[ipv6hackers] IPv6 security presentation at Hack.lu 2011

[fred]

Ok it is clear!

But for me if it was not possible to configure it so easily it would be an
issue!

Thanks
Fred

 




Le 30/09/2011 03:59, « Owen DeLong » <owend at he.net> a écrit :

>
>On Sep 29, 2011, at 6:49 PM, fred wrote:
>
>> Ok, I get it but I never found any way to set your stack to ignore the
>>IP
>> REDIRECT. I never look for a way to do it to be honest.
>> 
>> Maybe it is something you can do by setting a variable and building a
>>new
>> kernel in UNIX/Linux ?
>
>It's a sysctl variable that you can change on the fly if you want to. No
>need
>to recompile.
>
>> On MAC OS X a variable and build a new kernel as well ?
>> 
>
>Not sure. MacOS X is BSD based, so, it's probably a similar sysctl
>mechanism.
>
>> Maybe a registry in Windows let you do this ?
>> 
>
>That would be my best guess, or, it might be under netsh. Not sure.
>It may even be impossible in Windoze, I honestly don't know.
>
>> I have never in my life found any IT people doing such setting on any
>> Workstation or servers. But it is a long time I am not working with IT
>> people who configure everything...
>> 
>
>I believe it is fairly common among those paranoid to worry about any of
>the
>rather minute issues we've been discussing here. Most of the real world of
>IT actually flat out ignores security on the LAN for the most part, so,
>you are
>right that people who do anything about it at all are kind of rare. That
>was
>my primary point, actually.
>
>> So I did not know it was something which could be set easily and was
>>done
>> by everybody in the field so it was not an open issue for IPV4!
>> 
>
>I wasn't saying it wasn't an issue, but, it's an issue of
>education/application whereas
>the equivalent problem in IPv6 is an issue of inability.
>
>Owen
>
>_______________________________________________
>Ipv6hackers mailing list
>Ipv6hackers at lists.si6networks.com
>http://lists.si6networks.com/listinfo/ipv6hackers