SixXS::Sunset 2017-06-06

Security of IPv6 on routers with aiccu/radvd (Fritz)
[it] Shadow Hawkins on Tuesday, 31 May 2011 00:38:47
I applied a modified firmware on my FritzBox 7170 with IPv6 kernel, aiccu client and radvd daemon, and now with my sixxs tunnel and subnet i am able to connect with IPv6, which i am currently using to access this website. but what about security? am I giving access to everybody on the ipv6 access to my inside network? I tried ping6ing my machine (in the subnet) and i can reach an open port, which is expected, my Windows machine Firewall *should* protect me (i hope ;) I tried pinging the internet router config pages but the ping was unsuccessful, i tried this by pinging the tunnel ip, then the main subnet ip, is my router filtering automatically the incoming packets? my router is connecting first by running aiccu then with radvd, which ipv6 is it using?
Security of IPv6 on routers with aiccu/radvd (Fritz)
[cz] Carmen Sandiego on Saturday, 25 June 2011 08:24:39
my router is connecting first by running aiccu then with radvd, which ipv6 is it using?
You router is connected with ipv6 tunnel configured by aiccu, then radvd is announcing your ipv6 prefix to your LAN. Yes, your network, running public routable addresses, becomes exposed to internet. It's the same as if you connected your PC directly to ISP's cable. Now it's a matter of firewalls to protect you - personal FW on PC or statefull FW on router. If you firmware has ip6tables on Fritz - you can setup simple wall with couple of rules:
-A FORWARD -o eth0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A FORWARD -o eth0 -j DROP
assuming your LAN is connected to eth0 - i.e. allow only inbound traffic initiated from inside, dropping everything else.

Please note Posting is only allowed when you are logged in.

Static Sunset Edition of SixXS
©2001-2017 SixXS - IPv6 Deployment & Tunnel Broker