Hurricane Electric's IPv6 Tunnel Broker Forums

General IPv6 Topics => IPv6 Basics & Questions & General Chatter => Topic started by: en4rab on January 02, 2011, 06:09:29 AM

Title: Talk from 27C3 on IPv6 insecurity's
Post by: en4rab on January 02, 2011, 06:09:29 AM
I havent seen this posted on the forum and thought it might be of interest to everyone here.
At this years Chaos communications congress there was a talk on security issues with ipv6, the talks description:
Quote
"New protocol features have been proposed and implemented in the last 5 years and ISPs are now slowly starting to deploy IPv6. This talk starts with a brief summary of the issues presented five years ago, and then expands on the new risks. Discovered implemention security issues in Windows 7/2008, Linux and Cisco will be shown too. Comes with a GPL'ed toolkit: thc-ipv6"
You can find the talk on youtube here:
http://www.youtube.com/watch?v=c7hq2q4jQYw
Title: Re: Talk from 27C3 on IPv6 insecurity's
Post by: sput on January 02, 2011, 09:32:57 AM
Hi there


Everything is static over here (no auto config). No route daemon is installed and any (rogue) route advertisements are ignored. That should take care of most problems.


Regards,
Rob
Title: Re: Talk from 27C3 on IPv6 insecurity's
Post by: comptech on January 02, 2011, 11:02:52 AM
Very interesting talk.
Title: Re: Talk from 27C3 on IPv6 insecurity's
Post by: cholzhauer on January 03, 2011, 04:47:09 AM
Hi there


Everything is static over here (no auto config). No route daemon is installed and any (rogue) route advertisements are ignored. That should take care of most problems.


Regards,
Rob


I didn't watch the talk because I don't have 52 minutes to listen to him yammer on ;) but I wanted to mention one thing.  I attended GoGo6 live in CA this year and one of the things they mentioned about static addressing was to be sure that you're not creating a pattern.  For example, you start with 2001:db8:1:1::1, then use 2001:db8:1:1::2, then go to 2001:db8:1:1::3, ect.  They suggested using RA to get an address, then just using that address as the static address and turning off RA.
Title: Re: Talk from 27C3 on IPv6 insecurity's
Post by: sput on January 04, 2011, 05:30:27 AM
Hi there


Mine are. But you can get my IP addresses from the DNS anyway.


Regards,
Rob