IPv6http://ben.woodruff.ws/

Sunday, December 26, 2010

Why

• IPv4 limited address space

• Get rid of NAT

• More efficient routing

Sunday, December 26, 2010

Why not now?

• Local ISPs don’t support it

• Tunnel brokers (6to4) not production quality

• Cost-benefit is low for most

Sunday, December 26, 2010

When?

• As of November, only 3% of the IPv4 space was unallocated

• Best guess I’ve heard is March 2011 for exhaustion of unallocated space

Sunday, December 26, 2010

So really, when?

• Who knows?

• Rough guess is 8mo after exhaustion

Sunday, December 26, 2010

Last legs for IPv4

• NAT at the ISP level

• Name based virtual hosting of websites (doesn’t work with SSL)

• Tighter control of allocations

Sunday, December 26, 2010

Where are the holes?

• Networks NOT IPv6 enabled but with v6 compatible hosts

Sunday, December 26, 2010

Where are the holes?

• No longer able to scan for hosts

• But what about DNS?

Sunday, December 26, 2010

Where are the holes?

• v6 is “new”

• Many firewall rules weren’t written with it in mind

Sunday, December 26, 2010

Where are the holes?

• The usual suspects have updated to include IPv6 support

Sunday, December 26, 2010

Where are the holes?

• Try simply accessing web servers using http://their-ipv6-address/

• Likely that they don’t have a vHOST for it, so the default will be shown

Sunday, December 26, 2010

Sources

• Why you want IPv6:http://en.linuxreviews.org/Why_you_want_IPv6

• Uninformed Vol 10 Article 3:http://uninformed.org/?v=10&a=3

• IPv4 Address Exhaustion:http://en.wikipedia.org/wiki/IPv4_address_exhaustion

Sunday, December 26, 2010