IPv6 – Page 2 – Insinuator.net

March 23, 2018 by Niki Vonderwell

#TR18 Next Generation Internet (NGI) Summaries

This blogpost contains summaries of talks from this year’s TROOPERS18 Next Generation Internet Event.

Continue reading “#TR18 Next Generation Internet (NGI) Summaries”

December 1, 2017 by Jacky Hammer

Let’s talk about RFC 6980

Following my work with the FreeBSD implementation of RFC 6980 I was happy to present my work at last week’s DENOG 9 meeting.
To make it available to anyone who did not meet me there and go into some more detail that would have exceeded the boundaries of the talk, I will cover the topic here.

Continue reading “Let’s talk about RFC 6980”

Building

November 10, 2017 by Enno Rey

Why It Might Make Sense to Use IPv6 in Enterprise Infrastructure Projects

Looking at IPv6 deployment graphs like this one it becomes clear that IPv6 still is not widely deployed in enterprise space (the reason for the apparent oscillation in that curve is the difference between working days – where people use their office computers – and weekend where they preferably use their smartphones or their home equipment connected by means of broadband networks).

Continue reading “Why It Might Make Sense to Use IPv6 in Enterprise Infrastructure Projects”

Misc

October 9, 2017 by Enno Rey

Position Paper on an Enterprise Organization’s IPv6 Address Strategy

A while ago I wrote a short paper laying out options for an enterprise organization to get global IPv6 address space from the RIPE NCC, discussing the advantages and disadvantages of different approaches. As I think the topic may be of interest for others, too, I’ve distilled an anonymized version. It can be found here. I hope some of you find it useful.

Cheers, Enno

Events

September 29, 2017 by Enno Rey

RIPE IoT Roundtable Meeting / Balanced Security for IPv6 CPE Revisited

Last week I had the pleasure to participate at the first RIPE IoT Roundtable Meeting in Leeds (thanks! to Marco Hogewoning for organising it). It was a day with many fruitful discussions. I particularly enjoyed Robert Kisteleki‘s talk on RIPE NCC’s own design & (security) process considerations in the context of RIPE Atlas (at TR17 NGI there was an intro to Atlas, too).
In this post I’d like to quickly lay out the main points of my own contribution on “Balanced Security for IPv6 CPE Revisited” (the slides can be found here).

Continue reading “RIPE IoT Roundtable Meeting / Balanced Security for IPv6 CPE Revisited”

Misc

September 19, 2017 by Rafael Schaefer

An Update of PenTesting Tools that (do not) Support IPv6

As you may remember, back in 2014 we published a whitepaper (compiled by Antonis Atlasis) on the support of IPv6 in different pentesting tools. This is almost three years ago and we thought it is time for an update. In short not much has changed. Most of the tools which didn’t support IPv6 are still not supporting it or haven’t got any update since then.
This post will cover the tools where we could identify some progress on supporting IPv6.

Continue reading “An Update of PenTesting Tools that (do not) Support IPv6”

Building

July 17, 2017 by Christopher Werny

IPv6 RA Flags, RDNSS and DHCPv6 Conflicting Configurations Revisited

As you may know, we published a whitepaper discussing the behavior of different operating systems once they receive IPv6 configuration parameters from different sources two years ago. At that time, the results were quite a mess. We were curious whether the situation is still so “dire” like two years ago. We fired up the lab, updated the tested operating systems and performed the tests again. Continue reading “IPv6 RA Flags, RDNSS and DHCPv6 Conflicting Configurations Revisited”

Misc

July 6, 2017 by Enno Rey

Local Packet Filtering with IPv6

Just recently we discussed IPv6 filter rules for NIC-level firewalls (in a virtualized data center) with a customer. I’d like to take this as an opportunity to lay out potential approaches for local packet filtering of IPv6, which in turn might somewhat depend on the address configuration strategy chosen for the respective systems (for the latter you may refer to this post or to this talk from the Troopers NGI event).

Continue reading “Local Packet Filtering with IPv6”

Misc

June 23, 2017 by Jacky Hammer

Testing RFC 6980 Implementations of FreeBSD

Following Enno’s research on “Testing RFC 6980 Implementations with Chiron“, we decided to redo the experiment with FreeBSD targets.

Continue reading “Testing RFC 6980 Implementations of FreeBSD”

Misc

May 12, 2017 by Enno Rey

RIPE74 / Why IPv6 Security Is So Hard

I’m on my way back from the RIPE74 meeting in Budapest. It was a great event: quite a few nice technical talks in the plenary, productive working group meetings and some really good hallway discussions.
Big thanks to the RIPE NCC team for the smooth organization and for taking care of us!

Continue reading “RIPE74 / Why IPv6 Security Is So Hard”