Department of Defense
High Performance Computing Modernization Program

Microsoft Windows supports something called Internet Connection Sharing (ICS), which allows several computers to share one Internet connection without using a hardware router. In the home networking environment of the past, ICS was sometimes used as an economical way to connect several computers to the Internet. Microsoft supported ICS in Windows Vista and Windows XP, and still supports it in Windows 7 and 8/8.1/10 (although it is disabled by default).

However, when used in conjunction with Internet Protocol version 6 (IPv6) ICS causes severe configuration problems and creates strong security concerns. Almost all commercial, enterprise, and academic networks strongly recommend against the use of ICS. They will/should try to detect and deny access to any computer which has ICS enabled when it attempts to connect to their network. The various "Enabling IPv6 in Microsoft Windows ..." articles in the IP Transport section describe how to check the status of ICS on a system and disable it if enabled. Windows 10 contains a further evolution of ICS called Wi-Fi sense which should also be disabled as described in the Enabling IPv6 in Microsoft Windows 8 and later Versions article.

When a Windows computer with ICS enabled is connected to a network, it sends out unauthorized Router Advertisement (RA) packets. Such packets are called "Rogue RAs", and are described in more detail in Definition and Prevention of rogue Router Advertisements in the DHCP and SLAAC on IPv6 Networks article in the Infrastructure section.

 

 


Top