Secure Deployment of IPv6

Textbook · Schedule · Projects · Lectures · Links · Home Page

CCSF IPv6 Sages · Working Connections IPv6 Sages

 IPv6 Certification Badge for sbownexen



Course Description

The IPv4 address pool was exhausted in February, 2011. It is essential for all networks to upgrade to IPv6 now. This will involve upgrading routers, servers, applications, and end devices.

This class covers IPv6 forward and backwards:

Forward: IPv6 Basics

We will cover the basic concepts of IPv6, including:
  • IPv4 Address Exhaustion
  • IPv6 Address Concepts
  • IPv6 Control Protocols
  • IPv6 Packet Structure
  • IPv6 Address Types
  • IPv6-to-IPv4 Conversion, including tunnels
Students who are not already IPv6 Certified will earn Hurricane Electric IPv6 Certification during the class.

Backwards: Hacking IPv6

IPv6 includes many highly dangerous techniques, such as autoconfigured addresses, tunneling, and multi-homing. These open up many security holes, which we will explore both in theory and practice.

Students will do many projects performing new IPv6 attacks, and securing systems to resist them. This will include the IPv6 Router Advertisement Flood attack, which stops evern Windows machine on a Local Area Network in seconds. It is still unpatched--a zero-day attack.

Prerequisite Knowledge

Students should be familiar with IPv4 addresses and routing at the Network+ level.

Beginners should focus on attaining IPv6 Certification and the "Forward" track.

More advanced students, who are already certified, can focus on the "Backwards" track, hacking IPv6 networks and exploiting their weaknesses.

Textbook

Guidelines for the Secure Deployment of IPv6 (from NIST, PDF file)



Schedule

Date     Lecture topic
Mon, July 11 Lecture 1: Motivation & Ch 2: Introduction to IPv6
Tue, July 12 Ch 3: IPv6 Overview & Ch 4: IPv6 Advanced Topics
Wed, July 13 Ch 5: IPv6 Security Advanced Topics
Thu, July 14 Ch 6: IPv6 Deployment
Fri, July 15 Topic To Be Announced




Fundamental IPv6 Projects

Professional Networking

Twitter (10 pts.)

IPv6 Certification

Windows

IPv6 Certification Project 1 ("Administrator" on Windows) (25 pts.)
IPv6 Certification Project 2 ("Guru" on Windows) (+25 to +75 pts.)

Macintosh

https://robpickering.com/2011/02/how-to-become-a-certified-ipv6-technician-part-one-424
http://robpickering.com/2011/03/how-to-become-a-certified-ipv6-technician-–-part-two-486

Windows IPv6 Projects

Project RA: Router Advertisements (15 pts. extra credit)
Project Win-2: IPv6 Ping Scan with Windows (10 pts. extra credit)

Linux IPv6 Projects

Project L1: Connecting a Linux VM through a Windows 7 gogo6 Tunnel (15 pts. extra credit)
Project L2: IPv6-to-IPv4 Reverse Proxy (20 pts. extra credit)
Project L2.5: Introduction to Scapy (10 pts. extra credit)
Project L3: Sending a Router Advertisement with Scapy (20 pts. extra credit)
Project L4: Duplicate Address Detection (15 pts. extra credit)

Cisco IPv6 Projects

IPv6-SR-1: IPv6 Static Routing with Default Routes(PT) (10 pts. extra)
IPv6-SR-2: IPv6 Static Routing (PT) (10 pts. extra)
IPv6-SR-3: Troubleshooting IPv6 Static Routes (PT) (10 pts. extra)
IPv6-RIPng-1: IPv6 Dynamic Routing with RIPng (PT) (10 pts. extra)
IPv6-RIPng-2: Troubleshooting RIPng (PT) (10 pts. extra)
IPv6-EIGRP-1: IPv6 Dynamic Routing with EIGRP (PT) (10 pts. extra)
IPv6-EIGRP-2: Troubleshooting EIGRP for IPv6 (PT) (10 pts. extra)

Hacking IPv6 Projects

Packet Crafting with Scapy and npg

Proj 17: Introduction to scapy (15 pts.)
Proj 18: TCP Handshake with scapy (15 pts.)
Proj 7x: IPv6 with scapy (20 pts.)
Yesman Honeypot
Proj 9x: Router Advertisements with scapy (20 pts.)
Proj 10x: Slow Loris Attack with scapy (20 pts.)
Proj 11x: Router Advertisement attack with npg on Windows (10 pts.)
      ra-attack.txt

Rogue Router Advertisement Attack

Proj 14: Using thc-ipv6 to Scan an IPv6 Network (15 pts.)
Proj 8x: Win 7 DoS with Router Advertisements (20 pts.)

