• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Talk from 27C3 on IPv6 insecurity's

Started by en4rab, January 02, 2011, 06:09:29 AM

Previous topic - Next topic

en4rab

I havent seen this posted on the forum and thought it might be of interest to everyone here.
At this years Chaos communications congress there was a talk on security issues with ipv6, the talks description:
Quote"New protocol features have been proposed and implemented in the last 5 years and ISPs are now slowly starting to deploy IPv6. This talk starts with a brief summary of the issues presented five years ago, and then expands on the new risks. Discovered implemention security issues in Windows 7/2008, Linux and Cisco will be shown too. Comes with a GPL'ed toolkit: thc-ipv6"
You can find the talk on youtube here:
http://www.youtube.com/watch?v=c7hq2q4jQYw

sput

Hi there


Everything is static over here (no auto config). No route daemon is installed and any (rogue) route advertisements are ignored. That should take care of most problems.


Regards,
Rob

comptech


cholzhauer

Quote from: sput on January 02, 2011, 09:32:57 AM
Hi there


Everything is static over here (no auto config). No route daemon is installed and any (rogue) route advertisements are ignored. That should take care of most problems.


Regards,
Rob


I didn't watch the talk because I don't have 52 minutes to listen to him yammer on ;) but I wanted to mention one thing.  I attended GoGo6 live in CA this year and one of the things they mentioned about static addressing was to be sure that you're not creating a pattern.  For example, you start with 2001:db8:1:1::1, then use 2001:db8:1:1::2, then go to 2001:db8:1:1::3, ect.  They suggested using RA to get an address, then just using that address as the static address and turning off RA.

sput

Hi there


Mine are. But you can get my IP addresses from the DNS anyway.


Regards,
Rob