From owner-freebsd-security  Tue Feb 20 17: 9:32 2001
Delivered-To: freebsd-security@freebsd.org
Received: from sonar.noops.org (adsl-63-195-97-84.dsl.snfc21.pacbell.net [63.195.97.84])
	by hub.freebsd.org (Postfix) with ESMTP id B964537B491
	for <security@FreeBSD.ORG>; Tue, 20 Feb 2001 17:09:28 -0800 (PST)
	(envelope-from tcannon@noops.org)
Received: from localhost (tcannon@localhost)
	by sonar.noops.org (8.9.3/8.9.3) with ESMTP id RAA08268;
	Tue, 20 Feb 2001 17:09:43 -0800 (PST)
	(envelope-from tcannon@noops.org)
X-Authentication-Warning: sonar.noops.org: tcannon owned process doing -bs
Date: Tue, 20 Feb 2001 17:09:43 -0800 (PST)
From: Thomas Cannon <tcannon@noops.org>
To: "Geoffrey T. Falk" <gtf@cirp.org>
Cc: security@FreeBSD.ORG
Subject: Re: IPv6 risk with ssh?
In-Reply-To: <200102210101.SAA38561@h-209-91-79-2.gen.cadvision.com>
Message-ID: <Pine.BSF.4.21.0102201706480.7979-100000@sonar.noops.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> I'd prefer to disable/block all IPv6 for now if possible. How can
> I be assured that this is the case? I am currently running ipfw with
> a default deny rule.

As I don't use ipv6 for anything, I like to take it out of my kernel, and
have been doing that by removing the "option INET6" from my kernel config,
and removing the ipv6-specific devices, too. Seems to work, but again, may
not be the best possible way of doing it.

Cheers,

Thomas

Richard Feynman was a hacker; read any of his books.
			-Bruce Schneier


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message