IPv6 Focus Month

Published: 2013-01-31
Last Updated: 2013-01-31 15:00:32 UTC
by Johannes Ullrich (Version: 1)
3 comment(s)

We are trying something new this year. In March, we are going to focus somewhat on IPv6. As part of this, I would like to invite our readers to contribute experiences they had with IPv6. If you have:

  • a security problem you ran into with IPv6
  • a solution to a security problem (even better)
  • found a tool that works really well (or not at all) with IPv6
  • figured out a way to solve an IPv4 security problem by switching to IPv6

or any story like this, and don't mind to write it up as a "guest diary", please let us know. We will collect them and post them in March. We don't have a cutoff date for submission, but of course, the earlier we get it, the more likely it will be used. Submissions should follow the style/size of our regular diaries (ok. you may call it "blog posts"). It should be original content, so please don't just copy/paste what you found somewhere else. All posts will be attibuted to you by full name, and you may add an e-mail address and links to your home page / corporate page if you wish. But please no advertisements for commercial tools. 

Submit your ideas or complete posts via our contact page or via e-mail to handlers \@/ sans.edu (please just use plain text, no Word attachments or PDFs)


Johannes B. Ullrich, Ph.D.
SANS Technology Institute

Keywords: ipv6
3 comment(s)


I'd like to hear about good books to study for IPv6. I tried to take you class via OnDemand, but it was no longer offered.
Based on a support conversation I had some months ago with the ISP providing my home Internet connection, I am not sure they are IPV6 ready for the home users. My DSL modem is 11 years old and they do not seem in any hurry to replace it. Nor did they have any publically available plans for rolling out IPV6 to the home users when I asked. I have a plan for my home systems, updated from time to time, that tracks what I need to go to IPV6.
Just recently deployed IPv6 to our organization. Our ISP is finally slowly rolling out ipv6. Each business will get a /48...12 trillion trillion ip addresses, what to do with them all. The roll-out was quite easy. Our firewalls are running a linux distro, simple to do dual-stack. I've been doing firewall penetration testing from home using a tunnelbroker and tools such as nmap and wireshark/tcpdump to monitor packet flow. Also checking kernel logs generated from ip6tables LOG target. Initially I was bashing my head to why it wasn't blocking packets coming through, realized you need to use the FORWARD chain instead of INPUT like in NAT ipv4. Now I'm looking for a tool like arpwatch to monitor ipv6 hosts on the network. NDPmon works, but documentation is limiting and it generates way too many warnings, need to figure out how to turn off certain monitoring features.

Diary Archives