LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] What Irish ISPs support IPv6?

[ILUG] What Irish ISPs support IPv6?

Brendan Minish bminish at minish.org
Fri Apr 17 18:36:47 IST 2009 

On Fri, 2009-04-17 at 17:21 +0100, Andrew Court wrote:
> I would have thought if you got an IPv6 address now, it would have
> major security benefits. I am assuming most people on this list have
> servers and things. I would imagine the script kiddies have not
> started scanning ipv6 networks yet, as there are so few systems
> running it yet. That of course will change.


The scanning game will change forever once IPv6 is deployed to the end
user. the RIPE recommended allocation for an end user site is a /48. 
this is potentially 65536 separate / 64 subnets
Each /64 breaks down into over 4 billion potential addresses 

For the script kiddes this represents a truly vast amount of empty space
that needs to be scanned to even find one host on an end user site. 
Unlike IPv4 space where many netblocks are at near 100% occupancy.  
http://www.tcpipguide.com/free/t_IPv6AddressSizeandAddressSpace-2.htm



NAT is not the same as a firewall and creating IPv6 firewalls is about
as straightforward as creating IPv4 firewalls. 

I am sure that IPv6 has vulnerabilities that we are only beginning to
understand and holes that will need fixing but random netblock scanning
for soft targets is very unlikely to be one of them.
If you let someone run a netblock scan against your allocation for years
at a time then they may come up with a few hits but your IDS should have
picked up the scan after the first five years or so ;-) 

IPv4 exhaustion is very real, we (as an ISP) are now able to deploy IPv6
to end users that want it but automated provisioning, Cheap CPE devices,
Customer support and potential unintended issues with end user equipment
are all issues that need to be considered.

For ISP's the need to roll out IPv6 is real and imminent, especially for
the smaller players but we also need IPv6 Content (Hosting companies
please dual-home your customers..) and the ability to get an SLA from
IPv6 transit providers (once it gets turned on stuff that people care
about like mail will go via IPv6 so it needs to be solid and reliable
end to end.)  

IPv6 is in the main a well thought out protocol. It is a much nicer
solution for both end users and ISP's than 'carrier grade NAT' will
be.  

regards
Brendan.

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell