ICMP for IPv6 - Security Risk?

Discussion in 'other firewalls' started by Tyrizian, Jan 23, 2016.

  1. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,806
    I do know there is some security risks involved with ICMP for IPv4 protocols, for example spoofing, etc.

    But, what I don't know is, do these security risks apply to new standards, such as ICMP for IPv6 protocol?

    I have read that disabling ICMP for IPv6 isn't as good of an idea, as it is for IPv4, due to the requirements it needs for it to run fully operational.

    Not sure if that is entirely true or not, which is why I come here to ask the more knowledgeable on this matter.

    Is ICMP for IPv6 a security risk?

    Should it be disabled or enabled?

    I might want to add, I'm using IPv6 under a home based network.

    Anyways, any feedback is greatly appreciated,

    Thanks
     
  2. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
  3. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,977
    Location:
    Brasil
    Anti-spoofing rules are quite easy to make. On Windows, COMODO has a simple checkbox for that :)

    Do you need ICMP at all?
     
  4. CHEFKOCH

    CHEFKOCH Registered Member

    Joined:
    Aug 29, 2014
    Posts:
    301
    Location:
    Swiss
    There are several myths about ICMP/IGMP with IPv6, I think most of them are well explained over here. Generally I wouldn't block it. I suggest you configure it for your user needs, I don't know about which of them we talking about (which type?) so I guess this is a general question. There are also several tools/guide especially on gibson research corparation to test your firewall and get a lot of iinformation about the network protocols and his weaknesses.
     
  5. hjlbx

    hjlbx Guest

    I asked about this on Emsisoft forum since there is so much mis-\dis- information regarding network security and IPv6.

    The reply was for home network - even with router - is to set firewall profile to Public for increased protection.

    Other than that, a home user has no need to create some type of over-the-top network configuration - unless you are Enemy of the State.

    In that case, you should run and never stop... LOL.
     
  6. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,806
    I learned it's more needed for IPv6 and less necessary on IPv4 connections, so I configured it as recommended (ICMP enabled for IPv6, ICMP disabled for IPv4).

    Also, thank you all for your replies, it was very helpful.
     
Loading...