Test Your Network and ISP for IPv6 Readiness

Want to test your network for IPv6 readiness?   Go to http://areyou.v6ready.info/ .

Our Articles on IPv6

Also see the countdown clock.   With all of the devices we have, tablets, laptops, desktops, servers, routers, phones and other devices, there are only so many left (IPv4 addresses)…

Will IPv4 be gone in 100 days?
As I begin to study IPV6, I have found that yes, we are truly running out.   I also know that many companies don’t use NAT (Network Address Translation) so therefore; we will run out in 2011 or just shortly after this next year.  How many days away are we?  A little over 100.  It’s  crunch time for IT personnel. 

There are two types of IP addresses.  Public and Private.  Private numbers are NATed.  They allowed us to have IP addresses that were 10.x.x.x, or 172.16.x.x or 192.168.x.x.  NAT allows us to have multiple computers in our home and our home router would have one public number supplied by our ISP.   May sound complicated to the novice but actually is pretty easy if you could see it drawn out.    For example our school has four IP addresses that are public (we have four lines coming in) but behind it has hundreds of nodes (computers, Access Points, Bridges, Printers and other devices.)

While studying IPV6, I have also found that while IPV4 allowed for around 4 billion  addresses.  Ok, so I knew that.  But IPV6 will now be implemented and confusing as it is now will provide 3.4×1038 of addresses.
Now that is 340,282,366,920,938,463,463,374,607,431,768,211,456 addresses.    Want to say it?
Ok, I had to look this up – ready?
Three hundred and forty undecillion, two hundred and eighty-two decillion, three hundred and sixty-six nonillion, nine hundred and twenty octillion, nine hundred and thirty-eight septillion, four hundred and sixty-three sextillion, four hundred and sixty-three quintillion, three hundred and seventy-four quadrillion, six hundred and seven trillion, four hundred and thirty-one billion, seven hundred and sixty-eight million, two hundred and eleven thousand, four hundred and fifty-six.
Got it?
So where do you start?  Honestly, you have to start at your ISP.   As ISPs adopt IPV6, routers, DNS Servers and other computers will have to change.   Your webservers will need to be reachable by IPv6.  What about your desktop level?  Linux, MAC and Windows are supporting IPV6.   The operating system folks knew it was coming.   However, some hardware from routers, firewalls, load balancers and other devices may have to be changed or updated.   For several years, IPV4 and IPV6 will be supported, running parallel to one another.    One day we will slowly let go of IPV4 and only us ‘old’ guys will know what it was.

Comment form ARIN’s president

Planning IPv6

ARIN’s PowerPoint

And to add to this post – ARIN’s President and CEO

Very nice post. I’d add that you need to begin planning to have your public servers (web, email, DNS) reachable via IPv6. Talk to your ISP about getting IPv6 over your existing IPv4 service, plan how to add IPv6 addresses to your external servers, and make sure you review your security configuration for handling IPv6 traffic.

For additional information, you can look to ARIN’s wiki for IPv6 information:http://www.getipv6.info

/John

John Curran
President and CEO
American Registry for Internet Numbers (ARIN)

Everything you need to know about IPv6

Everything you need to know about IPv6.

Just read an article that an unpatched computer can be infected faster than it could download updates.  That once IPv6 is in place if one billion infected computers each were scanning a billion IPv6 addresses per second, it could take up to a hundred million years to scan the IPv6 addresses that have been give out now.

Kame Project shows if you are IPv6 ready.

Testing Your Firewall for IPv6

Here’s a way to test your Firewall (hardware) for IPv6 compatibility Link (see how to interpret your results)

Preparing for IPv6 is very important at this time.   Early implementation will be the key to successfully making this transition.

All you have to do according to the article is run the dig command (there is a dig program for Windows).

; <<>> DiG 9.5.0-P2 <<>> hk ns@203.119.2.18
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 746
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;hk. IN A
;; ANSWER SECTION:
hk. 360000 IN CNAME hk.connectify.local.
hk. 86400 IN A 203.119.2.28
;; Query time: 9 msec
;; SERVER: 192.168.2.1#53(192.168.2.1)
;; WHEN: Wed Jun 30 22:06:52 2010
;; MSG SIZE  rcvd: 73
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 75
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;ns\@203.119.2.18. IN A
;; AUTHORITY SECTION:
. 10800 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2010063001 1800 900 604800 86400
;; Query time: 3240 msec
;; SERVER: 192.168.2.1#53(192.168.2.1)
;; WHEN: Wed Jun 30 22:06:55 2010
;; MSG SIZE  rcvd: 108

; <<>> DiG 9.5.0-P2 <<>> hk ns@203.119.2.18
;; global options:  printcmd

;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 746
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:;hk. IN A
;; ANSWER SECTION:hk. 360000 IN CNAME hk.connectify.local.hk. 86400 IN A 203.119.2.28
;; Query time: 9 msec

;; SERVER: 192.168.2.1#53(192.168.2.1)

