a compact module.<n>MogaNet exhibits great scalability, impressive efficiency of parameters, and competitive performance compared to state-of-the-art ViTs and ConvNets on ImageNet.
  arXiv  Detail & Related papers  (2022-11-07T04:31:17Z)
• SiamHAN: IPv6 Address Correlation Attacks on TLS Encrypted Traffic via Siamese Heterogeneous Graph Attention Network [10.299611702673635]
  IPv6 addresses could easily be correlated with user activity, endangering their privacy. Mitigations to address this privacy concern have been deployed, making existing approaches for address-to-user correlation unreliable. This work demonstrates that an adversary could still correlate IPv6 addresses with users accurately, even with these protection mechanisms.
  arXiv  Detail & Related papers  (2022-04-20T13:54:10Z)
• 6GCVAE: Gated Convolutional Variational Autoencoder for IPv6 Target Generation [7.462399334010083]
  In this paper, we try to use deep learning to design such IPv6 target generation algorithms. The model effectively learns the address structure by stacking the gated convolutional layer to construct Variational Autoencoder (VAE) Experiments indicate that our approach 6GCVAE outperformed the conventional VAE models and the state-of-the-art target generation algorithm in two active address datasets.
  arXiv  Detail & Related papers  (2022-04-20T12:36:19Z)
• Container: Context Aggregation Network [83.12004501984043]
  Recent finding shows that a simple based solution without any traditional convolutional or Transformer components can produce effective visual representations. We present the model (CONText Ion NERtwok), a general-purpose building block for multi-head context aggregation. In contrast to Transformer-based methods that do not scale well to downstream tasks that rely on larger input image resolutions, our efficient network, named modellight, can be employed in object detection and instance segmentation networks.
  arXiv  Detail & Related papers  (2021-06-02T18:09:11Z)
• 6VecLM: Language Modeling in Vector Space for IPv6 Target Generation [26.73994727119052]
  We introduce our approach 6VecLM to explore achieving such target generation algorithms. The architecture can map addresses into a vector space to interpret semantic relationships. Experiments indicate that our approach can perform semantic classification on address space.
  arXiv  Detail & Related papers  (2020-08-05T16:26:50Z)
• Federated Learning for 6G Communications: Challenges, Methods, and Future Directions [71.31783903289273]
  We introduce the integration of 6G and federated learning and provide potential federated learning applications for 6G. We describe key technical challenges, the corresponding federated learning methods, and open problems for future research on federated learning in the context of 6G communications.
  arXiv  Detail & Related papers  (2020-06-04T15:17:19Z)
• Automating Botnet Detection with Graph Neural Networks [106.24877728212546]
  Botnets are now a major source for many network attacks, such as DDoS attacks and spam. In this paper, we consider the neural network design challenges of using modern deep learning techniques to learn policies for botnet detection automatically.
  arXiv  Detail & Related papers  (2020-03-13T15:34:33Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.