[v4tov6transition] Ways to break IPv6
Ed Jankiewicz <edward.jankiewicz@sri.com> Wed, 13 October 2010 02:39 UTC
Return-Path: <edward.jankiewicz@sri.com>
X-Original-To: v4tov6transition@core3.amsl.com
Delivered-To: v4tov6transition@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6F3893A6B31 for <v4tov6transition@core3.amsl.com>; Tue, 12 Oct 2010 19:39:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.543
X-Spam-Level:
X-Spam-Status: No, score=-1.543 tagged_above=-999 required=5 tests=[AWL=0.503, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2BPJOuBz3kwm for <v4tov6transition@core3.amsl.com>; Tue, 12 Oct 2010 19:39:18 -0700 (PDT)
Received: from mail1.sri.com (srimail.SRI.COM [128.18.30.17]) by core3.amsl.com (Postfix) with ESMTP id 272883A68BA for <v4tov6transition@ietf.org>; Tue, 12 Oct 2010 19:39:18 -0700 (PDT)
MIME-version: 1.0
Content-transfer-encoding: 7bit
Content-type: text/plain; CHARSET="US-ASCII"; format="flowed"
Received: from [192.168.1.144] ([unknown] [68.81.23.3]) by mail.sri.com (Sun Java(tm) System Messaging Server 7u2-7.05 32bit (built Jul 30 2009)) with ESMTPSA id <0LA700JVHJFI5VL0@mail.sri.com> for v4tov6transition@ietf.org; Tue, 12 Oct 2010 19:40:31 -0700 (PDT)
Message-id: <4CB51C1D.7040104@sri.com>
Date: Tue, 12 Oct 2010 22:40:29 -0400
From: Ed Jankiewicz <edward.jankiewicz@sri.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.9) Gecko/20100915 Thunderbird/3.1.4
To: v4tov6transition@ietf.org
Subject: [v4tov6transition] Ways to break IPv6
X-BeenThere: v4tov6transition@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <v4tov6transition.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/v4tov6transition>, <mailto:v4tov6transition-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v4tov6transition>
List-Post: <mailto:v4tov6transition@ietf.org>
List-Help: <mailto:v4tov6transition-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v4tov6transition>, <mailto:v4tov6transition-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Oct 2010 02:39:20 -0000
this is not a surprise, it is something that has been predicted by many as one of the "growing pains" of IPv6 transition. Firewalls and other security software will "support" IPv6 initially by just blocking it - too much work (and too little demand) for a real implementation. Just loaded an updated version of the commercial anti-virus package that I've been using, let it remain nameless, it is certainly not the only offender in this area. Unlike the previous version this includes an enhancement - it blocks all IPv6 and IPv6 over IPv4 traffic by default. The firewall rule can be disabled. If you are a network operator, there is a lot of mischief that can be done by software that the end-user downloads onto their machines that can make IPv6 appear broken. This is another area that should get some attention - how will customer service and help desk people be trained to deal with "connectivity" problems the user can cause themselves? It took me a while to figure this out, and I'm one of the people who frequently predicted this would happen. Imagine your average end-user who knows nothing about IPv6 and expects that "it just works". Also, many books, websites and other security advice says "when in doubt, turn off IPv6". At least in the foreseeable future, this will continue to be impedance against the uptake of IPv6. -- Ed Jankiewicz - SRI International Fort Monmouth Branch Office - IPv6 Research Supporting DISA Standards Engineering Branch 732-389-1003 or ed.jankiewicz@sri.com
- [v4tov6transition] Ways to break IPv6 Ed Jankiewicz
- Re: [v4tov6transition] Ways to break IPv6 Yiu L. Lee
- Re: [v4tov6transition] Ways to break IPv6 Joel Jaeggli
- Re: [v4tov6transition] Ways to break IPv6 Tim Chown
- Re: [v4tov6transition] Ways to break IPv6 Rémi Després
- Re: [v4tov6transition] Ways to break IPv6 Ed Jankiewicz