IMO it's much easier to disable one rogue than to disable IPv6 on the whole network. That is if you can find it, but with some proper tcpdumping and/or CLI commands (depending on the switches that you have) it should be relatively easy.
Not to mention that, as pointed by others, this provides a wonderful opportunity to look into this new (*grin*) protocol. Cheers! ~Carlos On 4/16/12 9:32 PM, Arturo Servin wrote: > Anurag, > > You have a rogue RA in your network. Now is just an annoying DoS, but > it can easily be turned in a real security concern. > > I suggest to either deploy properly IPv6 or disable it. I am more on > the former, but it is your choice. > > Regards > -as > > On 16 Apr 2012, at 15:09, Anurag Bhatia wrote: > >> Hello everyone >> >> >> >> Just got a awfully crazy issue. I heard from our support team about failure >> of whois during domain registration. Initially I thought of port 43 TCP >> block or something but found it was all ok. Later when ran whois manually >> on server via terminal it failed. Found problem that server was connecting >> to whois server - whois.verisign-grs.com. I was stunned! Server got IPv6 >> and not just that one - almost all. This was scary - partial IPv6 setup and >> it was breaking things. >> >> In routing tables, routes were all going to a router which I recently setup >> for testing. That router and other servers are under same switch but by no >> means I ever configured that router as default gateway for IPv6. I found >> option of "broadcast" was enabled on router for local fe80... address and I >> guess router broadcasted IPv6 and somehow (??) all servers found that they >> have a IPv6 router on LAN and started using it - automated DHCP IPv6? >> >> I wonder if anyone else also had similar issues? Also, if my guesses are >> correct then how can we disable Red Hat distro oriented servers from taking >> such automated configuration - simple DHCP in IPv6 disable? >> >> >> >> >> Thanks >> >> -- >> >> Anurag Bhatia >> anuragbhatia.com >> or simply - http://[2001:470:26:78f::5] if you are on IPv6 connected >> network! >> >> Twitter: @anurag_bhatia <https://twitter.com/#!/anurag_bhatia> >> Linkedin: http://linkedin.anuragbhatia.com >