29 Jan
2011
29 Jan
'11
8:41 p.m.
Hiya,
While I know that IPocalypse as the news hype is calling it, is a little bit
overkill. It makes me wonder what will happen to ISP's such as Bitfolk when
the IPv4's do run out?
I know a lot of home users are not up to the IPv6 standard yet (Sky
Broadband are terrible) so will giving users a V6 address only mean that
people still on v4 can't get to them?
Daniel
29 Jan
29 Jan
9:52 p.m.
On Sat, Jan 29, 2011 at 08:41:26PM +0000, Daniel Case wrote:
Hiya,
While I know that IPocalypse as the news hype is calling it, is a little bit
overkill. It makes me wonder what will happen to ISP's such as Bitfolk when
the IPv4's do run out?
I know a lot of home users are not up to the IPv6 standard yet (Sky
Broadband are terrible) so will giving users a V6 address only mean that
people still on v4 can't get to them?
People on v4 can always use teredo to reach a v6 host, if that's what
you mean.
--
Best regards,
Ed http://www.s5h.net/
10:35 p.m.
Daniel Case wrote:
Hiya,
While I know that IPocalypse as the news hype is calling it, is a little
bit overkill. It makes me wonder what will happen to ISP's such as
Bitfolk when the IPv4's do run out?
I know a lot of home users are not up to the IPv6 standard yet (Sky
Broadband are terrible) so will giving users a V6 address only mean that
people still on v4 can't get to them?
Expect wide spread ISP nat'ing, and if you want a "real" IP it'll be
extra...
--
Best regards,
Duane
30 Jan
30 Jan
8:17 a.m.
Hi,
On 29/01/11 20:41, Daniel Case wrote:
Hiya,
While I know that IPocalypse as the news hype is calling it, is a
little bit overkill. It makes me wonder what will happen to ISP's such
as Bitfolk when the IPv4's do run out?
I know a lot of home users are not up to the IPv6 standard yet (Sky
Broadband are terrible) so will giving users a V6 address only mean
that people still on v4 can't get to them?
I'm currently with Virgin Media (please BT will you bring
fibre-to-the-cabinet or fibre-to-the-premises to our area? ADSL stinks
here and we have no choice but VM). Their official position is that
they've bought up a shed load of IPv4 addresses in advance and they're
not in danger of running out any time soon but yes, it will happen at
some point. Unfortunately they don't offer static IPs to home users so
when the DHCP pool is all full it will start to hurt. Last time I saw
the question asked they said they don't support IPv6, told the guy not
to use it and said they had no idea when support is coming.
I think the first thing I will notice with exhaustion is when ISPs that
haven't planned ahead so well run out and there start to be servers or
home users (when I'm running games or VOIP) that I can't connect to
because they only have IPv6.
I'm also expecting to see a massive surge in botnets and spam as people
who don't understand IPv6 are put onto it and don't realise that the
firewall in their PCWorld home router doesn't protect IPv6 machines. I
recently found an interesting instructional video on Miro that showed
how to use Teredo to hang on to a compromised Windows box. The idea was
to compromise someone's laptop at a coffee shop or home then even though
its IPv4 address changes as it gets moved around it will always get the
same IPv6 address and the bot herder can keep hold of it as he can
always find it and many firewalls will just pass IPv6 traffic
unmolested. They demonstrated a feature with Teredo/Metasploit that even
lets you specify that you don't want it to connect if it's behind a
corporate gateway so the bot herder can use your laptop when you're at
home or out but it won't connect when you take it to work where the
corporate firewall/IDS may be better specified and may detect the
infection. This would also enable someone malicious to plant software on
a laptop that captured confidential information from within a company
when the machine was on the user's desk then waited until the machine
was taken home in the evening to upload the stolen data to the thief.
I consider myself a fairly advanced computer user but I recognise that
I'm not well prepared for IPv6. You know how it goes, there aren't
enough hours in the day and nothing is forcing me to use IPv6 yet so I
just haven't found the time to research it properly. If that's the state
I'm in then I think the average home use is probably in a much worse
one. I expect this to be very well exploited by scuzzbuckets everywhere.
What do you think?
Cheers,
Paul.
9:41 a.m.
On Sun, 30 Jan 2011 08:17 +0000, "Paul Stimpson"
<paul(a)stimpsonfamily.co.uk> wrote:
I'm also expecting to see a massive surge in
botnets and spam as
people who don't understand IPv6 are put onto it and don't realise
that the firewall in their PCWorld home router doesn't protect IPv6
machines.
It will be interesting to see what the standard cheapo Netgear/D-Link
router people buy does by default - the very nature of NAT usage in
current routers (evil though NAT is in its own way) does mitigate
somewhat against incoming attacks. Will everyone end up with a publicly
routable IPv6 address for each device in their house? In which case yes,
let's hope they come with decent firewalls enabled out of the box! :)
--
Richard Dignall
richard(a)dignall.co.uk
3:24 p.m.
Richard Dignall wrote:
On Sun, 30 Jan 2011 08:17 +0000, "Paul
Stimpson"
<paul(a)stimpsonfamily.co.uk> wrote:
I don't have an el chepo router at home, or wasn't when I purchased it,
but any non-TCP/non-UDP packets seem to get dropped, even on LAN, when I
was playing with IPv6 last the only thing I could do was tunnel over UDP
to each computer, which was a bigger hassle than I was willing to deal
with so I stopped using IPv6 for the time being on my home LAN.
--
Best regards,
Duane
I'm also expecting to see a massive surge in
botnets and spam as
people who don't understand IPv6 are put onto it and don't realise
that the firewall in their PCWorld home router doesn't protect IPv6
machines.
