IPv6

Viewing 15 reply threads
  • Author
    Posts
    • #2517
      teedge77
      Participant

      Hello everyone, this is my first post and hopefully people will be able to excuse what may be a slightly vague question. With IPv6 coming out in the not TERRIBLY distant future….well….being more widely used I suppose is what I really mean. How is that going to change the current security work? What I am trying to get to is…will all tools have to be redone with support? Are there tools that already have updated to support IPv6? Will people who just learned TCP/IP need to go back to the drawing board and learn v6 now or will it be like updating your MCSE from 2000 to 2003, and you just need to recap on the new stuff? How does 6 differ from 4 as far as the OSI model, in the sense of pen testing? Unless you have the 4 stuffed inside the 6, then 4 and 6 arent gonna play nice, right? Well…this has become more vague, incoherent and out of the scope of “Ethical Hacking” and more into “Networking” so I will quit. First post….cut me a little slack.  😉

    • #18290
      oneeyedcarmen
      Participant

      Just speaking for myself, I don’t think you NEED any slack.  Pretty damned good questions that I had wondered about myself. 

      Welcome to the neighborhood.  Grab a beer.

    • #18291
      Don Donzal
      Keymaster

      Now that’s a good first post. Welcome to EH-Net.

      First of all, try this:

      http://www.ipv6.org

      You can also try these posts on EH-Net:

      IPv6: Ready or Not
      IPv6 Guru Predicts Last-Minute Switch to Protocol

      Since most people who recommend that if you want a career in networking or security, start with learning the ins and outs of TCP/IP, learning IPv6 now can only help you be fully prepared when the time comes. That also makes you more valuable to employers.  ;D

      Hope this helps,
      Don

    • #18292
      teedge77
      Participant

      Ha….yeah…I have seen the “tastes great, less filling” post.  😉 I watched some interesting videos by Google on the topic of IPv6 and the changeover. I will try to post the link for anyone that is interested…if anyone is.

      http://www.youtube.com/watch?v=mZo69JQoLb8

      There is one, but there are many more if you just search Google and IPv6 (or just IPv6).

      Does anyone know of any tools that are already able to take advantage of IPv6?

    • #18293
      Clay Briggs
      Participant

      IPv6 is so sparcely implimented I don’t think it’s a big issue just yet.  Even for us who were REQUIRED to ‘update to IPv6’… we’re only doing the boarder routers.  And even with that, we’re still keeping IPv4 throughout all of our inner workings.  NAT has really slown the push for IPv6, even with all the hype.  What I’m more interested in, is whether people plan to Winblows autonegotiated IPv6, or DHCPv6 with set ranges.  I know personally for sanity and being able to keep a decent idea of whats on the network, I’m leaning toward the latter.  I had a teacher once tell me that Hex is easier to read than binary… I respectfully disagree. 😉  I had to show them that I could convert far faster to decimal.. going Hex to Binary, to Decimal… than their convoluted path of Hex to Decimal.  All I have to say for the future, is thank God we have cut and paste… because remembering an IPv6 addy will be a pain in the arse.

    • #18294
      tbone
      Participant

      I really think that converting to the IPV6 is something that is way off in the future and the mathmatical requirement forcing the change will be reached slower then expected or hoped by those that are pushing for V6, I am sure that it’s rooted in the groups that think HEX is fun…

    • #18295
      Anonymous
      Participant

      it depends on where you live. some countries like japan are in full IPv6 force.  US, not so much but its coming.  to answer the first question alot of tools have to be rewritten but there are some that are compatible. 

      I caught a talk by Joe Klein at NoVA Sec on IPv6  and there are plenty of pretty cool network vulnerabilities in IPv6 so its worth learning.  You might get lucky and catch some people running it on their LAN and be able to use it to your advantage.

