[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

BCP for securing IPv6 Linux end node in AWS

Subject: BCP for securing IPv6 Linux end node in AWS
From: ekgermann at semperen.com (Eric Germann)
Date: Sun, 14 May 2017 09:29:45 -0400

Good morning all,

I?m looking for some guidance on best practices to secure IPv6 on Linux end nodes parked in AWS.

Boxes will be running various services (DNS for starters) and I?m looking to secure mainly ICMP at this point.  Service filtering is fairly cut and dried.  

I?ve reviewed some of the stuff out there, but apparently I?m catching too many of the ICMP types in the rejection as routing eventually breaks.  My guess is router discovery gets broken by too tight of filters.

Thanks for any guidance.

EKG

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3705 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20170514/8559f8bd/attachment.bin>

Follow-Ups:
- BCP for securing IPv6 Linux end node in AWS
  - From: alarig at swordarmor.fr (Alarig Le Lay)
- BCP for securing IPv6 Linux end node in AWS
  - From: erey at ernw.de (Enno Rey)
- BCP for securing IPv6 Linux end node in AWS
  - From: rsk at gsp.org (Rich Kulawiec)

Prev by Date: Carrier classification
Next by Date: BCP for securing IPv6 Linux end node in AWS
Previous by thread: Carrier classification
Next by thread: BCP for securing IPv6 Linux end node in AWS
Index(es):
- Date
- Thread