.

IPv6

<<

teedge77

User avatar

Newbie
Newbie

Posts: 9

Joined: Wed Jun 04, 2008 10:21 am

Location: Spring, TX

Post Fri Jun 06, 2008 3:29 pm

IPv6

Hello everyone, this is my first post and hopefully people will be able to excuse what may be a slightly vague question. With IPv6 coming out in the not TERRIBLY distant future....well....being more widely used I suppose is what I really mean. How is that going to change the current security work? What I am trying to get to is...will all tools have to be redone with support? Are there tools that already have updated to support IPv6? Will people who just learned TCP/IP need to go back to the drawing board and learn v6 now or will it be like updating your MCSE from 2000 to 2003, and you just need to recap on the new stuff? How does 6 differ from 4 as far as the OSI model, in the sense of pen testing? Unless you have the 4 stuffed inside the 6, then 4 and 6 arent gonna play nice, right? Well...this has become more vague, incoherent and out of the scope of "Ethical Hacking" and more into "Networking" so I will quit. First post....cut me a little slack.  ;)
Last edited by teedge77 on Fri Jun 06, 2008 3:37 pm, edited 1 time in total.
<<

oneeyedcarmen

User avatar

Full Member
Full Member

Posts: 233

Joined: Thu Jul 05, 2007 2:13 pm

Location: Baltimore, MD USA

Post Fri Jun 06, 2008 3:33 pm

Re: IPv6

Just speaking for myself, I don't think you NEED any slack.  Pretty damned good questions that I had wondered about myself. 

Welcome to the neighborhood.  Grab a beer.
Reluctant CISSP, Certified ASS
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Fri Jun 06, 2008 3:40 pm

Re: IPv6

Now that's a good first post. Welcome to EH-Net.

First of all, try this:

http://www.ipv6.org

You can also try these posts on EH-Net:

- IPv6: Ready or Not
- IPv6 Guru Predicts Last-Minute Switch to Protocol

Since most people who recommend that if you want a career in networking or security, start with learning the ins and outs of TCP/IP, learning IPv6 now can only help you be fully prepared when the time comes. That also makes you more valuable to employers.  ;D

Hope this helps,
Don
Last edited by don on Fri Jun 06, 2008 3:55 pm, edited 1 time in total.
CISSP, MCSE, CSTA, Security+ SME
<<

teedge77

User avatar

Newbie
Newbie

Posts: 9

Joined: Wed Jun 04, 2008 10:21 am

Location: Spring, TX

Post Fri Jun 06, 2008 3:47 pm

Re: IPv6

Ha....yeah...I have seen the "tastes great, less filling" post.  ;) I watched some interesting videos by Google on the topic of IPv6 and the changeover. I will try to post the link for anyone that is interested...if anyone is.

http://www.youtube.com/watch?v=mZo69JQoLb8


There is one, but there are many more if you just search Google and IPv6 (or just IPv6).

Does anyone know of any tools that are already able to take advantage of IPv6?
<<

g00d_4sh

User avatar

Sr. Member
Sr. Member

Posts: 394

Joined: Tue Sep 18, 2007 1:50 pm

Location: Guayaquil, Ecuador

Post Fri Jun 06, 2008 4:09 pm

Re: IPv6

IPv6 is so sparcely implimented I don't think it's a big issue just yet.  Even for us who were REQUIRED to 'update to IPv6'... we're only doing the boarder routers.  And even with that, we're still keeping IPv4 throughout all of our inner workings.  NAT has really slown the push for IPv6, even with all the hype.  What I'm more interested in, is whether people plan to Winblows autonegotiated IPv6, or DHCPv6 with set ranges.  I know personally for sanity and being able to keep a decent idea of whats on the network, I'm leaning toward the latter.  I had a teacher once tell me that Hex is easier to read than binary... I respectfully disagree. ;)  I had to show them that I could convert far faster to decimal.. going Hex to Binary, to Decimal... than their convoluted path of Hex to Decimal.  All I have to say for the future, is thank God we have cut and paste... because remembering an IPv6 addy will be a pain in the arse.
"Bad.. Good?  I'm the guy with the gun"
<<

tbone

Newbie
Newbie

Posts: 1

Joined: Fri Jun 06, 2008 5:55 pm

Post Fri Jun 06, 2008 6:08 pm

Re: IPv6

I really think that converting to the IPV6 is something that is way off in the future and the mathmatical requirement forcing the change will be reached slower then expected or hoped by those that are pushing for V6, I am sure that it's rooted in the groups that think HEX is fun...
<<

LSOChris

Post Sun Jun 08, 2008 9:17 pm

Re: IPv6

it depends on where you live. some countries like japan are in full IPv6 force.  US, not so much but its coming.  to answer the first question alot of tools have to be rewritten but there are some that are compatible. 

