PaulDotCom mailing list archives
IPv6 discussion on PSW
From: "Jody & Jennifer McCluggage" <j2mccluggage () adelphia net>
Date: Mon, 16 Aug 2010 19:02:20 -0400
On episode 204 there was a fascinating discussion around scanning problems caused by the sheer size of the address space available with IPv6. I have also been thinking about this problem lately. The numbers thrown around on the podcast where between 10 and 20 million possible addresses. Actually the problem is much bigger than that. I believe (and someone please correct me if I am wrong), that there are 64 bits available for addressing. That means that there are 18 quintillion (that's 18 followed by 18 zeros!). There is no way that you are scanning that entire range in your life time. On top of that, I believe with internal IPv6 addresses, there are 16 bits available for networking. That means you have your choice of over 65,000 networks to choose from. The discussion focused on how to discover a rogue user that setup a static IP address in your network. Hunting for it would be like literally trying to find a needle in a hay stack. I would like to toss out a couple of possible solutions that I was thinking about (I am sure that I am not the first one to think of these and am sure there are probably better ways to do this. Please let me know if you think it would not work or if there is a better way). The key is that the rogue user is going to have to transmit data at some time and that data is going to have to go across a switch. 1. Monitor the switch MAC-Address table to look for IPv6 addresses outside of the range that you are actually using (you can designated a range in DHCPv6). Sure the rogue user could spoof the IPv6 address but they still have to make sure they are not using one already in circulation so they still may trip an alarm. 2. Use switches to limit the size of IPv6 addresses allowed on your network (some switches support layer 3 filtering). For example you could apply an access-list (again on those switches that support IP access-lists) that knock down traffic from IPv6 addresses outside of a designated range. You can monitor the logs or setup an SNMP trap to warn when this happens. Well those are my ideas. Thanks for the great discussion on the podcast! Jody _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- IPv6 discussion on PSW Jody & Jennifer McCluggage (Aug 16)