Disable IPv6 by default.
John Reiser
jreiser at BitWagon.com
Thu Sep 13 16:43:13 UTC 2007
Dennis Gilmore wrote:
> On Thursday 13 September 2007 10:01:25 am Jóhann B. Guðmundsson wrote:
>
>>John Reiser wrote:
>>
>>>>I use ipv6 daily. why should i go through extra steps when having both
>>>>enabled does not hurt people with ipv4 only connections?
>>>
>>>Perhaps you've heard of the recommended policy "turn off all unused
>>>services"? Enabling IPv6 wastes RAM (several dozen pages) and is a
>>>security risk when the only connections used are IPv4.
>>>
>>>Just publicize the easy OFF switch:
>>>----- /etc/modprobe.conf
>>>alias net-pf-10 off
>>>-----
> Please provide proof of your claims. where is the security risk?
*ALL* code that is not necessary for intended operation is a security risk.
Code in the operating system kernel (including modules) is particularly risky
because in general it has few restrictions on its access to all devices.
"Turn off all unused services" is the *FIRST* item on most security checklists.
IPv6 service currently is not available to the vast majority of
residential DSL and cable customers in the US.
Just publicize the "alias net-pf-10 off".
--
More information about the fedora-devel-list
mailing list