Educause Security Discussion mailing list archives
Re: IPv6 and DHCP and ICMP
From: Morrow Long <morrow.long () YALE EDU>
Date: Wed, 23 May 2012 17:06:10 -0400
NMAP v6.0 just came out with a boatload of new ipv6 features: http://www.networkworld.com/news/2012/052212-new-nmap-probes-ipv6-259528.htm l?source=NWWNLE_nlt_daily_pm_2012-05-23 Morrow From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Manjak, Martin Sent: Wednesday, May 23, 2012 4:49 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] IPv6 and DHCP and ICMP I want to focus on one point the Randy made at the end of his post (below), i.e., scanning. In the v4 world, best practices emerged that limited or completely eliminated ICMP from the public network. Since Randy is encouraging re-calibration, we're wondering if these types of filters on the public side of the router are still recommended, worthwhile, or even feasible given the role ICMP plays in v6 assignments. Marty Manjak ISO University at Albany The University at Albany will never ask you to reveal your password. Please ignore all such requests. From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of randy marchany Sent: Wednesday, May 23, 2012 2:36 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] IPv6 and DHCP I would encourage everyone to listen to Phil's talk. My point is that the v6 address space will force a change in the way we approach security. No more sequential scanning of a subnet (takes too long) but definitely more cluster based scanning (found a v6 address, scan +-1 address on either side to find clusters of similar services perhaps?). Our Moving Target Defense work (google MT6D) and prototypes show dynamic address switching in v6 works. We're trying to figure out the implications of this with respect to IDS/IPS and firewalls. In other words, we (the US) will have to move to v6 eventually since the rest of the world is (particularly the Asian countries), so start investigating how to implement it. -Randy
Attachment:
smime.p7s
Description:
Current thread:
- Re: IPv6 and DHCP and ICMP Manjak, Martin (May 23)
- Re: IPv6 and DHCP and ICMP Morrow Long (May 23)
- Re: IPv6 and DHCP and ICMP John Ladwig (May 23)
- Re: IPv6 and DHCP and ICMP Michael Sinatra (May 23)
- Re: IPv6 and DHCP and ICMP randy marchany (May 23)
- Re: IPv6 and DHCP and ICMP John Ladwig (May 24)
- Re: IPv6 and DHCP and ICMP Everett, Alex D (May 24)
- Re: IPv6 and DHCP and ICMP John Ladwig (May 24)
- Re: IPv6 and DHCP and ICMP Michael Sinatra (May 23)