;; WHEN: Wed Jun 30 22:06:52 2010;; MSG SIZE  rcvd: 73
;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 75
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION
:;ns\@203.119.2.18. IN A
;; AUTHORITY SECTION:. 10800 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2010063001 1800 900 604800 86400
;; Query time: 3240 msec
;; SERVER: 192.168.2.1#53(192.168.2.1)
;; WHEN: Wed Jun 30 22:06:55 2010
;; MSG SIZE  rcvd: 108
Planning for IPv6

IPv6 Can You Confuse Me Anymore

Archos 7 Android Home Tablet

Archos 7 – another Droid tablet  (9″ tablets are available)

Features

  • 8 GB capacity for about 4000 songs, 80,000 photos, or seven full-length movies (expandable to 32 GB)
  • Seven hours of video or 42 hours of audio on a single charge
  • Seven-inch TFT LCD touchscreen with 800×480 pixel resolution, 16m colors
  • Supports H.264/MPEG-4/Real video codecs in AVI, MP4, MKV, MOV, and FLV file formats; MP3, WMA, WAV, APE, OGG, FLAC
  • One-year limited warranty

Technical Details

  • Storage:: 8 GB Flash as well as expandable through a microSDHC Slot
  • Capacity:: Up to 7 movies, 80,000 photos or 4,000 songs
  • Display:: High-resolution touchscreen, 800×480 pixels, 7-inch TFT LCD, 16 million colors with a virtual keyboard
  • Video Playback:: H.264 up to 720p resolution – 30 fps / 2.5 Mbps.; MPEG-4 up to 720p resolution – 30 fps / 6 Mbps.; Realvideo up to 720p resolution – 30 fps / 2.5 Mbps. With the aforementioned codecs, the device can play video files with the following extensions: .avi, .mp4, .mkv, .mov, and .flv M-JPEG (Motion JPEG Video) in QVGA resolution
  • Audio Playback:: MP3, WMA (non protected), WAV3, APE, OGG, FLAC, AAC3
  • Photo Viewer:: JPEG, BMP, GIF
  • Interfaces:: USB 2.0 Slave (Mass Storage Class [MSC]); USB 2.0 Host (Mass Storage Class [MSC] – connects a mass storage device or keyboard and mouse [adapter micro B/A sold separately]); Micro SDHC card
  • Communication Protocols:: Wi-Fi (802.11 b/g/n)
  • Other Features:: Two built-in speakers; built-in leg stand; built-in Microphone; composite video output (cable sold separately)
  • Power source:: Internal—Lithium Polymer battery; External—Power adapter/charger
  • Battery Life:: Music playback time—up to 42 hours; Video playback time—up to 7 hours
  • Compatibility:: Microsoft® Windows® XP, Vista, 7 or higher, Mac OS or Linux in mass storage mode
  • Computer Interface:: USB 2.0 interface

The Archos 9 PC Tablet is also available.

Archos

Dell Streak

The Dell Streak will be a 5″ Android Tablet.   As technology changes, there will be an assortment of Laptops, Netbooks, Tablets and phones.

  • 5 inch Screen -WVGA (800×480) b
  • 1GHz Snapdragon ARM-based mobile processor
  • 5 MP Camera
  • Front Facing Camera – Video Chat
  • Replaceable battery
  • A 3.5mm headphone jack
  • Integrated 3G + Wi-Fi (802.11b/g) + Bluetooth 2.1
  • UMTS / GPRS / EDGE class 12 GSM radio with link speeds of HSDPA 7.2 Mbps
  • Micro SD slot expandable up to 32GB.
  • over 40,000 apps
  • Microsoft Exchange connectivity- through TouchDown
  • Google Voice support
  • Integrated Google Maps with voice-activated search.
  • Twitter, Facebook, YouTube

Put a Honeypot on Your Network

What exactly is a honeypot?   A honeypot is a non critical computer that has software on it that allows the monitoring of users who are on your network or if the honeypot has a public ip address, it can be used to monitor outside users.   This in turn allows you to view the ip address of the ‘curious’ and possibly malicious user of your network.   By obtaining the ip address, you can in turn block the ip address at your ISP level or on your firewall.

With no installation required and free to use ____ allows you to place a honeypot on your computer.   By simply running the program and selecting the configuration you want, you can monitor users who try to ‘break’ into your computer.   If you select a webserver, you can create a folder on your computer and place a ‘fake’ database with names and html in the folder.   This decoy server allows you to see ‘who’ is trying to circumvent your network.  

Internally this allows you to track back users who may be navigating on your network.   With most network policies, users should not navigate or attempt to navigate internally.

You will have to open your firewall (software on the host computer).  The configuration below shows port 80 open (webserver) and port 7 (ICMP or ping).

When configuring a webserver, you will have to create the folder wwwroot in your c: drive.  You will also have to create index.htm, a simple webpage.  If you aren’t web savvy, simply open an office document, type in the information you want and save as an htm document (index.htm) in the c:\wwwroot folder.

When you return to the main screen, click on monitoring and your honeypot will minimize to the system tray.  You can monitor live by opening the program.

To test the computer’s honeypot, go to another machine and type the ip address of the honeypot host into a webbrowser.  Below you will see the computer’s ip address has been logged.   The green is the honeypot’s ip address and the red is the malicious host.

This honeypot software is free and from Sourceforge (direct link to download).

Developer’s website.