-----Original Message----- From: users-bounces@xxxxxxxxxxxxxxxxxxxxxxx [mailto:users-bounces@xxxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Fernando Lozano Sent: Tuesday, July 09, 2013 8:28 PM To: Community support for Fedora users Cc: Tim Subject: Re: Disabling ipv6 Hi, > On Tue, 2013-07-09 at 10:58 +0200, J.Witvliet@xxxxxxxxx wrote: >> Once in a while I see people suggesting the disabling of IPv6 to cope >> with some issue. >> >> My I _kindly_ ask not to do that anymore? >> Even though such trick might take away the symptoms for you and me, it >> is a technical overkill and only tackles the symptoms. > In my case, I have a completely IPv4 network, and a complete > impossibility to do IPv6 over the internet (I'd need an IP6 to 4 proxy > *OUTSIDE* of my ISP). So... > > Somtimes we techinicians give advice based on an ideal world. :-) But on the real world disabling IPv6 everywhere is the *right* thing to do for many companies. if you don't have the need, don't have the knowledge and your hardware/software doesn't support it well, IPv6 is not only overhead with no added value but also may present a significant security risk. Just like you should disable any system service (specially network services) that you don't need to reduce a hacker attack surface on your network and servers. -----Original Message----- Hi Fernando, I completely agree that one should minimize any attack surface, no doubt about that! And if you (!) don't want to use v6, fine. But when you write "But on the real world disabling IPv6 everywhere is the right thing to do" I strongly disagree. There might okay for you, but at least in the apnic/ripe area the RIR's has run out, and providers can only obtain _once_ a final block of addresses. And, as I said, signals start to come from people ONLY getting an V6 address from their providers. But even in the ARIN-area (years to go from depletion), USA-administration indicates that any peers/suppliers must be able to handle V6. Hence my plea just to think twice before advising to disable v6 altogether. In certain circumstances it might alleviate some symptoms, but the cure should be somewhere else, not? Hw ______________________________________________________________________ Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het electronisch verzenden van berichten. This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
