#11629 NORM xs-0.7: XS has no IPv6 firewall but runs IPv6 listening services

Zarro Boogs per Child bugtracker at laptop.org
Wed Feb 15 00:01:17 EST 2012


#11629: XS has no IPv6 firewall but runs IPv6 listening services
---------------------------+------------------------------------------------
 Reporter:  greenfeld      |                 Owner:  martin.langhoff                  
     Type:  defect         |                Status:  new                              
 Priority:  normal         |             Milestone:  xs-0.7                           
Component:  school server  |               Version:  Development build as of this date
 Keywords:                 |           Next_action:  diagnose                         
 Verified:  0              |   Deployment_affected:                                   
Blockedby:                 |              Blocking:                                   
---------------------------+------------------------------------------------
 The schoolserver has no IPv6 firewall defined but runs IPv6-listening
 services.

 The services that listen for anyone to connect to them on IPv6 appear to
 be rsync, SSH, and NTP.

 This is a local subnet risk with anything else connected on the fe80::
 subnet, and a remote risk if we get an IPv6 address via auto-configuration
 (net.ipv6.conf.*.autoconf is enabled) and/or possibly via DHCP.

 Seen with XS-0.7 beta 1, but present in XS-0.6 with a smaller set of
 IPv6-capable services.

-- 
Ticket URL: <http://dev.laptop.org/ticket/11629>
One Laptop Per Child <http://laptop.org/>
OLPC bug tracking system


More information about the Bugs mailing list