[ipv6hackers] IPv6 security presentation at Hack.lu 2011

[Owen DeLong]

On Sep 29, 2011, at 6:49 PM, fred wrote:

> Ok, I get it but I never found any way to set your stack to ignore the IP
> REDIRECT. I never look for a way to do it to be honest.
> 
> Maybe it is something you can do by setting a variable and building a new
> kernel in UNIX/Linux ?

It's a sysctl variable that you can change on the fly if you want to. No need
to recompile.

> On MAC OS X a variable and build a new kernel as well ?
> 

Not sure. MacOS X is BSD based, so, it's probably a similar sysctl mechanism.

> Maybe a registry in Windows let you do this ?
> 

That would be my best guess, or, it might be under netsh. Not sure.
It may even be impossible in Windoze, I honestly don't know.

> I have never in my life found any IT people doing such setting on any
> Workstation or servers. But it is a long time I am not working with IT
> people who configure everything...
> 

I believe it is fairly common among those paranoid to worry about any of the
rather minute issues we've been discussing here. Most of the real world of
IT actually flat out ignores security on the LAN for the most part, so, you are
right that people who do anything about it at all are kind of rare. That was
my primary point, actually.

> So I did not know it was something which could be set easily and was done
> by everybody in the field so it was not an open issue for IPV4!
> 

I wasn't saying it wasn't an issue, but, it's an issue of education/application whereas
the equivalent problem in IPv6 is an issue of inability.

Owen