History of Networking: Bob Hinden on IPv6

13 November 2018 | Comments Off on History of Networking: Bob Hinden on IPv6

The State of IPv6 Deployment

10 October 2018 | Comments Off on The State of IPv6 Deployment

IPv6 Security Considerations

1 October 2018 | Comments Off on IPv6 Security Considerations

When rolling out a new protocol such as IPv6, it is useful to consider the changes to security posture, particularly the network’s attack surface. While protocol security discussions are widely available, there is often not “one place” where you can go to get information about potential attacks, references to research about those attacks, potential counters,…

SLAAC and DHCPv6

5 December 2017 | 1 Comment

When deploying IPv6, one of the fundamental questions the network engineer needs to ask is: DHCPv6, or SLAAC? As the argument between these two has reached almost political dimensions, perhaps a quick look at the positive and negative attributes of each solution are. Originally, the idea was that IPv6 addresses would be created using stateless…

On the ‘net: Fragmentation and IPv6

21 September 2017 | Comments Off on On the ‘net: Fragmentation and IPv6

Does this mean we ban all filtering of traffic on the public Internet, imposing the end-to-end rule in earnest, leaving all security to the end hosts? This does seem to be the flavor of the original IPv6 discussions around stateful packet filters. This does not, however, seem like the most realistic option available; the stronger…

The Back Door Feature Problem

4 January 2017 | Comments Off on The Back Door Feature Problem

In Don’t Forget to Lock the Back Door! A Characterization of IPv6 Network Security Policy, the authors ran an experiment that tested for open ports in IPv4 and IPv6 across a wide swath of the network. What they discovered was interesting— IPv6 is more open than IPv4. A given IPv6 port is nearly always more…

IPv6, DHCP, and Unintended Consequences

13 December 2016 | Comments Off on IPv6, DHCP, and Unintended Consequences

I ran into an interesting paper on the wide variety of options for assigning addresses, and providing DNS information, in IPv6, over at ERNW. As always, with this sort of thing, it started me thinking about the power of unintended consequences, particularly in the world of standardization. The authors of this paper noticed there are…

Thinking about side channel attacks

17 May 2016 | Comments Off on Thinking about side channel attacks

When Cyrus wanted to capture Babylon, he attacked the river that flows through the city, drying it out and then sending his army under the walls through the river entrance and exit points. In a similar way, the ventilator is a movie favorite, used in both Lord of the Rings and Star Wars, probably along…

Engineering Lessons, IPv6 Edition

14 August 2015 | Comments Off on Engineering Lessons, IPv6 Edition

Yes, we really are going to reach a point where the RIRs will run out of IPv4 addresses. As this chart from Geoff’s blog shows — Why am I thinking about this? Because I ran across a really good article by Geoff Huston over at potaroo about the state of the IPv4 address pool at…