Can you give an example of a consumer router that does not provide a default deny inbound (tonight in noun, according to voice transcribe) for IPv6 traffic? I'm not arguing with you, I'm curious. As a network and security guy, it seems like step zero in IPv6 security to have a default deny inbound firewall rule to make up for the lack of NAT.
There was a CVE for my router which permitted some sort of traffic over IPv6 that should've been blocked. IIRC, it was some sort of malicious firmware update vector, actually. Good times.
I found out retroactively after my router had been pwned and was acting as some sort of shady DNS server. I'll never actually know the method by which it was compromised, but I made a few educated guesses.
I've never seen one that did but I've only looked at IPv6 on Netgear and TP-LINK routers. Let's try the other route: Find a consumer router that both hands out IPv6 addresses and blocks inbound IPv6 traffic by default.
