[LAC-TF] [LACNIC/Seguridad] Fwd: IPv6 Address Analysis - Privacy In, Transition Out
jose.alvarez at telvent.com
jose.alvarez at telvent.com
Tue May 21 12:16:22 BRT 2013
Para ver que IOS de CISCO soportan la funcionalidad de ipv6 te recomiendo
que entres al link:
http://tools.cisco.com/Support/Fusion/FusionHome.do
Tienes que ejecutar el Software Advisor, te preguntará el hardware que
tienes y la funcionalidad que necesitas (en este caso ipv6) con esos datos
el te recomienda la versión de IOS a usar.
Saludos
Valeriano
"Carlos M. Martinez"
Enviado por: lactf-bounces at lacnic.net
21/05/2013 16:58
Por favor, responda a lactf
Para:
lactf at lac.ipv6tf.org
cc:
Asunto:
Re: [LAC-TF] [LACNIC/Seguridad] Fwd: IPv6 Address Analysis - Privacy In,
Transition Out
En esta época mas bien tendrías que preguntar 'cuales NO soportan IPv6'.
A menos que te interese algún feature especial, la pila base esta
implementada en todos esos sistemas operativos, con el bien conocido
problema de que XP no hace consultas de DNS por IPv6.
s2
~C.
On 5/21/13 11:46 AM, GGL wrote:
> Estimados Señores(as)
>
> Estoy realizando un trabajo de implementación IPv6, en la Universidad en
> la cual laboro.
> Necesito saber si conocen de algún site, que contengan tablas de cuales
> IOS de cisco
> soporten IPv6, asi también para las diferentes plataformas operativas
> WindowsXP y
> distribuciones de Linux
>
> Gracias a todos.
>
>
>
> 2013/5/17 Arturo Servin <aservin at lacnic.net <mailto:aservin at lacnic.net>>
>
>
> Muy interesante artículo de Internet Society, gracias por
> compartir.
>
> Y que bien que usaron tu trabajo para generar algunos
> resultados, felicidades!
>
> Slds
> as
>
> On 17 May 2013, at 00:10, Fernando Gont wrote:
>
> > FYI.
> >
> > Fuente:
> >
> <
http://www.internetsociety.org/blog/2013/05/ipv6-address-analysis-privacy-transition-out
>
> >
> > ---- cut here ----
> > IPv6 Address Analysis - Privacy In, Transition Out
> > Mat Ford
> >
> > IPv6 addresses come in a variety of forms. Examining the
> bit-patterns of
> > an IPv6 address can tell us, or give a strong indication, about
> the way
> > that it was generated. In early work on the subject, Dave Malone
> > explains, "IPv6 addresses are longer than IPv4 addresses, and are
so
> > capable of greater expression. Given an IPv6 address, conventions
and
> > standards allow us to draw conclusions about how IPv6 is being
used on
> > the node with that address."
> >
> > At the recent Internet Engineering Protocol Group (IEPG) meeting
in
> > Orlando, Florida, Fernando Gont presented his work on Scanning the
> IPv6
> > Internet: theory & practice. The much larger address space of IPv6
> makes
> > crude brute-force network scans unfeasible. In his presentation
> Fernando
> > talked about the ways in which IPv6 changes the network
reconnaissance
> > game because of this and he also presented the IPv6 Toolkit suite
of
> > IPv6 security and troubleshooting tools that he has developed.
> >
> > Gont has built on Malone's earlier work by providing a tool
(address6)
> > to analyse large numbers of IPv6 addresses and classify them into
> > various categories depending on whether they appear to be
> > auto-generated, randomised privacy addresses, manually configured
> > low-byte or IPv4-based addresses and so on. These categories are
> > described in more detail in the IETF Operational Security
Capabilities
> > for IP Network Infrastructure (opsec) Working Group document,
"Network
> > Reconnaissance in IPv6 Networks."
> >
> > Malone's results are presented in Figure 1. As the opsec WG
document
> > observes, '[Malone's] are the most comprehensive
address-measurement
> > results that have so far been made publicly available', and,
> 'evolution
> > of IPv6 implementations, changes in the IPv6 address selection
policy,
> > etc. since [Malone2008] was published might limit (or even
> obsolete) the
> > validity of these results.'
> >
> >
> > [Figure 1 - Results from Malone2008]
> >
> > Given some webserver logs and Gont's address6 tool it is fairly
> trivial
> > to explore whether the ratios of client address types have in fact
> > changed since 2008. Using the last 12 months worth of webserver
> logs for
> > the Internet Society's website, comprising over 50,000 unique IPv6
> > addresses, the following results were obtained.
> >
> > Less than 2% of connections used the 6to4 transition technology
while
> > the remainder were native IPv6 connections, a mark of the growing
> > maturity of the IPv6 Internet. This result is mirrored in the IPv6
> > statistics produced by Google that show that the use of transition
> > technology has been declining since 2010 and now less than 1% of
users
> > that access Google over IPv6 are using a transition technology.
It's
> > also probably worth noting that we saw no Teredo connections in
> the period.
> >
> > Figure 2 shows a more detailed analysis of the interface
> identifiers in
> > the sample. This is very strikingly different to Malone's results
from
> > 2008 and clearly shows the impact of changes to IPv6
> implementations in
> > the intervening period. The vast majority (nearly 70%) of
> addresses are
> > now classified as 'Randomized', while the auto-configured
> addresses that
> > previously comprised 50% of the sample are now less than 8%.
> IPv4-based
> > addresses are still a significant proportion (nearly 14%) and the
> > manually-generated 'low-byte' addresses are just over 6%, similar
to
> > Malone's result.
> >
> > [Figure 2 - IPv6 Interface ID analysis]
> >
> > These measurement results update the public understanding of IPv6
> > address types in use today and show us that randomized interface
> > identifiers are far more prevalent than they used to be. It is
also
> > notable that transition technologies (Teredo and 6to4) are either
> > non-existent or very little used on the IPv6 Internet of 2013.
> >
> > Acknowledgements: Thanks to Peter Godwin at the Internet Society
for
> > providing access to the webserver logs necessary for this
analysis.
> > ---- cut here ----
> >
> > Saludos,
> > --
> > Fernando Gont
> > SI6 Networks
> > e-mail: fgont at si6networks.com <mailto:fgont at si6networks.com>
> > PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
> >
> >
> >
> >
> > _______________________________________________
> > Seguridad mailing list
> > Seguridad at lacnic.net <mailto:Seguridad at lacnic.net>
> > https://mail.lacnic.net/mailman/listinfo/seguridad
>
> _______________________________________________
> LACTF mailing list
> lactf at lac.ipv6tf.org <mailto:lactf at lac.ipv6tf.org>
> https://mail.lacnic.net/mailman/listinfo/lactf
>
>
>
>
> --
> “Aquellos que están en guerra con otros, no están en paz con ellos
> mismos.” William Harvey
>
>
>
>
> _______________________________________________
> LACTF mailing list
> lactf at lac.ipv6tf.org
> https://mail.lacnic.net/mailman/listinfo/lactf
>
_______________________________________________
LACTF mailing list
lactf at lac.ipv6tf.org
https://mail.lacnic.net/mailman/listinfo/lactf
______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
______________________________________________________________________
***********Internet Email Confidentiality Footer************* This email and any files transmitted with it are confidential and intended solely for the use of the organization or individual to whom they are addressed. It is expressly forbidden to retransmit or copy email and/or this attached files without our permission. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email. Please advise immediately if you or your employer does not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of my firm shall be understood as neither given nor endorsed by it. ****** Confidencialidad de Correo electrónico de Internet ****** Este correo electrónico y cualquier archivo transmitido con el, es confidencial y destinado exclusivamente para el empleo de la organización o el individuo a quien esta dirigido. Esta expresamente prohibido su reenvio o copia del correo electrónico y/o de los archivos anexados sin permiso del remitente. El contenido esta protegido según la regulación sobre la Protección de Datos e Información Personal. Si usted no es el destinatario indicado en este mensaje (o responsable de la entrega del mensaje a tal persona), no puede copiar, reenviar o entregar este mensaje. En tal caso, usted debe destruir este mensaje y notificar al remitente por el correo electrónico de respuesta. Puede notificar igualmente si no desea recibir correos electrónicos de esta clase. Las opiniones, conclusiones y otra información en este mensaje que no se relaciona con la actividad de la compañía ni serán entendidas como autorizadas por ésta.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.lacnic.net/pipermail/lactf/attachments/20130521/8ac302e4/attachment.html>
More information about the LACTF
mailing list