Re: disabling ipv6 kernel module
Sorry, forgot to send it to the list, my fault. btb schrieb: On Nov 18, 2004, at 14.22, Jörg Harmuth wrote: Hi Ben, what is the proper approach to achieving this? I don't know what the proper approach is, but if everything works correctly without ipv6 (I had problem without ipv6 some time ago, but I can't really recall what was up there) why not compile a kernel without ipv6 support ? This defenitely works, if it is a possibility at all. And it gives you the chance to remove more things you don't need from your kernel. Have a nice time Joerg hi joerg- thanks for replying. i did start down that road a bit - and found out i am not yet comfortable enough with that process to trust myself (very very new to debian). besides, isn't the idea of loading and unloading (or not loading) modules that you don't have to recompile your kernel for this type of thing? -ben Hi Ben, yes and no in my opinion. It is convenient to be able to disable kernel features at load time (and of course rub´n-time). But they still exist and an successful attacker could exploid one or more of them. For me the better choice is to _realy_ disable them (those I don't need) in the kernel configuration. If it's not there - what can you do with it ? If you have never done kernel configuration it is hard work. I mean understanding all the things you should know for this. But in Debian there is a convenient way to do this (it is said to be convenient, but I never tried it - sorry, I don't even know the name of the package :( Hey list, can you help ?) But in my opinion it's worth while. It serves a lot of purposes. Have a nice time Joerg -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: disabling ipv6 kernel module
On Thu, 2004-11-18 at 21:56 +0100, Jörg Harmuth wrote: btb schrieb: On Nov 18, 2004, at 14.22, Jörg Harmuth wrote: Hi Ben, what is the proper approach to achieving this? I don't know what the proper approach is, but if everything works correctly without ipv6 (I had problem without ipv6 some time ago, but I can't really recall what was up there) why not compile a kernel without ipv6 support ? This defenitely works, if it is a possibility at all. And it gives you the chance to remove more things you don't need from your kernel. Have a nice time Joerg hi joerg- thanks for replying. i did start down that road a bit - and found out i am not yet comfortable enough with that process to trust myself (very very new to debian). besides, isn't the idea of loading and unloading (or not loading) modules that you don't have to recompile your kernel for this type of thing? -ben Hi Ben, yes and no in my opinion. It is convenient to be able to disable kernel features at load time (and of course rub´n-time). But they still exist and an successful attacker could exploid one or more of them. For me the better choice is to _realy_ disable them (those I don't need) in the kernel configuration. If it's not there - what can you do with it ? If you have never done kernel configuration it is hard work. I mean understanding all the things you should know for this. But in Debian there is a convenient way to do this (it is said to be convenient, but I never tried it - sorry, I don't even know the name of the package :( Hey list, can you help ?) But in my opinion it's worth while. It serves a lot of purposes. I just let everything go. IPv6 is one of those troublesome modules. I just delete all the ipv6 modules (clearly there are other alternatives) and it works for me, I get 2 error messages during boot caused by them being gone. Not really a problem though. As it was deliberate. -- greg, [EMAIL PROTECTED] The technology that is Stronger, better, faster: Linux signature.asc Description: This is a digitally signed message part
Re: disabling ipv6 kernel module
Jörg Harmuth wrote: Sorry, forgot to send it to the list, my fault. btb schrieb: On Nov 18, 2004, at 14.22, Jörg Harmuth wrote: Hi Ben, what is the proper approach to achieving this? I don't know what the proper approach is, but if everything works correctly without ipv6 (I had problem without ipv6 some time ago, but I can't really recall what was up there) why not compile a kernel without ipv6 support ? This defenitely works, if it is a possibility at all. And it gives you the chance to remove more things you don't need from your kernel. Have a nice time Joerg hi joerg- thanks for replying. i did start down that road a bit - and found out i am not yet comfortable enough with that process to trust myself (very very new to debian). besides, isn't the idea of loading and unloading (or not loading) modules that you don't have to recompile your kernel for this type of thing? -ben Hi Ben, yes and no in my opinion. It is convenient to be able to disable kernel features at load time (and of course rub´n-time). But they still exist and an successful attacker could exploid one or more of them. For me the better choice is to _realy_ disable them (those I don't need) in the kernel configuration. If it's not there - what can you do with it ? If you have never done kernel configuration it is hard work. I mean understanding all the things you should know for this. But in Debian there is a convenient way to do this (it is said to be convenient, but I never tried it - sorry, I don't even know the name of the package :( Hey list, can you help ?) But in my opinion it's worth while. It serves a lot of purposes. make-kpkg is what you are looking for. Install the package kernel-package and do a man make-kpkg. Should get you started. Jason -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: disabling ipv6 kernel module
Hello:- I have ipv6 and net-pf-10 disabled in /etc/modules.conf, deleted the ipv6 module from /lib/modules and rebooted to unload the module. HOWEVER, some programs (telnet, ssh) still look for records in DNS and only when this fails look for A records. This slows everything down. How can I disable the lookup? Walter -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]