June 6, 2008 at 8:29 pm #2517teedge77Participant
Hello everyone, this is my first post and hopefully people will be able to excuse what may be a slightly vague question. With IPv6 coming out in the not TERRIBLY distant future….well….being more widely used I suppose is what I really mean. How is that going to change the current security work? What I am trying to get to is…will all tools have to be redone with support? Are there tools that already have updated to support IPv6? Will people who just learned TCP/IP need to go back to the drawing board and learn v6 now or will it be like updating your MCSE from 2000 to 2003, and you just need to recap on the new stuff? How does 6 differ from 4 as far as the OSI model, in the sense of pen testing? Unless you have the 4 stuffed inside the 6, then 4 and 6 arent gonna play nice, right? Well…this has become more vague, incoherent and out of the scope of “Ethical Hacking” and more into “Networking” so I will quit. First post….cut me a little slack. 😉
June 6, 2008 at 8:33 pm #18290oneeyedcarmenParticipant
Just speaking for myself, I don’t think you NEED any slack. Pretty damned good questions that I had wondered about myself.
Welcome to the neighborhood. Grab a beer.
June 6, 2008 at 8:40 pm #18291Don DonzalKeymaster
Now that’s a good first post. Welcome to EH-Net.
First of all, try this:
You can also try these posts on EH-Net:
Since most people who recommend that if you want a career in networking or security, start with learning the ins and outs of TCP/IP, learning IPv6 now can only help you be fully prepared when the time comes. That also makes you more valuable to employers. ;D
Hope this helps,
June 6, 2008 at 8:47 pm #18292teedge77Participant
Ha….yeah…I have seen the “tastes great, less filling” post. 😉 I watched some interesting videos by Google on the topic of IPv6 and the changeover. I will try to post the link for anyone that is interested…if anyone is.
There is one, but there are many more if you just search Google and IPv6 (or just IPv6).
Does anyone know of any tools that are already able to take advantage of IPv6?
June 6, 2008 at 9:09 pm #18293Clay BriggsParticipant
IPv6 is so sparcely implimented I don’t think it’s a big issue just yet. Even for us who were REQUIRED to ‘update to IPv6’… we’re only doing the boarder routers. And even with that, we’re still keeping IPv4 throughout all of our inner workings. NAT has really slown the push for IPv6, even with all the hype. What I’m more interested in, is whether people plan to Winblows autonegotiated IPv6, or DHCPv6 with set ranges. I know personally for sanity and being able to keep a decent idea of whats on the network, I’m leaning toward the latter. I had a teacher once tell me that Hex is easier to read than binary… I respectfully disagree. 😉 I had to show them that I could convert far faster to decimal.. going Hex to Binary, to Decimal… than their convoluted path of Hex to Decimal. All I have to say for the future, is thank God we have cut and paste… because remembering an IPv6 addy will be a pain in the arse.
June 6, 2008 at 11:08 pm #18294tboneParticipant
I really think that converting to the IPV6 is something that is way off in the future and the mathmatical requirement forcing the change will be reached slower then expected or hoped by those that are pushing for V6, I am sure that it’s rooted in the groups that think HEX is fun…
June 9, 2008 at 2:17 am #18295AnonymousParticipant
it depends on where you live. some countries like japan are in full IPv6 force. US, not so much but its coming. to answer the first question alot of tools have to be rewritten but there are some that are compatible.
I caught a talk by Joe Klein at NoVA Sec on IPv6 and there are plenty of pretty cool network vulnerabilities in IPv6 so its worth learning. You might get lucky and catch some people running it on their LAN and be able to use it to your advantage.
June 18, 2008 at 3:44 am #18296
June 18, 2008 at 6:22 pm #18297divineParticipant
personal opinon, ready, set, go:
IPv6 is a pain and from strictly a personal perspective I don’t think it is necessary to learn it right now, even those who are being forced to change (my company included) are not going to change use anything except IPv4 internally. Honestly, there is no need to change our internal IP space so I don’t see it happening anytime soon…
End Personal Opinion…
professional opinion, ready, set go:
Learning New things like IPv6 can do nothing but help prepare you for the future and increase your marketability to future employers, on this one, the career perspective should win out, I am not using nor will I use IPv6 at my current company, however, because I am career minded and more professional then just personal I have learned enough about IPv6 to understand and manage it if necessary. This way if a future employer ever had that requirement… check it off on the list, I am good to go….
end professional opinion:
As you can see their are 2 sides to this argument from everyone’s posts you got a little taste of both sides. Take the knowledge that has been shared and do what you think is best for you man ;)….
June 18, 2008 at 7:49 pm #18298AkhenatonParticipant
Excellent question. This is my first reply and I am a new member so, I hope that my disagreeing with some of the other replies will not offend anyone. You are correct IPv6 is here. The Federal Government has been mandated by the Office of Budget and Management to migrate to IPv6 by June 30th 2008. Typically many government agencies won’t make the three year old deadline but, the change has begun.
Now, to your question. It is a question that I am researching myself. What network tools work and which don’t? What are the security implications for applications like VoIP?
It depends on the tool and vendor. Some of the major vendors have had dual stack products for a while. Other vendor tools and tools with lower levels of support may not be ready. Equipment will also be a factor. Services like FTP, at last I knew are not supported in IPv6 on Cisco routers.
There are already a number of hacks advertised for IPv6. I don’t know how well they work or on what types of equipment but we will start to see soon.
The bottom line is for every tool that we use we are going to have to contact the vendor, do some research or test. My hope is that as we identify tools that work and tools that do not we share the information to save the next person some unnecessary headaches.
June 23, 2008 at 8:17 pm #18299
I’m curious to see what happens when NAT (theoretically) goes away. While security through obscurity is not necessarily a good thing, having millions of machines that were previously hidden be directly accessible seems like a bad thing to me.
June 23, 2008 at 9:03 pm #18300AnonymousParticipant
well the the issue now becomes finding all those millions of machines. But it does bring up interesting issues. if your security strategy has been that those machines are NAT’ed you may have to come up with something else.
June 23, 2008 at 9:07 pm #18301
I’m betting that we see some sort of IPv6 NAT workalike,or some sort of similar scheme to hide machines appear as we get close to switching over.
July 2, 2008 at 8:19 pm #18302AkhenatonParticipant
There have been claims of tools used for scanning IPv6 networks both from security companies and from crackers. So, finding networks might not be as big a problem as know what you found and where you are and how it relates to your target.
I think the issue of hiding networks will require a number of NAT like systems or network segments based on the type of resource that you are attempting to protect. It could require increased monitoring points along with the usual IDS, Firewalls and AV. Everyone seeing everything might be a bit of a problem.
July 3, 2008 at 12:07 am #18303Clay BriggsParticipant
You’re right about the federal mandate to go to IPV6… other than it only requires boarder routers. Which is all we’re doing. I speak at least in regard to the DOI. So, our boarder routers will be IPV6, while all our internal network is still IPV4. With somewhat of a cobbled IPV4 to IPV6 Nat type thing going on. Granted, I’m not the Network Engineer doing it, but that’s the word frop the top. It is my suspicion that the rest of the Federal Agencies are going to do that as well.
July 3, 2008 at 12:16 am #18304
- You must be logged in to reply to this topic.