[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Test Debian : IPv6 pitfalls ?

Hash: SHA1

Am Mo den  6. Okt 2008 um  8:21 schrieb Franklin PIAT:
> > It's something you may not have power on (if your netadmin or ISP
> > decides to enable IPv6, it's their choice, not yours. You can
> > *disable* it but, it's enabled by default anyway (thanksfully))
> I my mind "enabling IPv6" include ISP and router reconfiguration.
> So the "risk" questions are :
> - Can a service become unavailable because of IPv6 ? (including
>   side-effects, or remote sites that have broken IPv6 configuration,
>   causing unavailability).
> - How long and how difficult is to recover the situation ?
> - Network security (no NAT, so inner systems are exposed by default)

In the past I find it on many systems that the user (admin(?)) did has a
proper ipv4 iptables set with strict settings but enabled ipv6 (cause
the distribution comes with enabled ipv6) which is world open. All
services per default are listening on ipv6 too.

Sure that is a incompetent admin. But keep in mind that most of them are
that incompetent. (Sorry telling it that clear.)

So it IS a security problem having ipv6 enabled by default. And it is a
big security issue!

But also if you are aware of the ipv6 problem it takes time to disable
it. I think that the persons who really want to use ipv6 are (and
should) be competent enough to enable and configure it propper.

> The second point is especially true for people that do simple web/mail
> hosting. Messing-up DNS can take time to recover.

Yes. And there are still applications which cannot handle the wide IPs
from ipv6.

> Anybody aware of bad end-user IPv6 experience ?

There are many!! In fact I only know one person who know enough about
ipv6 and the pitfalls to use it.

> Anybody feels like improving IPv6 wiki page[1] to explain those pitfalls
> (if any) ?

Better explain the points which are no pitfalls. This list might be
smaller. :-)

   Klaus Ethgen
- -- 
Klaus Ethgen                            http://www.ethgen.de/
pub  2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <Klaus@Ethgen.de>
Fingerprint: D7 67 71 C4 99 A6 D4 FE  EA 40 30 57 3C 88 26 2B
Version: GnuPG v1.4.6 (GNU/Linux)


Reply to: