Skip to main content
Topic: The Network "SysTray" Button Enables IPv6 on Enabling IPv4 Auto-DNS (Read 124 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

The Network "SysTray" Button Enables IPv6 on Enabling IPv4 Auto-DNS

Short version: If you click on the Network systray icon, go to IPv4 and change DNS to Automatic...
it will enable IPv6 in your network connection.  :(

If you don't know to go back into your Connection (on the Network Systray Icon) and to change IPv6 back to DISABLED, it will remain AUTOMATIC, meaning, you've just opened your network to IPv6 packets generated from your own computer, inside your networks, which I have no way to really contain, even blocking the IPv6 protocol, the IPv6 to IPv4 IP range, and so on.  THAT'S WHY WE DISABLE AND BLOCK IPv6!

I'm just not good enough at firewalling to otherwise contain the bad guys on IPv6.

All (onion) layers of our networks (try to) BLOCK IPv6.  Still, when IPv6 gets enabled pretty much anywhere in the network, something finds its way out (even with all tunnelling I know about blocked)  and, as an added feature, other IPv6 finds their way back in. 

The IP Tables firewall (and outter routers) rate limits DNS  (53), ICMP, even TCP (53) but when DNS and ICMP get overwhelmed with IPv6 packets, DNS gets shut down by those firewall rate-limiters...and it's not obvious what happened from IPTables logs (even with copious logging statements) becausse I rate-limited the rate-limiter error messages.

Somehow, not even installing any software, we seem to have gotten some DDOS malware on the system from there operating on UDP, ICMP and port(s) 65000.

The firewall contained the malware (mostly), so we didn't become part of the problem (I hope).  However, that opened the proverbial Pandora"s Box and we started getting spoofed packets coming from the WAN even.  I think we inadvertently invited them in because that's abnormal, even for Road Runner / Time  Warner / Spectrum / [whatever they are today].

The firewalls became not only useless, with IPv6 zooming right past them, they became our enemy, with rate -limiters blocking all of IPv4 DNS.

We reloaded Artix and restored from backup...and we're a little bit smarter.

I just wanted to share that with those of you whom help other people with their Linux problems.  You might run into that in the wild.

Maybe the Artix guys will get around to fixing that one day OR maybe I'm wrong and that's the way things should be.

Lemme know.  Call me a newbie... IDC

Thanks Artix, for the Linux! :)

QuickTime v6 (and presumably above) requires IPv6.
I block ALL of IPv6!
I also block all Amazon, Google, Microsoft/Bing/Azure/LinkedIn/Yammer, Edgecast/Fastly/ANS Comm,  Facebook/Meta, Twitter/X, as well as any other IP's which show up on my firewall (about 3% of all IPv4).  Consequently, I do NOT have email addresses nor accounts on any of these systems.  Please don't ask!