Disabling ipv6
Fernando Lozano
fernando at lozano.eti.br
Fri Jul 12 16:01:03 UTC 2013
Hi,
I took me time to recover this one, another more techinical content
about IPv6 security:
http://w3.antd.nist.gov/iip_pubs/Montgomery-ipv6-security-findings.doc
[]s, Fernando Lozano
> Hi,
>>> You keep talking about IPv6 security risks (over IPv4), but haven't
>>> cited any.
>> While I don't know of security risks of IPv6, itself, there is this:
> If you follow IPv6 on the net you should have found lots of articles
> about this, and how it affects specially home users and SMBs. Here are
> some introductory links:
>
> http://thepcsecurity.com/ipv6-security-issues-concerns-transition/
> http://searchsecurity.techtarget.com/tip/Analysis-Vast-IPv6-address-space-actually-enables-IPv6-attacks
>
> http://searchsecurity.techtarget.com/tip/IPv6-myths-Debunking-misconceptions-regarding-IPv6-security-features
>
>
> Most vendors and ISPs won't talk about his -- IPv6 is a selling point
> -- but here's buried inside an AT&T white paper:
>
> http://www.webtorials.com/main/resource/papers/att/paper28/IPv6_impact_network.pdf
>
>
> "According to the National Institute of Standards and Technology (NIST):
> Prevention of unauthorized access to IPv6 networks will likely be
> more difficult in the early years of IPv6 deployments. IPv6 adds more
> components to be filtered than IPv4, such as extension headers,
> multicast addressing, and increased use of ICMP. These extended
> capabilities of IPv6, as well as the possibility of an IPv6 host
> having a number of global IPv6 addresses, potentially provides an
> environment that will make network-level access easier for attackers
> due to improper deployment of IPv6 access controls. Moreover,
> security related tools and accepted best practices have been slow
> to accommodate IPv6. Either these items do not exist or have not
> been stress tested in an IPv6 environment"
>
> For more techinical content, you can visit
>
> http://www.gont.com.ar/
>
> which is Fernando Gont home page (author of some IETF RFCs), and see
> theslides at
>
> http://www.si6networks.com/presentations/ipv6kongress/mhfg-ipv6-kongress-ipv6-security-assessment.pdf
>
>
>
>> How is your firewall set up?
> That's not the question. I am an experienced sysadmin and networking
> expert, I know where to search for information and what to look for.
> But today most computer users, not just Fedora users, do not have this
> expertise and won't spend enough time researching. They expect to get
> minimally secure default from vendors and open source projects.
> something most DO NOT provide currenty, regarding IPv6. :-(
>
> The fact is: today, even most experienced network admins do not know
> enough about IPv6 security. Most ones I talked to still believe "IPv6
> is more secure by design" which it isn't.
>
>
> []s, Fernando Lozano
>
More information about the users
mailing list