Layer 7 DoS

Proj 11: Attacking Apache with the OWASP Slow Http Tool (15 pts.)
Proj 12: Attacking IIS with the OWASP Slow Http Tool (15 pts.)
Proj 15: Protecting a Web Server with a Load Balancer (20 pts.)
      haproxy-1.4.11.tar.gz
Proj 16: Protecting Apache with mod_security (20 pts.)
Proj 2x: Attacking nginx (15 pts.)
Proj 3x: Attacking nginx with the OWASP Slow Http Tool (15 pts.)
Proj 4x: Benchmarking Web Server Performance (15 pts.)
Proj 5x: Protecting Apache with iptables (15 pts.)

Other New Hacking Projects

Proj 6x: Social Engineering Toolkit Java Exploit (15 pts.)
Cold Calls (10 pts.)



Lectures

Policy

L1: Motivation
L2: Changes from IPv4    With iClickers
Ch 3: IPv6 Overview    With iClickers
Ch 4: IPv6 Overview    With iClickers

Ch 6: IPv6 Deployment
The Security Circus and Layer 7 DoS
Internet Help Desk
The Website is Down

Binary Lesson 1: Nybbles
Binary Lesson 2: Hexadecimal Lesson 1
Binary Lesson 3: 4 Hex characters
Binary Lesson 4: Slash Notation
Binary Lesson 5: Powers of 2

Conference Presentations

MPICT Jan 2011: Getting Started With IPv6
IPv6 Intro PowerPoint
Defcon 2010: Who Cares About IPv6?
MPICT July 2010 IPv6 Talk
BayThreat 2010: Getting Started With IPv6


Links

Chapter Links

Ch 4a: Growth of the IPv4 BGP Routing Table
Ch 4b: See Live BGP Updates with Telnet (see bottom of this page)
Ch 4c: The whole IPv6 BGP table

Ch 6a: 6to4 - Wikipedia, the free encyclopedia
Ch 6b: IPv4 - Wikipedia, the free encyclopedia
Ch 6c: List of IP protocol numbers - Wikipedia, the free encyclopedia
Growth of IPv4 & IPv6 Routing Tables

IPv6 Testing Tools

What's My DNS? Global DNS Propagation Checker
TEST RECEIPT OF IPv6 EMAIL
IPv6 Email Reflector: Test Sending Email Over IPv6
DNS Tools - DNS Lookup, Domain Configuration Check and IP Calculators
DNS Troubleshooting Gateway: Online dig
KLOTH.NET - DIG - DNS lookup - find IP address
Web-based Dig

BayThreat Talk Links

BayThreat-1: Securing Information - Material Issues | Symantec
BayThreat-2: IANA IPv4 Address Space Registry
BayThreat-3: Free IPv4 Pool Now Down To Seven /8s (11-30-10)
BayThreat-4: Two more down | Fix6 - IPv6 News and information (5-8-10)
BayThreat-5: 1/8 and 27/8 allocated to APNIC, 24 blocks remain (1-21-10)
BayThreat-6: Less IPv4 /8 adresses are available by April! (4-10-10)
BayThreat 7: IPv4 Address Report
BayThreat-8: IPv4 Address Depletion Graph
BayThreat-9: Effect of the Hurricane Electric T-Shirt
BayThreat-10: DoD IPv6 Timeline
BayThreat-11: Federal IPv6 Transition (from Cisco)
BayThreat-12: IPv6 Enabled Websites - SixXS Wiki
BayThreat-13: Hurricane Electric Free IPv6 Certification
BayThreat-14: Installing THC-IPv6 and Scanning on IPv6
BayThreat-15: utorrent app now supports IPv6/teredo directly
BayThreat-16: Deprecation of Type 0 Routing Headers in IPv6
BayThreat-17: The ping-pong phenomenon with p2p links
BayThreat-18: IPv6 Sages By Country and State
BayThreat-19: CCSF Hurricane Electric Sages

General IPv6 Links

IPv6 - Wikipedia
IPv6 Addressing at a Glance
DHCPv6 Based IPv6 Access Service  [IPv6] - Cisco Systems
Cisco IOS Router IPv6 - IPv6 Intelligence
Cisco IOS IPv6 Command Reference - Cisco Systems
Cisco IOS IPv6 Configuration Guide, Release 12.4

