The Impact of IPv4-Address Exhaustion on the Security of the IPv4-Only Internet

With the IPv4-address exhaustion becoming closer and closer, there could be an impact on some security techniques used by Internet Service Providers (ISP) and other security organizations. Indeed, ISPx rely on the fact that part of...

Will I lose customers if I enable IPv6 on my web site?

What happens when a web site enables IPv6 access in addition to IPv4 access? Not talking here about the technical steps (configuring IPv6 in the kernel, adding a AAAA to DNS, checking whether logs include IPv6) but rather on the...

IPv6 is being deployed but not in the expected places

IPv6 exists for more than 15 years and it is rumored to be deployed extensively in Asia and especially in Japan and China with Africa being the last continent to deploy IPv6. Another place where there should be a lot of deployments...

Should ISP change their subcribers' contract for IPv6?

For once, this article is not about security but rather on IPv6 for residential subscribers and their contract to their ISP. As I see more and more residential ISP moving to IPv6, most of them seem to simply import their IPv4...

Too many options for IPv6 address configuration?

As security people, we all know that having too many options is always a bad thing: simple setup is often more secured than a complex setup. And, when it comes to IPv6, there are THREE ways to configure one IPv6 global...

Can we block all IPv6 tunnels in our enterprise network?

A major IPv4 to IPv6 transition technique is the use of tunnels; this is encapsulating IPv6 packets into IPv4 packets that can then be transported over the IPv4-only parts of the Internet. Those tunnels can also be used within the...

Finding who is sending 'bad' IPv6 traffic

In the world of IPv4, every network operator and security person know how to identify the host which sends 'bad' IPv4 traffic. In this blog entry, bad means launching an attack or sending malovent traffic, or violating Acceptable Use...

Is the Internet really a safe place when ignoring IPv6?

Today, I had a great read: a 114-page report from the US Department of Home Security (http://www.it-scc.org/documents/IT_Sector_Risk_Assessment_Report_Final.pdf). This report claims that the Internet infrastructure is well secured...

Mitigating Rogue RA with Port ACL

The most common security issue, that I have found in IPv6 networks, is the rogue RA. [b]Rogue RA[/b] is a misconfigured device or a malicious user sending wrong Router Advertisements to all attached hosts. Those hosts will then use...

Why should I care about IPv6 security in my IPv4-only network?

While I speak about IPv6 security, I often mention the little known fact that IPv6 is probably already in every large network. How can it be? Simply: because all modern OS (Vista, Windows 7, Mac OS/X, *ix) have IPv6 enabled by...

Load More