I like to think that I run a tight firewall on my IPv6 network, and I also like to watch the firewall log during the day (and night) so I create many rules as deny and log.
(If I don't like or understand it, drop it)

The last couple of years I noticed that many websites, especially Google, likes to try a reconnect on my previous connection via IPv6.

I never found any definitive answers out there, other that Google is running a test using some reverse web connections via SSL to speed up the general internet, but as usual, they have no documentation on how it works and what I should do with my firewall.

I'm tired of looking at all those ACK,RST,etc. messages from Google, but do they imply a security risk? They usually occurs after I visited some website, so I guess it's the website that wants to keep an open tcp connection to me in case I want to view it again.
A really horrible thought for a paranoid firewall geek like me.

I'm suspicious of all incoming connections and block almost everything I dont like, but should I look at these with new eyes? Is there some new accepted protocol in IPv6 that I missed?

I don't want to keep any unnecessary connection open to Google (or others) unless I really need it, and the continuous requests I see in my firewall log are considered hacking attempts from someone not me, so I block them.

Does anyone have an answer to what is going on here?

Hi,

If you receive packets to that ports that means, in the majority of the cases, that you have a process listening on that port, and in some rare cases lost packets. Probably you should post your firewall rules (ip6tables) here for help and also for understand your problem and make a proper diagnosis of the problem

IPV6?

I think keep your MAC address private, if it leaks then IPV6 is able to track your device wherever you are on this planet.

or check out this link: https://www.quora.com/With-MAC-addre...y-be-protected

this one as well: http://searchnetworking.techtarget.c...nsure-security

I am not sure though whether MAC security risk in IPV6 has changed in the course of time.

Lot of sites embed services, including but not limited to: ytimg, gstatic, cache, fonts, ajax, maps, youtube, plus, hangouts, search, translate, analytics, tagservices, and adservices.
It's all cached, and whenever you hit the site with one of those services it will connect to cache server which created a shadow profile for you in case you haven't created one willingly.
I've had some success with redirecting it all into a blackhole by using a huge hosts file on my dns server, but it will break many websites beyond repair.
Maybe consider a local webcache filter for selected websites to keep the site functionality but minimize the traffic.
Personally, I'd just whitelist a few and silently drop everything else.

1 members found this post helpful.

I think I'll follow elcore's tip, just whitelist the ones I trust, and ignore the rest.

I haven't noticed any errors on webpages so far due to this, so I think it's just some scripts running trying to get the most out of my visits.
(Or, as I see it, trying to suck as much valuable info as they can out of my connection)

So for now I'll just drop them all, and whitelist as I see fit.

Anyone who stares at logs all day is a friend of mine.

But I have concerns but not in the IPv6 arena. God, don't even wish to go there.
"google" in my logs don't mean jack-all to me, all liars.

You could have Tang in your pantry but that don't make you an astronaut.

Just sayin'. I hear you.
My only issue is I feel that once I become a "store detective" sooner or later, everyone
is a shoplifter.
I use ELK and I live in the Kibana dashboard on a daily basis.

PM me if you wish to compare methods and notes. I could use some feedback myself.
And I wasn't even sure I'd toss that out there, as I rarely discuss "situations" in public.

Peace.
John

Well, I do that, but I don't think I have the same workload as you.

I don't know when I started experimenting with IpV6, but it's quite a few years ago. At least 10.

Maybe I'm not there yet, I didn't even know what ELK/Kibana was until I googled it