Re: NIST IPv6 document

[Leen Besselink <leen () consolejunkie net>]

On 01/05/2011 10:39 AM, Dobbins, Roland wrote:
> The document itself is a good tutorial on IPv6, and it's great that the authors did indeed touch upon these security 
> concerns, but the security aspect as a whole is seemingly deliberately understated, which does a disservice to the 
> lay reader.  One can only imagine that there were non-technical considerations which came into play.

That almost sounds like a conspiracy theory, let me know when it shows
up on Wikileaks. :-)

I think it's better to show what is broken and let vendors fix it, then
to look the other way.

The only people I know actively and openly working on creating tests to
find and report bugs in IPv6 protocols and software is the
"THC-IPV6"-project by "van Hauser".

Here is an old presentation from 2005 from him:

http://media.ccc.de/browse/congress/2005/22C3-772-en-attacking_ipv6.html

http://events.ccc.de/congress/2005/fahrplan/attachments/642-vh_thcipv6_attackccc05presentation.pdf

Most is still possible and not fixed to this date.

And his site:

http://www.thc.org/thc-ipv6

He did a new presentation at 27c3 in december 2010:

http://events.ccc.de/congress/2010/Fahrplan/events/3957.en.html

A video and slides should show up on the list soon:

http://media.ccc.de/tags/27c3.html

(because of audio transcoding issues some videos are not online right
now, if you ask me nicely I could mail a link for the video from before
they took it down)

Have a nice day,
    Leen Besselink.