Today we're bringing you another guest diary, this one by Matthew Newton on some of his experiences when he first turned up a novel service on World IPv6 Day in 2011. ------------------------------------
The 8th June 2011 - World IPv6 Day - will always be a significant day in the history of the Internet when networks and content providers from all over the globe took part in a collective test of IPv6 to raise awareness, test what worked and what didn't, and of course tease out some of the issues facing future IPv6 adoption... Normally the cat feeder is secured through an authentication mechanism such that only I can view/control it however on World IPv6 Day I opened the doors to the proverbial 'world and his dog'... as long as they were connecting over IPv6 of course. Doing something like this was always going to attract some unwanted attention and it was barely a few minutes after midnight when I started to see connections being made that weren't quite in the spirit of the day. I was using parameters specified in the URL to pass control variables to the underlying PHP script and so naturally some users started to handcraft their own to see what damage they could do. I'd anticipated this and made sure that the scripts wouldn't respond outside of their intended usage envelopes however what I hadn't anticipated was how futile my attempts would be to manually block persistent offenders.
In IPv4 - with a relatively static addressing model - it is very easy, and relative effective, to blocklist particular (ab)user's IP addresses and this can usually be done with minimal collateral damage. However, with IPv6 this wasn't quite so straightforward because no sooner would I blocklist an individual /128 address when the miscreant would hop over to another address to continue their attack. It became something of a game a 'Whack-A-Mole' and I was inevitably always one step behind. In an attempt to keep the feeder up and running I ended up resorting to a broadbrush strategy of widening the blocklisting scope up to the point of blocking entire /32's. That's a whole lot of potential users being tarred by the same brush. ------------------------------------ I will be teaching next: Reverse-Engineering Malware: Malware Analysis Tools and Techniques - SANS DFIR Summit & Training 2022 |
Jim 423 Posts ISC Handler Mar 21st 2013 |
Thread locked Subscribe |
Mar 21st 2013 9 years ago |
Cool project Matthew, and great write-up...Thanks!
2 questions: 1. Where did you come up with the names Mark1 and Mark2 for your connectivity? As I was reading, I kept forgetting that your name isn't Mark. ![]() 2. Do you have any more info on your RFID cat flap. The pic is intriguing and I'm curious to know more about how you were able to do that. Thanks again |
K-Dee 68 Posts |
Quote |
Mar 21st 2013 9 years ago |
Thanks K-Dee.
1. The use of the term 'Mark' was merey referring to 'version' i.e. my first and second versions of the cat feeder! ![]() 2. There's some further info on the catflap at http://www.newtonnet.co.uk/house/catflap/ - it's a commercial product that I merely modified to fit in a wall without the usual external 'porch' to contain the coil. Mathew |
K-Dee 1 Posts |
Quote |
Mar 22nd 2013 9 years ago |
Sign Up for Free or Log In to start participating in the conversation!