Because I can not delete this post in this section
[attachment deleted by admin]
Disabling IPv6, in any way, won’t stop a process from listening on a v6 transport, which incidentally, is not the same as being connected. Under Vista and above IPv6 and IPv4 are part of tcpip.sys. If you want to stop a service using a port, you’ll have to stop and disable the service, Which in the image you’ve posted will be:
Windows Event Viewer
Task Scheduler
RPC Endpoint Mapper
None of which I’d suggest disabling, unless you understand the consequences of doing so.
open regedit and navigate to →
HKEY_LOCAL_MACHINE →
HKEY_LOCAL_MACHINE\SYSTEM →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP6 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP6\Parameters - >
right click an create a new DWORD
right click on the new DWORD and rename it " DisabledComponents "
right click again and click modify
set the value to " ffffffff "
this will disable tcipv6 except for the loopback interface on the local host.
Unfortunately, that won’t stop v6 transports from showing and displaying ‘listening’. As I mentioned in my previous post, IPv6 and IPv4 are all part of tcpip.sys. Unlike XP, where they were separate entities, they cannot be removed entirely.
As an aside, a quicker to add the registry entry is via:
reg add hklm\system\currentcontrolset\services\tcpip6\parameters /v DisabledComponents /t REG_DWORD /d 255
[attachment deleted by admin]
10-4 Radaghast . I was just pointing out the closest you could possibly get to disabling Ipv6 using the registry. I use this method and also disable the Teredo Tunneling Pseudo-Interface .
Sorry to hijack this post, but why would you want to disable IPv6?
Looking at my own firewall rules, the inbound block rules remain the same regardless of IPv6, so even if svchost, lsass & wininit are listening, it makes no difference. With my outbound rules, the only IPv6 outgoing connections svchost ever makes are to loopback zone and to my router (DHCP port 547 and LLMNR port 5355).
Even with Teredo Tunneling, surely they’re just normal IPv4 outgoing connections anyway. Is there something I’m missing/overlooking?
[attachment deleted by admin]
At this time CIS does a pretty poor job of supporting IPv6, which makes the job or creating the appropriate rules, to support the stack, pretty difficult. There’s also the consideration of whether or not you have complete support for the protocol, via your ISP (native support) or tunnelling via a broker.
Personally, I wouldn’t disable IPv6 - I actually use it. However, if you’re not actually using one of the methods mentioned above, you might consider disabling the standard tunnelling interfaces, Teredo, 6to4 and ISATAP, as these offer the best attack surface for those with malicious intent. If you leave it enabled, it’s vital that you have IPv6 filtering enabled in the firewall.
As an aside, if you do disable IPv6, in Windows 7 and above, some services will fail to work correctly, if at all, for example Homegroups.
There are actually arguments both for and against leaving IPv6 enabled. I disable IPv6 simply because I have no applications or services that require it . The IPv6 protocol consumes resources and network bandwidth even when not in use from what I have read. Also the more protocols you have in place the greater the chance of exploitable security vulnerabilities. Internet security applications I think also have challenges to protecting end users as compared to ipv4. Furthermore it bothers me that I would have connections coming and going without anyway to query the address string to resolve ip addresses of connections.
just my 2 cents. 
Unless you have native IPv6 (from your ISP) or have signed up with a tunnel broker - if you have a router, it must also support the protocol - all you have are link local addresses (fe80::…) or Ipv6 over IPv4 (teredo, 6to4 etc.). The latter may be disabled by turning off the tunnelling interfaces. The former is only used on your local subnet.
The IPv6 protocol consumes resources and network bandwidth even when not in use.
The overhead of supporting dual stack is minimal to the point of being unnoticeable. Also, IPv6 has more bandwidth saving features that IPv4 and is typically more efficient.
Also the more protocols you have in place the greater the chance of exploitable security vulnerabilities.
