Date: Tue, 20 Feb 2001 20:40:47 -0500 From: "Peter C. Lai" <sirmoo@cowbert.2y.net> To: "Thomas Cannon" <tcannon@noops.org>, "Geoffrey T. Falk" <gtf@cirp.org> Cc: <security@FreeBSD.ORG> Subject: Re: IPv6 risk with ssh? Message-ID: <000d01c09ba7$50558700$1e9e6389@137.99.156.23> References: <Pine.BSF.4.21.0102201706480.7979-100000@sonar.noops.org>
next in thread | previous in thread | raw e-mail | index | archive | help
you can also disable ipv6 by specifying in /etc/rc.conf ipv6_enable="NO" iirc ssh's ipv46 is ipv6 translation to ipv4 via the faith device. can someone comment on this? (i could be wrong). aren't we supposed to start switching to IPV6 anyway? personally, I would like to do all my freebsd-to-freebsd ssh'ing via ipv6, but i haven't had time to fool around with registering ipv6 addresses with DNS servers yet (and typing in/memorizing ipv4 IPs is a lot easier than ipv6 IPs :). furthermore, i don't know of any attacks that have used ipv6 protocols since not every router supports it yet. In this case, security through obscurity is ok maybe? ----- Original Message ----- From: "Thomas Cannon" <tcannon@noops.org> To: "Geoffrey T. Falk" <gtf@cirp.org> Cc: <security@FreeBSD.ORG> Sent: Tuesday, February 20, 2001 8:09 PM Subject: Re: IPv6 risk with ssh? > > I'd prefer to disable/block all IPv6 for now if possible. How can > > I be assured that this is the case? I am currently running ipfw with > > a default deny rule. > > As I don't use ipv6 for anything, I like to take it out of my kernel, and > have been doing that by removing the "option INET6" from my kernel config, > and removing the ipv6-specific devices, too. Seems to work, but again, may > not be the best possible way of doing it. > > Cheers, > > Thomas > > Richard Feynman was a hacker; read any of his books. > -Bruce Schneier > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000d01c09ba7$50558700$1e9e6389>