IPv6

IPv6 1: Level3 Brochure Showing Large-Scale IPv6 Deployment
IPv6 2: IPv6 Summit Presentation from DOD (from 2003)
IPv6 3: IPv4 Address Report
IPv6 4: Transition to IPv6 - Industry Solutions - Cisco Systems
IPv6 5: Cisco IPv6 Solutions  [IP Version 6 (IPv6)] - Cisco Systems
IPv6 6: IPv6 Forum :: Driving IPv6 Deployment
IPv6 7: DHCPv6: Dibbler - a portable DHCPv6
Ipv6 8: IPv6: What, Why, How presentation slides
Weekend Project: Transition to IPv6 | Linux.com
IPv6 Act Now
2010-05-17: Hosting plans compared--RapidXen looks best
2010-05-17: Draft guidelines for the secure deployment of IPv6
Hurricane Electric Free IPv6 Tunnel Broker--Start here, get on IPv6
Hurricane Electric Free IPv6 Certification--This is the game to play
Results of my BALUG talk
How to set up a mail server on a GNU / Linux system
6in4 - Wikipedia
6to4 - Wikipedia
Teredo tunneling - Wikipedia
IPv4-mapped Addresses - Wikipedia
Using IPv4-compatible addresses: IPv6
NAT-PT: IPv6 transition mechanisms - Wikipedia
IPv6 Glue: TLDs and registrars supported
Domain name DNS test - DNS-info
Howto: Setup a DNS server with bind - Ubuntu Forums
How to Set Private Nameservers on Domain Names
2010-05-24: IPv6: Can’t ping anything - “Operation not permitted”
2010-05-26: RM IPv6 Summit Whitepapers Presentations and Documents
2010-05-26: IPv6 Summit Presentations 2010 Here
2010-05-26: Bug #188934 in ufw (Ubuntu): default ipv6 policy is block
2010-05-26: IPv6 Ready Logo Site--Note DHCPv6 update and info re: Dibbler
2010-05-26: IPv6 Enabled Website Logo Certification
2010-05-26: Secure64\'s technique to convert IPv6 to IPv4-DNS-64-Translation
2010-05-27: Browser Forensics: ChromeAnalysis & FoxAnalysis!
2010-05-27: Scapy--powerful interactive packet manipulation program--can create forged IPv6 packets
2010-05-27: Scapy now supports IPv6
Excellent IPv6 Security slides from Scott Hogg
2010-05-27: Windows XP and later use privacy IPv6 addresses by default--see pages 31ff of this talk
Interesting list of IPv6 tunnel types
2010-05-27: Routing Header Zero allows packet amplification attack with IPv6
2010-05-27: utorrent app now supports IPv6/teredo directly
2010-05-27: AS6453 Public IPv4 and IPv6 Looking Glass--Test your IPv6 Hosts Here!
2010-05-29: The ping-pong phenomenon with p2p links--IPv6 DoS Vulnerability
2010-06-01: Tech-Smithy - IPv6-enabled website hosting
IPv6-capable devices: Make sure they are ready
2010-06-03: Results of my IPv6 talk to BALUG and SVLUG
SixXS IPv6-IPv4 and IPv4-IPv6 Website Gateway
Apache2 SSI Installation with Ubuntu Linux
Ubuntu Linux Add Static IPv6 Address Network Configuration
Configuring Apache 2 on Debian, Ubuntu - Control-Escape
SixXS - 10 easy mini steps to IPv6
SixXS - IPv6 Deployment & Tunnel Broker :: AICCU - Automatic IPv6 Connectivity Client Utility
SixXS Tunnel Driver for Windows 7
SixXS - IPv6 Deployment & Tunnel Broker :: FAQ : AICCU (TIC, Heartbeat & AYIYA)
IPv4 and IPv6 Addressing - Part 1
2010-06-10: 6RD: IPv6 rapid deployment - Wikipedia
Big step for IPv6: Comcast starts trials
Google IPv6 Implementors Conference Slides
20Netflix streaming over IPv6
How to get started using Google over IPv6
DREN\'s experience deploying IPv6 on a real live network--excellent, important information
Test your IPv6--Very thorough and nice test of your client connectivity
Hop-by-Hop and Router Alert extension headers require extensive processing and create a DoS vulnerability in IPv6
Cisco Carrier-Grade IPv6 Solution - Nice Flash IPv6 ad on this page
6to4 Addresses Explained
Security Considerations for 6to4
Penetration Testing with IPv6
RFC 5157 - IPv6 Implications for Network Scanning
IPv6 Attack Toolkit--THC-IPV6
Scanning on IPv6--How I got THC-IPv6 working on Ubuntu at Google
Comcast IPv6 Adoption Monitor
YouTube support of IPv6 seen in dramatic traffic spike
IPv6 for the Masses--Summary of the Google IPv6 Implementors Conference
Last IPv4 Addresses May Already Be Cluttered
IPv6 exposes identity of VPN users who use BitTorrent
ARIN IPv6 Wiki
