On killing IPv6 transition mechanisms
john at sackheads.org
Fri Mar 19 19:15:33 CET 2010
On Mar 19, 2010, at 2:00 PM, Martin Millnert wrote:
> On Fri, 2010-03-19 at 10:35 +0100, Gert Doering wrote:
>> I have been told by people who know more about Windows than I do that
>> if you disable IPv6, a large number of windows RPC things in Win7/Server2008
>> will just stop working. To quote "the *base* communication protocol in
>> W2k8R2 is IPv6, you just *can't* disable it".
>> See, for example, http://www.networkworld.com/community/node/45032
> See also
> http://technet.microsoft.com/en-us/magazine/2009.07.cableguy.aspx titled
> "Support for IPv6 in Windows Server 2008 R2 and Windows 7", with a
> section labeled "The Argument against Disabling IPv6".
> "From Microsoft's perspective, IPv6 is a mandatory part of the Windows
> operating system [...] Therefore, Microsoft recommends that you leave
> IPv6 enabled, even if you do not have an IPv6-enabled network, either
> native or tunneled."
> Disabling IPv6 *entirely* is impossible (lo will stay), but some partial
> disabling can be done with http://support.microsoft.com/kb/929852 . But
> it will come with pain to do so.
> This case closed now? :)
Unfortunately, read this from an enterprise security perspective.
Home group I do not care about.
DirectAccess == "Please put my enterprise security 100% in the hands of my Windows Admins"
Teredo == "Please disregard any access controls I have in place at my network perimeter"
More information about the ipv6-ops