ipv6 problem

Bill Davidsen davidsen at tmr.com
Thu Jul 5 02:15:51 UTC 2012 

Mike Wright wrote:
> Hi all,
>
> Anybody need a good laugh at somebody else's expense?
>
> I screwed up a dns address and pointed it to China (1.something) instead of
> unrouteable (10.something).  A very *short* time later I was suddenly some sort
> of server for whomever in the world was looking for .CN, much of which was ipv6
> advertisements, and to add insult to injury I found that I was trying resolve them.
>
> Since this had become a major bandwidth consumer and no doubt confused a lot of
> routers around the world I'm pretty sure both the US spies and their CN
> counterparts got their eyes onto me.  Panicked laughter here :/
>
> In my desperate attempts to track down the source of the problem I started to
> tear down anything ipv6.  Seems I've have managed to do so quite well.
>
> I have 4 machines that won't speak ipv6.  modprobe ipv6 works on each of them,
> lsmod shows that they all have the ipv6 module installed.
>
> Using iproute2:  "ip addr list"  shows only "inet" addresses but no "inet6"
> addresses.  Any attempt to "ip addr add dev ethX ipv6-addr" returns a
> "permission denied" regardless of user.
>
> I don't remember any ON/OFF switch for ipv6.  (CRS)
>
> Does anybody out there have any idea how to bring IPv6 back to life on these
> machines or perhaps any insight into just what the resident idiot may have done?
>
> Thanks, Mike Wright (befuddled)

I've been doing a lot of IPv6 stuff and am happy to say I haven't seen that. 
However, I would suggest taking a long look at your firewall with either a 
firewall tool or ip6tables. After that use tcpdump to capture packets at a NIC, 
bridge, or gateway as you find best, and look at what is coming in and going 
out, or not going out. The method is to find the packets, then look for them at 
the next place you expect them to be, until you find the problem.

I presume you have a firewall of some kind for IPv6, that's where you set the 
INPUT first rule to DROP. That's a pretty good off switch. If you're throwing 
all your systems directly on the net without a firewall, I have no easy OFF switch.

-- 
Bill Davidsen <davidsen at tmr.com>
   "We have more to fear from the bungling of the incompetent than from
the machinations of the wicked."  - from Slashdot

More information about the users mailing list