Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I disable ipv6 on my network, way too many security exploits!


Such as?


Firewall misconfigurations, mostly. It's way harder to keep firewall up to date when you have to worry about two independent stacks.


I don't have vulnerability ids.

What made me disable it was some issue in Linux network stack, with ipv6 broadcast, on by default, exploitable to root execution.

For me it is yet another complex service that I do not need, and that should not be exposed to network. Ipv4 network stack code is far smaller, simpler and way more tested over decades!




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: