[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian 11: How to disable IPv6

On 7/11/22, rhkramer  wrote:
>
> From the peanut gallery: I disabled IPv6 quite some time ago.  I don't
> recall how I did it, but I might have that information in my notes, somewhere.
>
> The reason that I disabled it (which might not be totally logical) is that
> in IPv4, I have always had my computers (and LAN) behind a NAT device.

A NAT device does not necessarily act like a stateful firewall.

Years ago I ran a TOR middle node ... and noticed someone scanning my
internal network!!  Turns out they were using loose source routing to
get around NAT:
  https://en.wikipedia.org/wiki/Loose_Source_Routing
    Loose Source Routing is an IP option which can be used for address
translation.

My cable modem was quite willing to forward packets addressed to the
publicly addressable outside IP address of the box to my internal LAN
with the RFC-1918 address space .. that I thought was unreachable from
the public Internet because NAT :(

So lesson learned - get a firewall or router that will drop packets
that have IP options set.

Regards,
Lee
Reply to: