IPv6 anyone?

41 views
Skip to first unread message

Tomasz Miklas

unread,
Nov 2, 2010, 1:46:35 PM11/2/10
to kippo users
Hi

I'd like to know if you have IPv6 connectivity... I would be
interested in comparing how much rogue traffic could come on IPv4 vs
IPv6 and put sensor like kippo out on both. Logic would suggest that
nobody would be scanning IPv6 space because of its size, but... most
customer-grade hardware doesn't support IPv6 (still or yet) despite OS-
es do, the hardware that supports it (in terms of routing) mostly
can't do any filtering (yay, no firewallz :>) and if router has IPv6,
quite often there is RA/ND running on it, so any machine capable of
IPv6 will get address assigned and will be reachable :-)

In a way IPv6 will make us make the same mistakes as we did with
IPv4... on the other hand it will make casual attacks take much longer
because of the size of the address space. Maybe it's not all that bad
as many people say... Does it make sense?

So... is anybody here running kippo or any other honeypot on IPv6?

t.

AndrewWaite

unread,
Nov 4, 2010, 7:39:53 AM11/4/10
to kippo users
I'm not IPv6 capable yet, but If anyone has spare time (I don't at the
moment) it may be possible to setup an IPv6/v4 tunnel.

For starters take a look at http://ipv6tb.he.net/ for tunnel
brokerage. Not sure on exact process or costs, but could be a good
first step to IPv6.

I would be interested in results if anyone gets this running.

--Andrew

Tomasz Miklas

unread,
Nov 4, 2010, 5:48:22 PM11/4/10
to kippo users
Hi

On Nov 4, 11:39 am, AndrewWaite <a...@infosanity.co.uk> wrote:

> I'm not IPv6 capable yet, but If anyone has spare time (I don't at the
> moment) it may be possible to setup an IPv6/v4 tunnel.
>
> For starters take a look athttp://ipv6tb.he.net/for tunnel
> brokerage. Not sure on exact process or costs, but could be a good
> first step to IPv6.
>
> I would be interested in results if anyone gets this running.

This will go little off-topic, so...

I can help no problem - as much as time allows. I can also recommend
HE.net as tunnel broker - I use them mainly for all of my systems. No
problems with setting it up on Linux - they have step by step or even
copy'n'paste config generator. At the moment I terminate my private
tunnel on Juniper appliance and works great, /48 assigned as well, etc
etc. Fun - that's it!

HE.net offers free certification as well - this is nice learning path
that you get scores for doing practical hands-on setup of your
environment. You start with setting up tunnel and pinging it through,
then add web server, smtp server (and that includes DNS setup for your
domain), it goes quite steep quite quickly but that's good stuff. It's
handy to have your own domain registered with some technically good
registrar as the last tasks for Guru level require setting up glue
records for DNS (to put IPv6 DNS servers in WHOIS) and not all
registrars support that. I know OVH does - I have registered a domain
with them just for that.
Then you get the same stuff - firewalls, applications, etc. Configure
your linux box or whatever you use as lab gateway to do the whole RA/
ND (router advert/neighbor discovery) and then you have your whole lab
IPv6 enabled. All of that can be done in one evening to be honest -
from start to Guru level in fact (mind the DNS refresh times) :)

Another reasonable tunnel broker is SixxS but their approach is a bit
different - have a read yourself in fact. For me HE.net is more
production ready, no fancy stuff - get it working, use it as much as
you like.

So anybody would like to join me? I don't suspect much traffic on
kippo but if we are not ahead of the bad guys, they will be ahead of
us... :)
IPv6 is end-to-end connectivity so IMHO it's time to get over it and
move on (to IPv6) so we are not left out in the dark once it happens.

Tomasz
Reply all
Reply to author
Forward
0 new messages