[DNG] Security implications of IPv4 vs IPv6 (was Re: Configuring ethernet port for IPv6)
On Sat, Jan 29, 2022 at 01:22:57AM -0500, Steve Litt wrote: [redirecting to list, I think that's what you intended] > Joel Roth said on Fri, 28 Jan 2022 15:19:35 -1000 > >> On my next router, (probably OpenBSD/pf), I'm going to block all > >> IPV6. I enjoy that the badguys have to jump through one more hoop > >> (NAT) to hit me where it hurts. > > > >IPv6 does have some security features lacking in IPv4. > > I didn't know that. What are some of those features and where can I > find out more about them? A naive search turns up this article that seems credible: https://www.avast.com/c-ipv4-vs-ipv6-addresses The site appears to belong to a VPN provider. > Thanks, > Steve > > Steve Litt > Spring 2021 featured book: Troubleshooting Techniques of the Successful > Technologist http://www.troubleshooters.com/techniques > -- Joel Roth ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Configuring ethernet port for IPv6 - broken hardware revealed by dmesg
On Fri, Jan 28, 2022 at 03:14:31PM -1000, Joel Roth via Dng wrote: > This is an older thinkpad, I think it's unlikely to need > extra firmware. When I try to install firmware-misc-nonfree I'm told: > > Package firmware-misc-nonfree is not available, but is referred to by another > package. > This may mean that the package is missing, has been obsoleted, or > is only available from another source > > I do have firmware-linux-nonfree installed. Hmmm, OK. Well, firmware-linux-nonfree should pull in firmware-misc-nonfree, so your probably fine as far as that goes, and you probably have a bad ethernet chip. Greg -- web site: http://www.gregn.net gpg public key: http://www.gregn.net/pubkey.asc skype: gregn1 (authorization required, add me to your contacts list first) If we haven't been in touch before, e-mail me before adding me to your contacts. -- Free domains: http://www.eu.org/ or mail dns-mana...@eu.org ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Configuring ethernet port for IPv6
-- Joel Roth --- Begin Message --- Hi Steve, Long time... > On my next router, (probably OpenBSD/pf), I'm going to block all IPV6. > I enjoy that the badguys have to jump through one more hoop (NAT) to > hit me where it hurts. IPv6 does have some security features lacking in IPv4. > I'm not an authority on firewalls and routers, but I'm going to try > hard to pass only a very few IP addresses on my LAN, and put the Wifi > on a third network card. Hopefully someone is researching this for us. > In my opinion, IOT (the Internet Of Things) is for the most part an > abomination. I don't want my thermostat on the same subnet as my LAN. I was thinking of an IOT thermometer. Don't you want to hear something like "Hi I'm your smart thermometer. You're temperature is a little high today. You might have a cold, or worse. Have you been vaccinated yet? I recommend you stay at home till you feel better." > SteveT > > Steve Litt > Spring 2021 featured book: Troubleshooting Techniques of the Successful > Technologist http://www.troubleshooters.com/techniques > ___ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng -- Joel Roth --- End Message --- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Configuring ethernet port for IPv6 - broken hardware revealed by dmesg
On Fri, Jan 28, 2022 at 05:50:37PM -0700, Gregory Nowak via Dng wrote: > On Fri, Jan 28, 2022 at 12:40:36PM -1000, Joel Roth via Dng wrote: > > On Fri, Jan 28, 2022 at 12:05:06PM -0700, Bob Proulx via Dng wrote: > > > Joel Roth wrote: > > > > Gregory Nowak wrote: > > > > > Is there anything different in the dmesg(1) output for eth1 than > > > > > for your other interfaces? > > > > > > > > bingo: > > > > > > > > [467072.902423] e1000e :00:19.0 eth1: Hardware Error > > > >... > > > > This is a used Thinkpad pad, recently purchased. > > > > Fortunately usb-ethernet adapters are easily available. > > I'm not sure, but is it possible your ethernet chip is one which > requires firmware from the firmware-misc-nonfree package? This is an older thinkpad, I think it's unlikely to need extra firmware. When I try to install firmware-misc-nonfree I'm told: Package firmware-misc-nonfree is not available, but is referred to by another package. This may mean that the package is missing, has been obsoleted, or is only available from another source I do have firmware-linux-nonfree installed. > Greg > > > -- > web site: http://www.gregn.net > gpg public key: http://www.gregn.net/pubkey.asc > skype: gregn1 > (authorization required, add me to your contacts list first) > If we haven't been in touch before, e-mail me before adding me to your > contacts. > > -- > Free domains: http://www.eu.org/ or mail dns-mana...@eu.org > ___ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng -- Joel Roth ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Configuring ethernet port for IPv6 - broken hardware revealed by dmesg
On Fri, Jan 28, 2022 at 12:40:36PM -1000, Joel Roth via Dng wrote: > On Fri, Jan 28, 2022 at 12:05:06PM -0700, Bob Proulx via Dng wrote: > > Joel Roth wrote: > > > Gregory Nowak wrote: > > > > Is there anything different in the dmesg(1) output for eth1 than > > > > for your other interfaces? > > > > > > bingo: > > > > > > [467072.902423] e1000e :00:19.0 eth1: Hardware Error > > >... > > > This is a used Thinkpad pad, recently purchased. > > > Fortunately usb-ethernet adapters are easily available. I'm not sure, but is it possible your ethernet chip is one which requires firmware from the firmware-misc-nonfree package? Greg -- web site: http://www.gregn.net gpg public key: http://www.gregn.net/pubkey.asc skype: gregn1 (authorization required, add me to your contacts list first) If we haven't been in touch before, e-mail me before adding me to your contacts. -- Free domains: http://www.eu.org/ or mail dns-mana...@eu.org ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Configuring ethernet port for IPv6 - broken hardware revealed by dmesg
On Fri, Jan 28, 2022 at 12:05:06PM -0700, Bob Proulx via Dng wrote: > Joel Roth wrote: > > Gregory Nowak wrote: > > > Is there anything different in the dmesg(1) output for eth1 than > > > for your other interfaces? > > > > bingo: > > > > [467072.902423] e1000e :00:19.0 eth1: Hardware Error > >... > > This is a used Thinkpad pad, recently purchased. > > Fortunately usb-ethernet adapters are easily available. > > This is very odd. Thinkpads have been very robust and reliable and > used so much that they have been somewhat of a reference platform for > many years. The e1000 driver family is very commonly used and is in > the kernel main. > > I suggest booting a live boot image on your Thinkpad and seeing if the > wired interface works using one of those. That would eliminate > something corrupted in your current installation. It's easy to do. > It is a good quick second opinion on the network hardware. > > Also, how did you install this system? Did you use a "netinstall" > image originally? Using the wired ethernet or WiFi? Because if you > installed using wired ethernet (the most typical way I install) then > at install time the netinstall image was working okay with your wired > ethernet. > > Booting a netinstall image in "Rescue Mode" (under the advanced > options) would also be a safe way to test if the hardware is working > under a live boot system. And if this is a recent install using a > netinstall image then it's one you already have available. Great suggestions. I think I've benefitted from your advice several times of the years, directly and from reading your posts. I booted from a different kernel, same result from ip addr show eth1. 2: eth1: mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000 link/ether 28:d2:44:1a:e0:ca brd ff:ff:ff:ff:ff:ff I'll try with a live CD, or USB drive. I've got a hard drive in the CD bay at the moment. The notebook is new used, but the system has been the same (with upgrades) for probably 15 years. I haven't done a fresh installation for a long time (except as a VM). What a great resource you are, oh bearded ones! > Bob > ___ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng -- Joel Roth ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Configuring ethernet port for IPv6 - broken hardware revealed by dmesg
Joel Roth wrote: > Gregory Nowak wrote: > > Is there anything different in the dmesg(1) output for eth1 than > > for your other interfaces? > > bingo: > > [467072.902423] e1000e :00:19.0 eth1: Hardware Error >... > This is a used Thinkpad pad, recently purchased. > Fortunately usb-ethernet adapters are easily available. This is very odd. Thinkpads have been very robust and reliable and used so much that they have been somewhat of a reference platform for many years. The e1000 driver family is very commonly used and is in the kernel main. I suggest booting a live boot image on your Thinkpad and seeing if the wired interface works using one of those. That would eliminate something corrupted in your current installation. It's easy to do. It is a good quick second opinion on the network hardware. Also, how did you install this system? Did you use a "netinstall" image originally? Using the wired ethernet or WiFi? Because if you installed using wired ethernet (the most typical way I install) then at install time the netinstall image was working okay with your wired ethernet. Booting a netinstall image in "Rescue Mode" (under the advanced options) would also be a safe way to test if the hardware is working under a live boot system. And if this is a recent install using a netinstall image then it's one you already have available. Bob signature.asc Description: PGP signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng