EvilZone
Community => General discussion => Topic started by: proxx on March 24, 2014, 08:32:13 AM
-
(http://nmap.org/movies/dredd/dredd-nmap-movie-screenshot-crop-400x200.jpg)
Looks like we dont have to worry about going to ipv6 for a long time.
Not sure in which year the movie Dredd is supposed to be but it is a pleasant thought that its still using IPv4 :P
Hell look at this (Matrix);
(http://nmap.org/movies/matrix/trinity-nmapscreen-hd-cropscale-418x250.jpg)
More IPv4 :P
No seriously , just wanted to discuss what you guys will expect to happen to firewalling and NAT in the IPv6 realm.
In theory we don't need NAT no more yet it is the primary method of firewalling.
Any thoughts here?
-
I think IPv6 is great in that it simplifies things by consolidating them. NDP is built into ICMP, which facilitates addressing and routing; almost replacing DHCP and ARP. There is a DHCPv6 functionality if you want it(nice to have options).
I do like the idea of extending ICMP with what's called Neighbor Discovery Protocol. NDP defines new packet types responsible for routing functionality similar to what ARP provides, except it's consolidated into ICMP.
I have much more to learn about using IPv6 as I don't really use it. I do know that you can send rogue 'router-advertisement' packets(ICMPv6-NDP type 134) which is equivalent to an ARP reply packet in how it functions. It's letting all computers on the network know, "i'm the new gateway; here's my address and route all traffic through me". The same thing can be done for other nodes on the network, but instead of router advertisement it's called neighbor-advertisement(ICMPv6-NDP type 136). A type 136 packet would say "here's my IPv6 address and here's my MAC" like how an ARP reply packet would function. This is the basis of a MITM attack using IPv6.
You can also use 'solicitation packets' for discovering gateways and other hosts on the network. This would be like an ARP request packet looking for other hosts on the LAN. You can see the parallels in function when comparing to IPv4, and it's apparent that they've 'cleaned' things up quite a bit by consolidating functionality.
Sources: http://en.wikipedia.org/wiki/IPv6 (http://en.wikipedia.org/wiki/IPv6), http://en.wikipedia.org/wiki/Neighbor_Discovery_Protocol (http://en.wikipedia.org/wiki/Neighbor_Discovery_Protocol), https://www.thc.org/thc-ipv6/README (https://www.thc.org/thc-ipv6/README)
-
Well there certainly will be a whole new plethora of attacks.... as well as the dying of old ones. Since IPv6 won't be using ARP anymore for example. Idk, I'm just trying to figure out how I'm going to remember IP addresses once the switch happens.
-
Well there certainly will be a whole new plethora of attacks.... as well as the dying of old ones. Since IPv6 won't be using ARP anymore for example. Idk, I'm just trying to figure out how I'm going to remember IP addresses once the switch happens.
No shit right? Apparently I smoke too much weed to use IPv6.
-
IPv6 certainly solves the problem of address exhaustion what with its extremely high number of combinations, but it is just as big of an insecure mess as ever, if not even more so.
Try playing around with the THC IPv6 toolkit some time.
-
Idk, I'm just trying
to figure out how I'm going to remember IP
addresses once the switch happens.
For all i know there isn't going to be a one big switch like
'hello world, we are dropping all IPv4 stuff today and switching to the
new IPv6 protocol.' Nah, we are going to live in harmony with both
protocols for quite sometime.
About remembering the ip address, well its gonna be the price we pay.