turning off IPv6

Christofer C. Bell christofer.c.bell at gmail.com
Thu Jul 6 13:59:56 UTC 2006 

Alexander, system security administration is always a balancing act
between system security and user convenience.  The IPv6 stack has been
part of the Linux kernel for nearly 6 years now (and possibly
longer)[1] and yet no one has managed to find a security problem with
it (at least that I've heard of).

The user convenience gains from a distribution maintainer perspective
through the inclusion of IPV6 is that *every* user (and that includes
academia where IPv6 *is* used) is able to simply install their machine
and it Just Works(tm) (also a tenant of Ubuntu).  They do not have to
compile anything to enable remote access to httpd, they do not have to
compile anything to get their machine to talk to an IPv6 network.
They put in the CD, they click "Ok" or "Next" a few times, and it Just
Works(tm).

The security trade-off is that there may be an issue in whatever
software is enabled.  I do not believe (and you've not said anything
to convince me) that there are any security issues worth worrying
about in the Linux IPv6 code any more than there are security issues
worth worrying about in the IPv4 code.  At sites where IPv6 is used,
they don't have a lot of choice in the matter, IPv6 has to be there.
At sites where it is not used, where the network itself doesn't
support it, it's not routable and therefore cannot be used to remotely
exploit a system (and that's assuming there exists this theoretical
security problem with it).

If you want to continue to take the position that having IPv6 enabled
makes your systems vulnerable to attack, then feel free to act on that
and disable it on your machines.  I will continue to take the position
that it's of no concern whatsoever and you're free to laugh at me
if/when my machines are broken into via the IPv6 protocol stack.  Just
don't hold your breath waiting for it to happen.

[1] http://www.linux-ipv6.org/linux-test-en/

-- 
Chris

"I trust the Democrats to take away my money, which I can afford.  I
trust the Republicans to take away my freedom, which I cannot."

More information about the ubuntu-users mailing list