It will be interesting to see what the standard cheapo Netgear/D-Link
router people buy does by default - the very nature of NAT usage in
current routers (evil though NAT is in its own way) does mitigate
somewhat against incoming attacks. Will everyone end up with a publicly
routable IPv6 address for each device in their house? In which case yes,
let's hope they come with decent firewalls enabled out of the box! :)
1:37 p.m.
If any of you want to play with IPv6 before your ISP supports it, you can.
I've been running an AYIYA tunnel from http://sixxs.net for about 18 months, and have
a subnet assigned to my house. That, plus some basic radvd config means we've
effectively got a dual-stack connection here now. Instructions at
https://wiki.ubuntu.com/IPv6#Get connected with SixXS . Once it's set up, it just
works, and all your machines will autoconf their own IPv6 address from your allocated
subnet.
Those addresses are all publicly routable, however, so you do need to be very careful
about firewalling your network (or individual machines). But, when things do start
appearing that are only reachable by IPv6, you're sorted, regardless of whether your
ISP is ready.
Also, one plus point with SixXS I've noticed: the tunnel here has enough bandwidth to
max out our Virgin Media 50mbps connection (I was initially worried that IPv6 traffic
would be severely limited, but nope!). So there's no real performance penalty for IPv6
traffic, even though it's tunnelled.
Also, I noticed that there's fewer hops (8 vs 12) and I get lower ping times (around
16ms difference) between my home connection and my BitFolk VPSs over IPv6. I'm not
entirely sure why that is though...
--
Aaron B. Russell
email: aaron(a)unadopted.co.uk
web: http://unadopted.co.uk
music: http://unadopted.co.uk/podcast
blog: http://lostentropy.com
tel: +44 20 3137 4147
On Jan 30, 2011, at 8:17am, Paul Stimpson wrote:
Hi,
On 29/01/11 20:41, Daniel Case wrote:
Hiya,
While I know that IPocalypse as the news hype is calling it, is a little bit overkill. It
makes me wonder what will happen to ISP's such as Bitfolk when the IPv4's do run
out?
I know a lot of home users are not up to the IPv6 standard yet (Sky Broadband are
terrible) so will giving users a V6 address only mean that people still on v4 can't
get to them?
I'm currently with Virgin Media (please BT will you bring fibre-to-the-cabinet or
fibre-to-the-premises to our area? ADSL stinks here and we have no choice but VM). Their
official position is that they've bought up a shed load of IPv4 addresses in advance
and they're not in danger of running out any time soon but yes, it will happen at some
point. Unfortunately they don't offer static IPs to home users so when the DHCP pool
is all full it will start to hurt. Last time I saw the question asked they said they
don't support IPv6, told the guy not to use it and said they had no idea when support
is coming.
I think the first thing I will notice with exhaustion is when ISPs that haven't
planned ahead so well run out and there start to be servers or home users (when I'm
running games or VOIP) that I can't connect to because they only have IPv6.
I'm also expecting to see a massive surge in botnets and spam as people who don't
understand IPv6 are put onto it and don't realise that the firewall in their PCWorld
home router doesn't protect IPv6 machines. I recently found an interesting
instructional video on Miro that showed how to use Teredo to hang on to a compromised
Windows box. The idea was to compromise someone's laptop at a coffee shop or home then
even though its IPv4 address changes as it gets moved around it will always get the same
IPv6 address and the bot herder can keep hold of it as he can always find it and many
firewalls will just pass IPv6 traffic unmolested. They demonstrated a feature with
Teredo/Metasploit that even lets you specify that you don't want it to connect if
it's behind a corporate gateway so the bot herder can use your laptop when you're
at home or out but it won't connect when you take it to work where the corporate
firewall/IDS may be better specified and may detect the infection. This would also enable
someone malicious to plant software on a laptop that captured confidential information
from within a company when the machine was on the user's desk then waited until the
machine was taken home in the evening to upload the stolen data to the thief.
I consider myself a fairly advanced computer user but I recognise that I'm not well
prepared for IPv6. You know how it goes, there aren't enough hours in the day and
nothing is forcing me to use IPv6 yet so I just haven't found the time to research it
properly. If that's the state I'm in then I think the average home use is probably
in a much worse one. I expect this to be very well exploited by scuzzbuckets everywhere.
What do you think?
Cheers,
Paul.
_______________________________________________
users mailing list
users(a)lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/users
11:50 a.m.
Hello,
On Sat, Jan 29, 2011 at 08:41:26PM +0000, Daniel Case wrote:
While I know that IPocalypse as the news hype is
calling it, is a little bit
overkill. It makes me wonder what will happen to ISP's such as Bitfolk when
the IPv4's do run out?
At the moment you're numbered out of 212.13.194.0/23 (512 IPs) - PA
space assigned to BitFolk by our transit provider. That's nearly
exhausted.
In 2010 we became a RIPE Local Internet Registry and got
85.119.80.0/21 (2048 IPs) which I have been slowly renumbering
infrastructure into, and will soon announce a renumbering for
customers.
This should last us quite a while, but we still can't afford to give
them out without technical justification. As time goes on I would
expect to have to start making a monthly recurring charge for IPv4
addresses after the first.
I know a lot of home users are not up to the IPv6
standard yet (Sky
Broadband are terrible) so will giving users a V6 address only mean that
people still on v4 can't get to them?
Pretty much. Anything important will have to be available on IPv4
for some time to come, but it will be harder (more expensive) to
obtain globally routable IPv4 addresses.
Cheers,
Andy
--
http://bitfolk.com/ -- No-nonsense VPS hosting
4835
days inactive
4836
days old
7 comments
7 participants
participants (7)
-
Aaron B. Russell -
Andy Smith -
Daniel Case -
Duane at e164 dot org -
ed -
Paul Stimpson -
Richard Dignall