Hacking IPv6 by Joe Klein--Good Lists of IPv6 Security Events and Hacking Tools
T-Mobile is pushing IPv6. Hard. All future cellular deployments will be IPv6-only
2010-06-30: US Gov’t IPv6 requirement takes effect tomorrow
IPv6 Access Lists on IOS
Defcon-talk-1: crowded-train.jpg
Defcon-talk 2: Essential Next Steps in the US Government Transition to Internet Protocol version 6 (IPv6) (pdf)
Defcon-talk 3: IPv4 Address Report
Defcon-talk 4: DoD IPv6 Timeline
Neighbor Discovery (ND): IPv6 in Windows 7
Defcon-talk 5: gogo6 | IPv6 products, community and services
Defcon-talk 6: SixXS - IPv6 Deployment & Tunnel Broker
Defcon-talk 7: Hurricane Electric Free IPv6 Tunnel Broker
Defcon-talk 8: Scanning on IPv6 with THC-IPv6
Defcon-talk 9: utorrent app now supports IPv6/teredo directly
Decfon-talk 10: Routing Header Zero Packet Amplification Vulnerability
Defcon-talk 11: The ping-pong phenomenon with p2p links
Defcon-talk 12: Hurricane Electric Free IPv6 Certification
6to4: Easing the IPv6 transition | Open Query blog
ICANN\'s one-page IPv6 Address Types
Quest offers IPv6 service
IPv6 Adoption Monitor from Penn State
2010-07-08: IPv6 Adoption Monitor from Comcast
Details of the infamous MacOSX 10.6 bug that blocks IPv6 traffic to nodes with both A and AAAA Records
Testing NAT64 and DNS64--Excellent summary of where we are and the serious problems with existing 6-to-4 gateway devices
Download the gogo6 IPv6 client
Netsh commands for Interface IPv6: IPv6; Scripting
2010-07-30: Sams Defcon test server at http://[2001:05c0:1000:000b:0000:0000:0000:6f5e]/
IPv6Sec Security Talks by Joe Klein
2010-08-01: OCCAID: Promoting IPv6 in America
A Look at IPv6 Allocations Since 1999
IPv6 CPE Survey
IPv6 /127 Prefixes - Good discussion
Linux IPv6 HOWTO
Learning From Successful IPv6 Upgrade Projects
6DISS > Publications -- including the free IPv6 deployment Guide
IPv6 Reverse DNS zone builder for BIND 8/9
Hurricane Electric IPv6 Certification Videos
Instant6 - Easy IPv6 for Web Servers
IPv6 extra credit projects 1 & 2 (up to 100 points)
RFC3697 - IPv6 Flow Label Specification
hMailServer - Free email server for Microsoft Windows--works on IPv6
Using Metasploit to put an IPv6 trojan on a WIndows XP box -- important for IPv6 and Adv Hacking classes
There is no Plan B: why the IPv4-to-IPv6 transition will be ugly
IPv6 Cheat Sheet from Packetlife.com
The Upside of Moving to IPv6
Everything you need to know about IPv6
IPv6 - Ubuntu Wiki
Linux or BSD 6to4 Relays - ARIN IPv6 Wiki
IPv6.com - The IPv6 Header and How it Works
IPv4 Exhaustion: What About Class E Addresses?
How To Properly Disable IPv6 in Windows 7
2010-10-20: Cisco IPv6 Tutorial by Hinwoto
HE IPv6 Tunnel Setup Script
2010-10-26: iTWire - 20 million engineers need IPv6 training, says IPv6 Forum
IPv6 Education Certification Logo Program
2010-10-26: Cisco IOS Hints and Tricks: DHCPv6 over PPPoE: Total disaster
IPv6 AAAA DNS Whitelisting Implications
IPv6 Learning Roadmap from Microsoft
Linux IPv6 HOWTO (en)
6PE: The most widely-used IPv6 deployment scheme in the world
2010-11-03: IPv6: Beware of Dirty, Muddy IPv4 Addresses as the Pool Dries Up
Free CCNA Workbook with IPv6
IPv6 Transition Technology--good explanation of ISATAP, Teredo, and 6to4
Setting up a home IPv6 network with Linux and he.net
IPv6 addressing: how wrong can you get it?
Apple fixes broken IPv6 by breaking it some more
Apple fixes broken IPv6 by breaking it some more
2010-11-12: How to implement EIGRP for IPv6 on Cisco Routers
Cisco Nexus 1000V doesn\'t support IPv6 ACL Rules
Seven Security Policies for the IPv6 Network of the Future
List of 6to4 relays!
2010-11-22: The whole IPv6 BGP table
Installing gogoc in Ubuntu 10.10 Maverick Meerkat is easy except DNS
Recent advances in IPv6 insecurity
IPv6 for Microsoft Windows: Frequently Asked Questions
Why DNS blacklists don\'t work for IPv6 networks
2010-11-30: OpenWrt now easily supports IPv6, and Comcast is using it!
6to4 - How Bad is it Really? BAD--15% failure rate
IPv6 Tips for Windows
IPv6 - Cisco Systems

