For those of you that weren't at SANSFIRE 2 weeks ago, this was the title of the talk I gave there. At the time, I said I wanted to start a dialog with our readers, so this evening, I'd like to start that. At the IPv6 summit just before SANSFIRE, I heard IPv6 referred to as "Y2K without the hard deadline" and, in some ways, I have to say I agree with that. I've spent the last few months looking at my automated malware analysis environment and the honeypots/honeynets that I am responsible for at the day job and working on updating them to handle IPv6 traffic. In some cases, I will need some hardware upgrades before I can continue too far down that road (old boxes that happily run XP SP2 with 256MB of memory aren't nearly as happy when you try to throw Win7 on them). In the meantime, I started looking at the tools that I use and whether or not they can handle IPv6. I have broken the tools down into a couple of categories (that seem useful to me). Then I looked at the tools that I am currently using, or have used in the (recent) pass to accomplish these tasks and examined them to see how they fared with regard to IPv6. I wasn't sure when I began this process, what I would find. I guess I was, mostly, pleasantly surprised that most of the tools could handle IPv6 to some degree, at least, if I updated to the current version. I knew that most of the tools/scripts that I had written didn't handle IPv6 and in several cases, I have done a first cut at adding IPv6 support (the links to the updated tools are at the bottom of this diary). They still need more work, especially with respect to handling optional extension headers (hop-by-hop, routing, destination, etc.). I expect to finish the clean up of those in the next few weeks. There are too many tools that I looked at to cover in one diary, but let me look a a few of them now and I'll continue with the rest of them during my next shift.
So there you have some of what I was looking at. How about you? In the next installment, I'll look at
My updated tools (and there will be several more beyond the 2 listed above, to be added over the next couple of weeks) will (I believe) eventually be available via our tools page, but for the moment can be found on my handlers page at http://handlers.sans.edu/jclausing/ipv6/ --------------- |
Jim 417 Posts ISC Handler Aug 5th 2011 |
Thread locked Subscribe |
Aug 5th 2011 9 years ago |
XP works just fine with IPv6; however you need a DNS that supports IPv6 lookups reachable via IPv4 (this can be 127.0.0.1 if you install a DNS resolver locally).
|
Anonymous |
Quote |
Aug 5th 2011 9 years ago |
The CERT suite of tools for the capture and collection of Netflow support IPv6: http://tools.netsa.cert.org
|
Anonymous |
Quote |
Aug 5th 2011 9 years ago |
For packet crafting, take a look at Nping, from the Nmap suite of tools. Nmap is getting a thorough IPv6-overhaul this summer, and that should bleed over into the related Nping, Ncat, Ncrack, etc.
|
bonsaiviking 5 Posts |
Quote |
Aug 5th 2011 9 years ago |
Cisco ASA(5505 and 5520) supports IPv6 just fine, though it would be nice it it could terminate 6to4(SIT) tunnels so I could actually test it on the WWW. I believe the minimum OS version is 7.2 for IPv6 support.
|
e.b. 17 Posts |
Quote |
Aug 5th 2011 9 years ago |
Sign Up for Free or Log In to start participating in the conversation!