On 7/11/22, rhkramer wrote: > > From the peanut gallery: I disabled IPv6 quite some time ago. I don't > recall how I did it, but I might have that information in my notes, somewhere. > > The reason that I disabled it (which might not be totally logical) is that > in IPv4, I have always had my computers (and LAN) behind a NAT device.
A NAT device does not necessarily act like a stateful firewall. Years ago I ran a TOR middle node ... and noticed someone scanning my internal network!! Turns out they were using loose source routing to get around NAT: https://en.wikipedia.org/wiki/Loose_Source_Routing Loose Source Routing is an IP option which can be used for address translation. My cable modem was quite willing to forward packets addressed to the publicly addressable outside IP address of the box to my internal LAN with the RFC-1918 address space .. that I thought was unreachable from the public Internet because NAT :( So lesson learned - get a firewall or router that will drop packets that have IP options set. Regards, Lee
