[ipv6hackers] IPv6 security presentation at Hack.lu 2011

fred fred at fredbovy.com
Sat Oct 1 07:52:34 CEST 2011

Hi Markus,

Thanks a lot for your detailed response!
It will help me a lot for my job and I am going to include this in my
"Best Practice" recommendations for ISPs.

Have a beautiful day!

Fred Bovy
fred at fredbovy.com
Skype: fredericbovy
Mobile: +33676198206
Twitter: http://twitter.com/#!/FredBovy
Blog: http://fredbovyipv6.blogspot.com/
ccie #3013

Le 30/09/2011 11:51, « Markus Reschke » <madires at theca-tabellaria.de> a
écrit :

>On Fri, 30 Sep 2011, fred wrote:
>Hi Fred!
>> Maybe it is something you can do by setting a variable and building a
>> kernel in UNIX/Linux ?
>For linux just add following to sysctl.conf:
>> I have never in my life found any IT people doing such setting on any
>> Workstation or servers. But it is a long time I am not working with IT
>> people who configure everything...
>We (ISP) did it on every router and server (if supported) already in
>the 90s. Also disabled source routing, directed broadcast and so on.
>> So I did not know it was something which could be set easily and was
>> by everybody in the field so it was not an open issue for IPV4!
>When the commercial internet lifted off, most ISPs had low speed leased
>lines, especially across the Atlantic. It was easy to utilize the line's
>full capacity by sending an echo request to a broadcast address at one
>side and spoofing the source IP address to be another broadcast address
>the other side. And inside a LAN such a simple attack could cause also
>havoc. It was essential to apply basic security measures to survive :-)
>What really bothers me regarding IPv6 is that there was more than enough
>time for vendors to implement it and for all to assess and fix security
>problems, but we are doing it just now as we are forced to IPv6. Soon
>there will be IPv6-only services and the mass market has to provide IPv6
>too all users. It's going to be a nightmare - unfinished design and
>Best regrads,
>  Markus
>/ Markus Reschke \ / madires at theca-tabellaria.de \ / FidoNet 2:244/1661 \
>\                / \                             / \                    /
>Ipv6hackers mailing list
>Ipv6hackers at lists.si6networks.com

More information about the Ipv6hackers mailing list