The measures used to filter IPv4 and the same as those used to filter IPv6. Granted, dual stack potentially offers more ways to exploit a system, but if your security measures cater for the protocol in the same way the cater for IPv4, there’s just as much chance of being attacked via IPv4.
In my opinion if you're not using a protocol, then it should be disabled. I keep it disabled for now because I don't understand it yet and in many ways it's still in it's infancy.
If you don’t understand something, turining it off won’t improve your knowledge. As far as it being in it’s “infancy”. The IETF first proposed IPv6 in 1994 and the first release was i 1998. The main reason it wasn’t adopted sooner, is because of NAT and industry reluctance to add support.
Internet security applications I think also have challenges to protecting end users as compared to ipv4.
Most already offer some degree of support.
Furthermore it bothers me that I would have connections coming and going without anyway to query the address string to resolve ip addresses of connections.
Virtually ever service that offers IPv4 address lookups also offer IPv6 equivalents. You could also download something like IPNetInfo and query from your desktop.
Unless you have native IPv6 (from your ISP) or have signed up with a tunnel broker - if you have a router, it must also support the protocol - all you have are link local addresses (fe80::...) or Ipv6 over IPv4 (teredo, 6to4 etc.). The latter may be disabled by turning off the tunnelling interfaces. The former is only used on your local subnet.
I have native IPv6 through my isp.
If you don't understand something, turining it off won't improve your knowledge. As far as it being in it's "infancy". The IETF first proposed IPv6 in 1994 and the first release was i 1998. The main reason it wasn't adopted sooner, is because of NAT and industry reluctance to add support.
I’m keeping it off until I do improve my knowledge and understand the protocol a little more. Which my knowledge is improving as we speak ;D. I wouldn’t jump out of a plane until I understood how to use a parachute. By infancy I meant from the launch of World IPv6 Day until now. Also from the fact that average users are becoming more and more aware of ipv6.
The measures used to filter IPv4 and the same as those used to filter IPv6. Granted, dual stack potentially offers more ways to exploit a system, but if your security measures cater for the protocol in the same way the cater for IPv4, there's just as much chance of being attacked via IPv4.
Having ipv6 disabled does create less of a surface area in which attackers could potentially try to attack.
Most already offer some degree of support.
Some degree of protection doesn’t cut it when dealing with important data.
Virtually ever service that offers IPv4 address lookups also offer IPv6 equivalents. You could also download something like IPNetInfo and query from your desktop.
FE80::0202:B3FF:FE1E:8329
can you resolve this IP with an online lookup?
Edit : That is just an example IP . What I’m asking is can it be resolved after the fact. For instance if it was from a log file.
Are there any sites you use or could recommend on the subject ?
You’re one of the lucky ones 
I'm keeping it off until I do improve my knowledge and understand the protocol a little more. Which my knowledge is improving as we speak ;D. I wouldn't jump out of a plane until I understood how to use a parachute.
Some do ;D
By infancy I meant from the launch of World IPv6 Day until now. Also from the fact that average users are becoming more and more aware of ipv6.
It’s taken long enough :o
Having ipv6 disabled does create less of a surface area in which attackers could potentially try to attack.
Possibly, it’s also a lot harder to scan IPv6 address blocks to find available targets.
Some degree of protection doesn't cut it when dealing with important data.
You just have to choose the right product :a0
FE80::0202:B3FF:FE1E:8329can you resolve this IP with an online lookup?
Edit : That is just an example IP . What I’m asking is can it be resolved after the fact. For instance if it was from a log file.
Can you resolve 169.245.10.25?
It’s the same address type, i.e. link local and not valid on the Internet.
Are there any sites you use or could recommend on the subject ?
The ARIN Wiki is a good place to start - Educating Yourself about IPv6
Personally, I find hands on a better way to learn than just reading and you could do worse than working through Hurricane Electric IPv6 Certification The early tests are straight forward but you’ll need to understand networking quite well to get through the later stages.