Sorry, forgot to send it to the list, my fault.
btb schrieb:
On Nov 18, 2004, at 14.22, Jörg Harmuth wrote:
Hi Ben,
what is the proper approach to achieving this?
I don't know what the proper approach is, but if everything works
correctly without ipv6 (I had problem without ipv6 some time ago,
but I can't really recall what was up there) why not compile a
kernel without ipv6 support ? This defenitely works, if it is a
possibility at all. And it gives you the chance to remove more
things you don't need from your kernel.
Have a nice time
Joerg
hi joerg-
thanks for replying.
i did start down that road a bit - and found out i am not yet
comfortable enough with that process to trust myself (very very new
to debian). besides, isn't the idea of loading and unloading (or not
loading) modules that you don't have to recompile your kernel for
this type of thing?
-ben
Hi Ben,
yes and no in my opinion. It is convenient to be able to disable kernel
features at load time (and of course rub´n-time). But they still exist
and an successful attacker could exploid one or more of them. For me
the better choice is to _realy_ disable them (those I don't need) in the
kernel configuration. If it's not there - what can you do with it ?
If you have never done kernel configuration it is hard work. I mean
understanding all the things you should know for this. But in Debian
there is a convenient way to do this (it is said to be convenient, but I
never tried it - sorry, I don't even know the name of the package :(
Hey list, can you help ?) But in my opinion it's worth while. It serves
a lot of purposes.