[ipv6hackers] IPv6 security presentation at Hack.lu 2011

Jim Small jim.small at cdw.com
Fri Sep 23 03:10:09 CEST 2011


This is a great discussion.  My big wish though is to talk about actionable items:

Regarding RDNSS - I thought this was essentially unsupported but I was pleasantly surprised to find out that many of the latest O/S versions do support it:
http://en.wikipedia.org/wiki/Comparison_of_IPv6_support_in_operating_systems
Notably OS X 10.7 includes support for this.  Unfortunately it is still lacking in Windows but I think it is likely this will be fixed in Windows 8.

>Many expect a transition to IPv6 will not occur soon.
[JRS>] This is not exactly security related but I have done much research and speaking on this topic.  In fact the largest broadband provider in the US (Comcast) will have *completed* their IPv6 rollout sometime next year.  The 2nd largest cable company (Time Warner) is close behind.  There is similar activity in Europe.  Most of the major cellular carriers are rolling out IPv6 next year.  Those who think that IPv6 is years away and in for a rude awakening shortly.

>It is possible to deploy SeND (...)
I guess I am perplexed by the discussions of SeND.  It's a great protocol but it isn't implemented (at least in the mainline kernel) of any O/S.  So it's completely theoretical.  Please forgive me for being a technician but I would much prefer to focus on technologies which we can actually implement or which have a chance of being adopted.  Microsoft and Apple have no interest in this and it hasn't made it into the Linux kernel so to me any conversation about SeND seems pointless.  Am I missing the boat here?

> I [Fernando] wrote to I-Ds to make an RA-Guard and ND-monitoring mitigations:
[JRS>] Thank you Fernando for all your hard work in pushing for solutions to the existing problems.

  --Jim




More information about the Ipv6hackers mailing list