We are in the process of creating some videos to illustrate the impact IPv6 may have on your network. IPv6 may seem far away to you, and you may not have a plan to implement it. However, modern operating systems will frequently enable IPv6 tunneling protocols by default. As a result, you end up with covert channels bypassing your perimeter protection. These videos will focus on this issue.
For more about IPv6, see our IPv6 training course at http://isc.sans.org/ipv6.
New videos will be announced via the sans_isc twitter account or my personal twitter account johullrich
Video 0 - Multicast DNS
Video 1 - IPv6 Router Advertisements
Video 2 - Demonstrating Google Chrome's "Happy Eyeballs" implementation
If a client is able to connect to a server via IPv4 or IPv6, IPv6 should be prefered. However, today's IPv6 connectivity frequently uses tunnels and proxies, causing IPv6 to be slower then IPv4. In order to provide the best possible user experience, Google implemented the "Happy Eyeballs" algorithm in Chrome. This algorithm will fall back to IPv4 faster and provide a better user experience. However, it will make the browser somewhat unpredictable.
Video 3 - Analyzing Teredo with Wireshark
How to decode Teredo traffic using Wireshark.
Lower resolution YouTube Video or click on image for full resolution
Video 4 - IPv6 and Teredo in Windows 7
This video discusses how Teredo is enabled by default in some versions of Windows 7
Video 5 - Detecting and Blocking IPv6 in Linux
IPv6 traffic is not filtered by iptables. Instead, ip6tables has to be used. This video shows how iptables is ineffective and how to use ip6tables. We also discuss the proper use of tcpdump to detect IPv6 traffic.