re: the attack surface, I will say that I see such a tiny fraction of probe attempts and common exploit scripts hitting V6 spaces that I open some services on V6 only.
At my house I've had SSH open to the V6 internet for 8 years and have the logger set up to email me for any connections, and I have never once seen an attempt that wasn't me. For popular sites with well known DNS names that's obviously different, but I keep DNS current and can SSH by name to that V6 listener from anywhere so it's not my ISP trying to save me from myself either. And that's not even a host with the normal automatic temporary addresses, it's been a fixed interface id portion with an effectively static V6 prefix for years.
For a while I had several other services open as well, at one point we even played around with using NFS and iSCSI over IPv6 on the internet just for giggles, no actual important data. I can imagine some sysadmin's face twisting in horror just reading that knowing the carnage that would have ensued doing that with V4, where we commonly drop entire geo-blocks just to curtail the log spam of all the various automatic admin portal and VPN login scans.
There are of course techniques to gather live V6 addresses but between the vast space and temporary addresses on most end-user devices it really has been a night and day difference.
At my house I've had SSH open to the V6 internet for 8 years and have the logger set up to email me for any connections, and I have never once seen an attempt that wasn't me. For popular sites with well known DNS names that's obviously different, but I keep DNS current and can SSH by name to that V6 listener from anywhere so it's not my ISP trying to save me from myself either. And that's not even a host with the normal automatic temporary addresses, it's been a fixed interface id portion with an effectively static V6 prefix for years.
For a while I had several other services open as well, at one point we even played around with using NFS and iSCSI over IPv6 on the internet just for giggles, no actual important data. I can imagine some sysadmin's face twisting in horror just reading that knowing the carnage that would have ensued doing that with V4, where we commonly drop entire geo-blocks just to curtail the log spam of all the various automatic admin portal and VPN login scans.
There are of course techniques to gather live V6 addresses but between the vast space and temporary addresses on most end-user devices it really has been a night and day difference.