Hi Folks, There seems to be a flurry of IPv6 talk going on, maybe this is time for me to bring up the rogue router problem again? I asked about this a couple of times over the years but could never find anyone to comment on it. First, here's the RFC that describes the problem: https://tools.ietf.org/html/rfc6104 Rogue routers have affected me personally at a customer's site. This is a large, professionally managed, dual-stacked network with a number of v4 class B addresses and thousands of hosts. Subnets seem to be /20 CIDR in size, so there are plenty of "neighbors" on any given subnet. I've encountered the situation where misconfigured Windows systems will advertise themselves as an IPv6 router. They then happily accept traffic and drop it all silently on the floor. This problem doesn't seem to bother other Windows boxes too much, but it absolutely kills SSH connections. SSH preferentially tries IPv6 port 22, which when sent to a dumb Windows box results in very long hangups and connection failures. My workaround for my cohort of Linux desktops and servers was to disable IPv6 for both ssh and sshd. This will work for as long as the host network supports dual stacks, but eventually? Then there's the issue of intentional MITM attacks using this vector. If a bad actor has physical access to a subnet, or has compromised a host on that subnet, your goose is cooked. This link mentions some mitigations, but they're quite technical and may require hardware support. https://community.infoblox.com/t5/IPv6-Center-of-Excellence/Holding-IPv6-Nei... So, what is the threat to a home IPv6 user who has WiFi and an Internet of Things with minimal/non-existent security? I personally feel safer behind a nice natted IPv4 firewall with ACL rules between my copper and WiFi subnets. I just feel that I have more control of the situation with a simpler network. Has SUSE addressed this issue? Tell me I don't have to worry about it! Regards, Lew -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org