Just speaking for myself, I don't think you NEED any slack.  Pretty damned good questions that I had wondered about myself. 

Welcome to the neighborhood.  Grab a beer.

Ha....yeah...I have seen the "tastes great, less filling" post.  I watched some interesting videos by Google on the topic of IPv6 and the changeover. I will try to post the link for anyone that is interested...if anyone is.

http://www.youtube.com/watch?v=mZo69JQoLb8


There is one, but there are many more if you just search Google and IPv6 (or just IPv6).

Does anyone know of any tools that are already able to take advantage of IPv6?

I really think that converting to the IPV6 is something that is way off in the future and the mathmatical requirement forcing the change will be reached slower then expected or hoped by those that are pushing for V6, I am sure that it's rooted in the groups that think HEX is fun...

As of 2008-6-1, Nmap v4.65 now supports IPv6 on Windows.

http://nmap.org/changelog.html

Don

Teedge77,

Excellent question.  This is my first reply and I am a new member so, I hope that my disagreeing with some of the other replies will not offend anyone.  You are correct IPv6 is here. The Federal Government has been mandated by the Office of Budget and Management to migrate to IPv6 by June 30th 2008.  Typically many government agencies won’t make the three year old deadline but, the change has begun. 

Now, to your question. It is a question that I am researching myself.  What network tools work and which don’t?  What are the security implications for applications like VoIP?

It depends on the tool and vendor.  Some of the major vendors have had dual stack products for a while.  Other vendor tools and tools with lower levels of support may not be ready.  Equipment will also be a factor.  Services like FTP, at last I knew are not supported in IPv6 on Cisco routers. 

There are already a number of hacks advertised for IPv6.  I don’t know how well they work or on what types of equipment but we will start to see soon. 

The bottom line is for every tool that we use we are going to have to contact the vendor, do some research or test.  My hope is that as we identify tools that work and tools that do not we share the information to save the next person some unnecessary headaches.   

well the the issue now becomes finding all those millions of machines.  But it does bring up interesting issues. if your security strategy has been that those machines are NAT'ed you may have to come up with something else.

There have been claims of tools used for scanning IPv6 networks both from security companies and from crackers.  So, finding networks might not be as big a problem as know what you found and where you are and how it relates to your target. 

I think the issue of hiding networks will require a number of NAT like systems or network segments based on the type of resource that you are attempting to protect.  It could require increased monitoring points along with the usual IDS, Firewalls and AV. Everyone seeing everything might be a bit of a problem.