Should I just disable IPv6 and avoid the problem?

Tempting, but disabling IPv6 on Windows is officially unsupported by Microsoft and breaks several services (notably HomeGroup, Direct Access, parts of Hyper-V). On Linux, you can disable per-interface, but you lose IPv6-only connectivity to mobile and modern cloud services. The right answer in 2026 is to operate IPv6 properly, not pretend it does not exist.

My ISP gave me a /48 — is that normal?

For business connectivity, yes; consumer typically gets /56 or /64. The /48 gives you 65,536 /64 subnets — enough for any enterprise, ever. Plan address space hierarchically: /48 globally, /56 per site, /64 per VLAN. Do not be parsimonious; IPv6 was designed for abundance.

Is there an IPv6 equivalent of NAT?

NAT66 exists but is discouraged. The IPv6 design philosophy is end-to-end addressing; the security boundary is the firewall, not the address translator. Use ULA + perimeter firewall for "private but no internet exposure" patterns. NAT64 is a translation between IPv6 and IPv4, used at the dual-stack edge of mobile carriers.

Does my SIEM understand IPv6?

It should. Verify by ingesting a known-IPv6 source (router log, DNS log, Wi-Fi controller) and checking the parser identifies the address fields correctly. Many enterprise SIEM rules were written against IPv4 patterns and silently miss IPv6 addresses; review your top 20 rules and update.

What about IPv6 in cloud?

AWS, Azure, GCP all support dual-stack VPCs / VNets and increasingly IPv6-only subnets. Security Groups apply to both stacks; NACLs apply to both; flow logs capture both. The same audit checklist applies: verify rules cover both protocol families.

How do I find every IPv6 address on my network?

Active scan: nmap -6 --script targets-ipv6-multicast-echo,targets-ipv6-multicast-mld -e eth0 ::1/128 finds responsive multicast members. Passive: capture for an hour and grep for IPv6 addresses; correlate with DHCP/SLAAC sources. Most enterprise inventory tools (Lansweeper, Tenable, Qualys) discover IPv6 if they were installed after 2019.

Are IPv6 ULAs a good idea?

Yes for "private but routable internally" — direct analogue to RFC 1918 in IPv4. Use fd00::/8 with a randomly-generated 40-bit Global ID to avoid conflicts in mergers. Combine with a perimeter firewall that blocks ULA at the egress boundary.

IPv6 Security | RingSafe Academy

Read as

Last updated: May 1, 2026

IPv6 is on by default in every modern operating system. If you only configured IPv4 ACLs, half your network is unprotected. This module covers IPv6 addressing (link-local, ULA, GUA), Stateless Address Auto-Configuration (SLAAC), Neighbor Discovery (the ARP replacement and its attack surface), Router Advertisement guards, and the practical steps to build an IPv6-aware security posture in an Indian enterprise where Jio and Airtel are pushing dual-stack hard.

A common Indian enterprise misconception in 2026: “we run only IPv4.” You almost certainly do not. Windows, macOS, Linux, Android, and iOS all enable IPv6 by default; on any LAN segment with a router advertising IPv6, your hosts auto-configure global IPv6 addresses without anyone touching them. Your IPv4-only firewall and IPv4-only IDS now cover half your traffic, with IPv6 as a parallel path attackers love. This module brings you up to speed.

IPv6 addressing — the parts you must know

128-bit addresses, written as eight 16-bit hex groups: 2001:0db8:85a3:0000:0000:8a2e:0370:7334; abbreviated by zero-collapsing (2001:db8:85a3::8a2e:370:7334). Address types: Link-local (fe80::/10) — required, every IPv6-enabled interface has one, never routed off the link. Unique Local Address (ULA, fc00::/7) — IPv6’s answer to RFC 1918, routable within an organisation, not on the public internet. Global Unicast (2000::/3) — public, routable, attackers can reach it from the internet. Multicast (ff00::/8) replaces broadcast — IPv6 has no broadcast at all. The most important multicast addresses: ff02::1 (all nodes), ff02::2 (all routers), ff02::1:ffXX:XXXX (solicited-node, used for ND). Memorise these — they appear in every IPv6 capture.

Want this for your team?

Custom team training + practitioner advisory

Beyond the free academy — we run private workshops, vCISO advisory, and red-team exercises tailored to your stack. For Indian SMBs scaling past their first hire.

Book team training call Replies in 4 working hrs · India-only · Senior consultants

IPv6 Security — Why You Already Have IPv6 Even If You Did Not Notice

IPv6 addressing — the parts you must know

Custom team training + practitioner advisory

Other modules in this track

Networking Fundamentals — OSI, TCP/IP, and Why Layers Actually Matter

Packet Analysis with Wireshark — From “Open the PCAP” to Diagnosing Real Incidents

Network Protocols Deep Dive — ARP, DHCP, ICMP, DNS, HTTP and the Trust They Assume