Turning off IPV6

Hi,
I’m sure there’s a good reason why MMC console wants to listen out on IPV6 port 135 (see snip) but it bugs me. >:(

I had the idea that unchecking IPV6 in the adapter was enough to disable IPV6 tunnelling etc. Not true it seems? I’ve found two methods needed, apparently, to turn IPV6 off completely:

First is a reg key tweak…

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\

Create registry value (DWORD type): DisabledComponents
=dword:000000ff

The second ( I think I found it here somewhere :slight_smile: involves downloading and unzipping a couple of ADMX and ADML files and sticking them in my systemroot ‘Policy Definitions’ folder and then using Group Policy Editor.

Apart from being sniffy using downloaded stuff I don’t know :a0 , gpedit already has settings for IPV6, except disabling these doesn’t add the above key to the registry, so I’ve no idea if IPV6 is off or not?

I know Comodo has IPV6 covered and is blocking mmc.exe, but I’m acting on the basis I can’t confidently make IPV6 rules, don’t have any, and don’t see why I need it anyway.

The advice i found is a few years out of date so i dunno if I’m being over-zealotish?
As this is a firewall issue, would appreciate any guidance.

[attachment deleted by admin]

Even if you disable ipv6 via the methods described elsewhere, you won’t prevent a service listening on a port, unless you disable the service responsible for using the port. The reason for this is that ipv4 and ipv6 share the same protocol driver, tcpip.sys. So, if you disable the service you’ll also block ipv4 as well.

As for the ADMX and ADML files, they’re only xml files and may be viewed or edited with any standard text editor.

Whilst there are ways to disable RPC/DCOM, either via the registry or a utility that Gibson released a while back, I wouldn’t recommend doing so, as there are a multitude of services that have dependencies (see image) The best idea is to simply create an Application rule for svchost, that blocks access to and from the Internet.

In case you didn’t know, the ::1 ipv6 address is loopback, the equivalent of 127.0.0.1 in ipv4. It’s probably also worth pointing out that you may or may not see TCP6 or UDP6 in a protocol listing, it’s dependant on which viewer is used. Applications like Process Hacker and Process Explorer do differentiate between the two, whereas, netstat and CIS do not.

[attachment deleted by admin]

Thanks Radaghast.

Yes, I have loads of rules blocking anything and everything ;D so I guess svchost is covered. It just seemed weird mmc.exe wanted to listen on 135 too. But I’ve ruled that out as well as the snip shows.

I read somewhere about IPV6 tunnelling and … aw heck … if even the CIA can be hacked I’m sure my gas bills aren’t interest to nobody ;D

(According to ssj100 on his site, SRP is easily by-passed too, so there’s no point worryin I guess. :frowning:

You can disable the tunnelling features of ipv6 by copying and pasting the following in to a command prompt. It’s fully reversible:

netsh interface ipv6 set privacy state=disable
netsh interface ipv6 6to4 set state state=disabled
netsh interface ipv6 isatap set state state=disabled
netsh interface ipv6 set teredo disabled

Yes, I used those commands from other threads where you’ve suggested them. ;D

Would they be doing the same as disabling the following in gpedit’s ‘Computer Configuration\Administrative Templates\TCPIP Settings’ node? …

IPV6 Transition Technologies

6to4 Relay Name
6to4 Relay Name Resolution Interval
6to4 State
IP-HTTPS State
ISATAP Router Name
ISATAP State
Teredo Client Port
Teredo Default Qualified
Teredo Refresh Rate
Teredo Server Name
Teredo State

I’ve disabled the lot. >:-D

I’ve also created a Teredo Zone and used it in some global block rules ( see pics).

All based on suggestions found in my travels. :slight_smile:

[attachment deleted by admin]

You don’t like ipv6, do you ;D

Would they be doing the same as disabling the following in gpedit's 'Computer Configuration\Administrative Templates\TCPIP Settings' node? ...

The net result is the same.

I've also created a Teredo Zone and used it in some global block rules ( see pics).

You’ve nailed the most obvious public relays, however, others do exist, but I wouldn’t let that concern you, as you’ve disabled the the tunnelling capability. Don’t forget, for Teredo to function, it requires icmpv6 as welll as being able to communicate over UDP on port 3544, so you could always create a rule for svchost to block that too :stuck_out_tongue:

Thanks.

On your suggestion I’ve just found IANA org says:

3544/tcp Teredo Port
3544/udp Teredo Port

So I’m blocking TCP too. Can’t be too careful 8)

I hope this critter’s dead now…

You may want to check out the following:

Thanks for help - greedy for knowledge :-TU