> They will be announcing themselves over discovery protocols. Otherwise it makes it impossible to find them and thus defeat the purpose of having them connected in the first place.
Yes, they will be announcing on the local network. Not to the outside world. But yes, maybe we need to keep critical infrastructure (fridge) on separate subnets that are firewalled off, and real computers on open subnets.
BTW, nice perspective quote from rfc4864:
"At full-rate full-duplex 40 Gbps (400 times the typical 100
Mbps LAN, and 13,000 times the typical DSL/cable access link), it
takes over 5,000 years to scan the entirety of a single 64-bit
As far as I've heard, the current IPv6 providers are divided on this issue. Some give their customers stateful firewall by default, others offer but don't enable by default. RFC6092 suggest that it's OK to have the CPE firewall default off/transparent.