    • #18296
      Don Donzal
      Keymaster

      As of 2008-6-1, Nmap v4.65 now supports IPv6 on Windows.

      http://nmap.org/changelog.html

      Don

    • #18297
      divine
      Participant

      personal opinon, ready, set, go:

      IPv6 is a pain and from strictly a personal perspective I don’t think it is necessary to learn it right now, even those who are being forced to change (my company included) are not going to change use anything except IPv4 internally. Honestly, there is no need to change our internal IP space so I don’t see it happening anytime soon…

      End Personal Opinion…

      professional opinion, ready, set go:

      Learning New things like IPv6 can do nothing but help prepare you for the future and increase your marketability to future employers, on this one, the career perspective should win out, I am not using nor will I use IPv6 at my current company, however, because I am career minded and more professional then just personal I have learned enough about IPv6 to understand and manage it if necessary. This way if a future employer ever had that requirement… check it off on the list, I am good to go….

      end professional opinion:

      As you can see their are 2 sides to this argument from everyone’s posts you got a little taste of both sides. Take the knowledge that has been shared and do what you think is best for you man ;)….

    • #18298
      Akhenaton
      Participant

      Teedge77,

      Excellent question.  This is my first reply and I am a new member so, I hope that my disagreeing with some of the other replies will not offend anyone.  You are correct IPv6 is here. The Federal Government has been mandated by the Office of Budget and Management to migrate to IPv6 by June 30th 2008.  Typically many government agencies won’t make the three year old deadline but, the change has begun. 

      Now, to your question. It is a question that I am researching myself.  What network tools work and which don’t?  What are the security implications for applications like VoIP?

      It depends on the tool and vendor.  Some of the major vendors have had dual stack products for a while.  Other vendor tools and tools with lower levels of support may not be ready.  Equipment will also be a factor.  Services like FTP, at last I knew are not supported in IPv6 on Cisco routers. 

      There are already a number of hacks advertised for IPv6.  I don’t know how well they work or on what types of equipment but we will start to see soon. 

      The bottom line is for every tool that we use we are going to have to contact the vendor, do some research or test.  My hope is that as we identify tools that work and tools that do not we share the information to save the next person some unnecessary headaches.   

    • #18299
      jason
      Participant

      I’m curious to see what happens when NAT (theoretically) goes away. While security through obscurity is not necessarily a good thing, having millions of machines that were previously hidden be directly accessible seems like a bad thing to me.

    • #18300
      Anonymous
      Participant

      well the the issue now becomes finding all those millions of machines.  But it does bring up interesting issues. if your security strategy has been that those machines are NAT’ed you may have to come up with something else.

    • #18301
      jason
      Participant

      I’m betting that we see some sort of IPv6 NAT workalike,or some sort of similar scheme to hide machines appear as we get close to switching over.

    • #18302
      Akhenaton
      Participant

      There have been claims of tools used for scanning IPv6 networks both from security companies and from crackers.  So, finding networks might not be as big a problem as know what you found and where you are and how it relates to your target. 

      I think the issue of hiding networks will require a number of NAT like systems or network segments based on the type of resource that you are attempting to protect.  It could require increased monitoring points along with the usual IDS, Firewalls and AV. Everyone seeing everything might be a bit of a problem. 

    • #18303
      Clay Briggs
      Participant

      Hey Akhenaton,

      You’re right about the federal mandate to go to IPV6… other than it only requires boarder routers.  Which is all we’re doing.  I speak at least in regard to the DOI.  So, our boarder routers will be IPV6, while all our internal network is still IPV4.  With somewhat of a cobbled IPV4 to IPV6 Nat type thing going on.  Granted, I’m not the Network Engineer doing it, but that’s the word frop the top.  It is my suspicion that the rest of the Federal Agencies are going to do that as well.

    • #18304
      jason
      Participant

      @Akhenaton wrote:

      Everyone seeing everything might be a bit of a problem. 

      To say the least. Moving away from the hiding provided by NAT is a huge paradigm shift security-wise.

Viewing 15 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?