16
General Discussion / Re: Good reporting out of OPNSense
« on: February 21, 2024, 01:23:30 pm »Hook up any system to the legacy (IPv4) Internet and it will instantly be port scanned 24x7. So why care?
We populate our IPv6 address space sparsely. So every customer container gets a random address inside a common /64. That means all the customer containers (FreeBSD jails, actually) share one /64 or the entire legacy (IPv4) Internet squared.
No way to port scan that.
Nice way of conceptualizing that. Hadn't ever occurred to me but it's obvious when you point it out that way. An address space too large to port scan effectively, assuming sparse & reasonably random assignment within it.