Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Author Topic: Talk from 27C3 on IPv6 insecurity's  (Read 3143 times)

en4rab

  • Newbie
  • *
  • Posts: 1
Talk from 27C3 on IPv6 insecurity's
« on: January 02, 2011, 06:09:29 AM »

I havent seen this posted on the forum and thought it might be of interest to everyone here.
At this years Chaos communications congress there was a talk on security issues with ipv6, the talks description:
Quote
"New protocol features have been proposed and implemented in the last 5 years and ISPs are now slowly starting to deploy IPv6. This talk starts with a brief summary of the issues presented five years ago, and then expands on the new risks. Discovered implemention security issues in Windows 7/2008, Linux and Cisco will be shown too. Comes with a GPL'ed toolkit: thc-ipv6"
You can find the talk on youtube here:
http://www.youtube.com/watch?v=c7hq2q4jQYw
Logged

sput

  • Newbie
  • *
  • Posts: 40
    • Rob's server
Re: Talk from 27C3 on IPv6 insecurity's
« Reply #1 on: January 02, 2011, 09:32:57 AM »

Hi there


Everything is static over here (no auto config). No route daemon is installed and any (rogue) route advertisements are ignored. That should take care of most problems.


Regards,
Rob
Logged

comptech

  • Newbie
  • *
  • Posts: 31
Re: Talk from 27C3 on IPv6 insecurity's
« Reply #2 on: January 02, 2011, 11:02:52 AM »

Very interesting talk.
Logged

cholzhauer

  • Hero Member
  • *****
  • Posts: 2714
Re: Talk from 27C3 on IPv6 insecurity's
« Reply #3 on: January 03, 2011, 04:47:09 AM »

Hi there


Everything is static over here (no auto config). No route daemon is installed and any (rogue) route advertisements are ignored. That should take care of most problems.


Regards,
Rob


I didn't watch the talk because I don't have 52 minutes to listen to him yammer on ;) but I wanted to mention one thing.  I attended GoGo6 live in CA this year and one of the things they mentioned about static addressing was to be sure that you're not creating a pattern.  For example, you start with 2001:db8:1:1::1, then use 2001:db8:1:1::2, then go to 2001:db8:1:1::3, ect.  They suggested using RA to get an address, then just using that address as the static address and turning off RA.
Logged

sput

  • Newbie
  • *
  • Posts: 40
    • Rob's server
Re: Talk from 27C3 on IPv6 insecurity's
« Reply #4 on: January 04, 2011, 05:30:27 AM »

Hi there


Mine are. But you can get my IP addresses from the DNS anyway.


Regards,
Rob
Logged