Talk from 27C3 on IPv6 insecurity's

[en4rab]

I havent seen this posted on the forum and thought it might be of interest to everyone here.
At this years Chaos communications congress there was a talk on security issues with ipv6, the talks description:

"New protocol features have been proposed and implemented in the last 5 years and ISPs are now slowly starting to deploy IPv6. This talk starts with a brief summary of the issues presented five years ago, and then expands on the new risks. Discovered implemention security issues in Windows 7/2008, Linux and Cisco will be shown too. Comes with a GPL'ed toolkit: thc-ipv6"

You can find the talk on youtube here:
http://www.youtube.com/watch?v=c7hq2q4jQYw

[sput]

Hi there


Everything is static over here (no auto config). No route daemon is installed and any (rogue) route advertisements are ignored. That should take care of most problems.


Regards,
Rob

[comptech]

Very interesting talk.

[cholzhauer]

Hi there


Everything is static over here (no auto config). No route daemon is installed and any (rogue) route advertisements are ignored. That should take care of most problems.


Regards,
Rob

I didn't watch the talk because I don't have 52 minutes to listen to him yammer on ;) but I wanted to mention one thing.  I attended GoGo6 live in CA this year and one of the things they mentioned about static addressing was to be sure that you're not creating a pattern.  For example, you start with 2001:db8:1:1::1, then use 2001:db8:1:1::2, then go to 2001:db8:1:1::3, ect.  They suggested using RA to get an address, then just using that address as the static address and turning off RA.

[sput]

Hi there


Mine are. But you can get my IP addresses from the DNS anyway.


Regards,
Rob