[ARMedslack] IPv6 Default behaviour
Robby Workman
robby at rlworkman.net
Thu Jun 27 01:05:41 UTC 2013
On Wed, 26 Jun 2013 20:34:39 -0400 (EDT)
dowelld at netscape.net wrote:
> Has anyone got any idea about how to trun of the default behaviour of
> having every interface automatically assigned an IPv6 address when it
> comes up?
>
> So far I've hunted around and around the interwebs, and pushed "0"
> into all sorts of files in /proc/sys/net/ipv6/conf/*/* all to no
> avail. The moment I bring an interface up an inet6 LLA address is
> automatically assigned to it.
>
> I'm starting to wonder if Linux is an OS I really want to have
> anywhere near a computer of mine when it seems the designers of it
> decided it'd be a good idea to (by default) automatically open up a
> connectable address on every single nertwork interface, of every
> single device, without any consideration for whether an interface was
> protected or not.
>
> I mean I've seen many utterly ridiculous decisions in my time in this
> industry, but I never thought I'd see one which left nearly every
> single linux system (all those where ip6tables hasn't been explicitly
> invoked anyway) vulnerable to attack (even if only from another
> system on the local network). Utter madness, with seemingly no way to
> disable it.
>
> Any ideas/suggestions welcomed.
If they're just link local addresses, they're not connectable at
all from outside. Re the decisions, it's not linux - it's how
ipv6 works: http://www.openwall.com/presentations/IPv6/
-RW
More information about the ARMedslack
mailing list