You are not logged in.
I have disabled ipv6 via the kernel line:
ipv6.disable=1which seemed to have disabled ipv6, but i still see ICMPv6 traffic in wireshark:
15224 1108.658881822 fe80::1 ff02::1 ICMPv6 86 Neighbor Advertisement fe80::1 (rtr, ovr) is at ce:ns:or:ed:00:00Does one have a clue what could cause this and how to disable it?
edit: i do this because of CVE-2018-15688 maybe you should too.
edit2: i cannot identify the application that generates this via eg
nethogsor better say: i don't know else
Last edited by astastast (2018-10-27 17:04:07)
Offline
Welcome to the arch linux forums astastast. Is that not a message from the links default gateway to the all-nodes link-local multicast group address?
The message would be generated by the other end of the link and ignored by the kernel as IPV6 is disabled but wireshark observed the traffic?
Edit:
You might consider filing a bug report for CVE-2018-15688 as it does not seem to have one or be listed on https://security.archlinux.org/
Last edited by loqs (2018-10-27 19:31:47)
Offline
why would you disable ipv6 alltogether when you can just not use the DHCPv6 client of systemd-networkd?
ps.
wireshark/tcpdump will also tell you the mac address of the device sending those packets, so you can learn which one it is.
Offline
@loqs for me it looks like (I am by far an ipv6 expert) that my machine (fe80::1 <= link local right?) sends to the multicast group (ff02::1 <= all ipv6 nodes) which effectively means ipv6 wide broadcast.
One thing i found interesting is that i even cannot configure, nor can i set ipv6table for it (cause no ipv6 stack).
BUT something managed to still send ipv6 packages (or wireshark just managed to capture this attempt?).
@damjan it is because of things like this, if i had not disabled ipv6 completely, then something on this system (my guess is network manager/systemd-resolve) did manage to send ipv6.
Do you know a good method to identify such rogue applications?
Offline