mOSL icon indicating copy to clipboard operation
mOSL copied to clipboard

Published 20 hours ago verified publisher icon 0xmachos

Question: disable IPv6

Open JayBrown opened this issue 6 years ago • 8 comments

Quick question: does disabling IPv6 cause any problems? macOS does create IPv6 tunnels to Apple for iCloud, FindMyMac etc.

JayBrown avatar Jan 25 '19 12:01 JayBrown

@JayBrown I have no idea. Anecdotally I have experienced no issues running with IPv6 disabled however that's far from conclusive.

A quick Google on IPv6 tunnels, I have no experience or knowledge of IPv6, says that IPv6 tunnels route IPv6 packers via IPv4 infrastructure. I assume that's used as my ISP doesn't support IPv6 and internally I've disabled IPv6 on our network infrastructure and have experienced no issues.

Some background on why I chose to disable IPv6.

I've heard and read that IPv6 stacks aren't as mature as IPv4. The implication being IPv6 stacks are more likely to have vulnerabilities than their IPv4 counterparts. How accurate that is, I'm not sure (I'd love to hear opinions and see evidence for/ against) which brings me to my second point. If you're not using it, turn it off.

0xmachos avatar Jan 25 '19 13:01 0xmachos

Every enterprise environment I've dealt with I have had to disable IPv6. I don't know the specifics but there was some sort of conflict with old Cisco networking equipment they were using.

mistacabbage avatar Jan 25 '19 13:01 mistacabbage

You can't reach my raspberry pi. (it has only a IPv6 address)

thomasschaeferm avatar Jan 25 '19 16:01 thomasschaeferm

Input from a friend:

I’d advise against disabling it tbh. Anycast 6-to-4 is a thing of the past (automatic tunnels) and happy eyeballs prevents most fuckery.

0xmachos avatar Jan 31 '19 18:01 0xmachos

I've re posted this question to twitter and was immediately tweeted at by this bot...

0xmachos avatar Feb 12 '19 11:02 0xmachos

The bot is right.

thomasschaeferm avatar Feb 12 '19 15:02 thomasschaeferm

When IPv6 stops causing issues for me or I am unable to contact an important site, I’ll turn it back on, but not before. I would hope that a couple of long standing vulnerabilities are finally put to bed by then.

Sent from my iPad

-Al-

On Feb 12, 2019, at 07:50, Thomas Schäfer [email protected] wrote:

The bot is right.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

alvarnell avatar Feb 13 '19 07:02 alvarnell

IPv6 is problematic (OMG no NAT??). But with the state of today's quasic-DNS, "next-gen firewalls", "captive networks" (we used to it an MITM&BE attack when decrypting/reencryping public-private key encryption was transparently possible... now its... um, Security. Trust it.), add the general strangeness of partially non-routable public IPv4 addresses, and: there's nothing better or worse in IPv6 than IPv4.

It's just literally, a lot. That's all.

geoff-nixon avatar Jul 10 '20 02:07 geoff-nixon