Hurricane Electric's IPv6 Tunnel Broker Forums
General IPv6 Topics => IPv6 Basics & Questions & General Chatter => Topic started by: en4rab on January 02, 2011, 06:09:29 AM
-
I havent seen this posted on the forum and thought it might be of interest to everyone here.
At this years Chaos communications congress there was a talk on security issues with ipv6, the talks description:
"New protocol features have been proposed and implemented in the last 5 years and ISPs are now slowly starting to deploy IPv6. This talk starts with a brief summary of the issues presented five years ago, and then expands on the new risks. Discovered implemention security issues in Windows 7/2008, Linux and Cisco will be shown too. Comes with a GPL'ed toolkit: thc-ipv6"
You can find the talk on youtube here:
http://www.youtube.com/watch?v=c7hq2q4jQYw
-
Hi there
Everything is static over here (no auto config). No route daemon is installed and any (rogue) route advertisements are ignored. That should take care of most problems.
Regards,
Rob
-
Very interesting talk.
-
Hi there
Everything is static over here (no auto config). No route daemon is installed and any (rogue) route advertisements are ignored. That should take care of most problems.
Regards,
Rob
I didn't watch the talk because I don't have 52 minutes to listen to him yammer on ;) but I wanted to mention one thing. I attended GoGo6 live in CA this year and one of the things they mentioned about static addressing was to be sure that you're not creating a pattern. For example, you start with 2001:db8:1:1::1, then use 2001:db8:1:1::2, then go to 2001:db8:1:1::3, ect. They suggested using RA to get an address, then just using that address as the static address and turning off RA.
-
Hi there
Mine are. But you can get my IP addresses from the DNS anyway.
Regards,
Rob