IPv6 service running on Amazon EC2 instance started in subnet with no IPv6

All IPv6 services should be disabled unless the instance is in a subnet with IPv6 enabled

Teri Radichel
Bugs That Bite
Published in
2 min readAug 2, 2024

--

Looking at services runing for an instance in an IPv4 only subnet. If I run this command:

sudo lsof -i

I see this service running:

systemd-n 3274 systemd-network 19u IPv6 23740 0t0 UDP ip[..]:dhcpv6-client

I also see an entry in /etc/hosts for IPv6.

If this is a service started by docker, docker should recognize when no IPv6 configuration exists. Is it looking in /etc/hosts or ?

These services and configurations are unnecessary in an IPv4 only subnet and should be disabled or removed.

Also reading these issues:

I was talking to the person who is the head of security for a very popular wifi router who agrees with my stance on IPv6. It is a wifi device touted by security professionals and widely used by people I know. I’m pretty sure he’s seen his share of IPv6 incidents.

Follow for updates.

--

--

Teri Radichel
Bugs That Bite

CEO 2nd Sight Lab | Penetration Testing & Assessments | AWS Hero | Masters of Infosec & Software Engineering | GSE 240 etc | IANS | SANS Difference Makers Award