Linux networking tip: if your box is on a fixed network, always set net.ipv6.conf.forwarding=1. "Forwarding" is a misnomer; it means "is not a dynamic host" and is needed to suppress ability for malicious peers on lan to reconfigure your interfaces & routing.
-
-
Replying to @RichFelker
If your box is on a fixed ipv4 network you need to tweak an ipv6 setting?
1 reply 0 retweets 0 likes -
Replying to @landley @RichFelker
IPv6 has weird autoconfig stuff. Without that setting, a malicious host on the network could pretend to be an autoconfig router and get you an IPv6 network ANYWAYS. So it's perhaps more important there.
1 reply 0 retweets 0 likes -
Replying to @pikhq @RichFelker
Is this a bigger exploit than somebody pretending to be a dhcp server?
1 reply 0 retweets 0 likes -
Replying to @landley @RichFelker
I'm pretty sure it's more-or-less identical, except with the assumption a DHCP server is running, and that it's something you're less likely to expect.
2 replies 0 retweets 0 likes
Yes, it's equivalent to the issues of a malicious DHCP server. But that only affects you if you're running a DHCP client; OTOH the kernel runs an IPv6 stateless autoconf client unless you explicitly turn it off via the above.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.