I caught a talk by Joe Klein at NoVA Sec on IPv6  and there are plenty of pretty cool network vulnerabilities in IPv6 so its worth learning.  You might get lucky and catch some people running it on their LAN and be able to use it to your advantage.
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Tue Jun 17, 2008 10:44 pm

Re: IPv6

As of 2008-6-1, Nmap v4.65 now supports IPv6 on Windows.

http://nmap.org/changelog.html

Don
CISSP, MCSE, CSTA, Security+ SME
<<

divine

Newbie
Newbie

Posts: 12

Joined: Mon Dec 11, 2006 5:11 pm

Location: Dallas

Post Wed Jun 18, 2008 1:22 pm

Re: IPv6

personal opinon, ready, set, go:

IPv6 is a pain and from strictly a personal perspective I don't think it is necessary to learn it right now, even those who are being forced to change (my company included) are not going to change use anything except IPv4 internally. Honestly, there is no need to change our internal IP space so I don't see it happening anytime soon...

End Personal Opinion...

professional opinion, ready, set go:

Learning New things like IPv6 can do nothing but help prepare you for the future and increase your marketability to future employers, on this one, the career perspective should win out, I am not using nor will I use IPv6 at my current company, however, because I am career minded and more professional then just personal I have learned enough about IPv6 to understand and manage it if necessary. This way if a future employer ever had that requirement... check it off on the list, I am good to go....

end professional opinion:

As you can see their are 2 sides to this argument from everyone's posts you got a little taste of both sides. Take the knowledge that has been shared and do what you think is best for you man ;)....
-Jordan
CEPT, CREA, C|EH, MCSE:Security (too many others that I don't care about to list)
<<

Akhenaton

User avatar

Newbie
Newbie

Posts: 2

Joined: Wed Jun 18, 2008 1:32 pm

Location: Earth

Post Wed Jun 18, 2008 2:49 pm

Re: IPv6

Teedge77,

Excellent question.  This is my first reply and I am a new member so, I hope that my disagreeing with some of the other replies will not offend anyone.  You are correct IPv6 is here. The Federal Government has been mandated by the Office of Budget and Management to migrate to IPv6 by June 30th 2008.  Typically many government agencies won’t make the three year old deadline but, the change has begun. 

Now, to your question. It is a question that I am researching myself.  What network tools work and which don’t?  What are the security implications for applications like VoIP?

It depends on the tool and vendor.  Some of the major vendors have had dual stack products for a while.  Other vendor tools and tools with lower levels of support may not be ready.  Equipment will also be a factor.  Services like FTP, at last I knew are not supported in IPv6 on Cisco routers. 

There are already a number of hacks advertised for IPv6.  I don’t know how well they work or on what types of equipment but we will start to see soon. 

The bottom line is for every tool that we use we are going to have to contact the vendor, do some research or test.  My hope is that as we identify tools that work and tools that do not we share the information to save the next person some unnecessary headaches.   
Last edited by Akhenaton on Wed Jun 18, 2008 2:52 pm, edited 1 time in total.
<<

jason

User avatar

Hero Member
Hero Member

Posts: 1013

Joined: Sat Jun 21, 2008 6:23 pm

Location: USA

Post Mon Jun 23, 2008 3:17 pm

Re: IPv6

I'm curious to see what happens when NAT (theoretically) goes away. While security through obscurity is not necessarily a good thing, having millions of machines that were previously hidden be directly accessible seems like a bad thing to me.
<<

LSOChris

Post Mon Jun 23, 2008 4:03 pm

Re: IPv6

well the the issue now becomes finding all those millions of machines.  But it does bring up interesting issues. if your security strategy has been that those machines are NAT'ed you may have to come up with something else.
<<

jason

User avatar

Hero Member
Hero Member

Posts: 1013

Joined: Sat Jun 21, 2008 6:23 pm

Location: USA

Post Mon Jun 23, 2008 4:07 pm

Re: IPv6

I'm betting that we see some sort of IPv6 NAT workalike,or some sort of similar scheme to hide machines appear as we get close to switching over.
<<

Akhenaton

User avatar

Newbie
Newbie

Posts: 2

Joined: Wed Jun 18, 2008 1:32 pm

Location: Earth

Post Wed Jul 02, 2008 3:19 pm

Re: IPv6

There have been claims of tools used for scanning IPv6 networks both from security companies and from crackers.  So, finding networks might not be as big a problem as know what you found and where you are and how it relates to your target. 

I think the issue of hiding networks will require a number of NAT like systems or network segments based on the type of resource that you are attempting to protect.  It could require increased monitoring points along with the usual IDS, Firewalls and AV. Everyone seeing everything might be a bit of a problem. 
<<

g00d_4sh

User avatar

Sr. Member
Sr. Member

Posts: 394

Joined: Tue Sep 18, 2007 1:50 pm

Location: Guayaquil, Ecuador

Post Wed Jul 02, 2008 7:07 pm

Re: IPv6

Hey Akhenaton,

You're right about the federal mandate to go to IPV6... other than it only requires boarder routers.  Which is all we're doing.  I speak at least in regard to the DOI.  So, our boarder routers will be IPV6, while all our internal network is still IPV4.  With somewhat of a cobbled IPV4 to IPV6 Nat type thing going on.  Granted, I'm not the Network Engineer doing it, but that's the word frop the top.  It is my suspicion that the rest of the Federal Agencies are going to do that as well.
"Bad.. Good?  I'm the guy with the gun"
Next

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software