New Unsorted Links

2010-12-10: AFTR (Address Family Transition Router) - IPv6 to IPv4 gateway
IPv6 Addressing CheatSheet
L2a: IPv6 Address Types from ICANN
Security preparations for IPv6 migration must start now
IPv6 migration tactics
The Litech IPv6 Primer
IPv6 Sages By Country and State
2010-12-18: Can Large Scale NAT Save IPv4?
IPv6 Address Space Graphic
2010-12-20: Interesting chart of backbone IPv6 adoption--8% so far
Cisco\'s IPv6 Site!
Interesting security risks of IPv6
Free IPv6 e-learning module
Packetstan: Scapy, and Random Acts of Packety Violence <-- CNIT 124 Project
NIST SP 800-119 Guidelines for the Secure Deployment of IPv6 <-- Very good, may be textbook for IPv6 Course
Ip6config for iPhone
Book Reviews - ARIN IPv6 Wiki
Things you didn\'t known about IPv6 link-local address
Carrier Trick To Save IPv4 Could Help Spammers
IPv6 Consulting -- example of business announcement
FCC Working Paper on IPv4 exhaustion and the IPv6 transition
IPv6 Router Advertisement Options for DNS Configuration (RFC6106)
2011-01-02: Ipv6 Hate - 65% People Agree (144 opinions)
2011-01-02: Ipv6 Love - 35% People Agree (79 opinions)
IETF decides to end recommendation of /48 deployments of IPv6 addresses
2011-01-04: Excellent presentation of IPv6 deployment and security issues<--Add to IPv6 Course
US government getting more interested in IPv6--Good summary of the recent NIST and FCC documents
2011-01-04: Excellent analysis of IPv6 6to4 failure rates--epic long traceroutes, avoid 6to4 like the plague!
2011-01-04: New IPv6 draft for Carrier-Grade NAT--this will be essential for migration
IPv6 Security Part 1, RA Guard--The Theory
2011-01-06: Recent advances in IPv6 insecurities on Vimeo
Good summary of the IPv6 events in 2010
Biggest mistake for IPv6: It\'s not backwards compatible, developers admit (from 2009)
Uptake of IPv6 in All Regions <--ARIN way behind
Cisco IOS IPv6 Configuration Guide
RFC draft deprecates the concept of IPv4 _only; an iIP-capable node MUST support IPv6
Good link for proposed textbook: IPv6 Guide Provides Path to Secure Deployment of Next-Generation Internet Protocol
Excellent explanation of DS-Lite and CGN for IPv6 Migration
IPv6: Smartphones compromise users\' privacy
AFTR (Address Family Transition Router) - IPv4 to IPv6 gateway
LTE devices must support IPv6, says Verizon (from 2009)
Windows IPv6 Zone ID field explained (% number after IPv6 Address)
Find Zone IDs with the \"netsh interface ipv6 show interface\" command on Win 7
What is the zone ID and why is it needed?
SixXS :: IPv6 ULA (Unique Local Address) RFC4193 registration
SourceForge.net: IPv6SubnetCalc
ipv6finder : Scanning a network for IPv6 addresses
Pv6 Security Part 1, RA Guard -- The Theory
ISATAP - Intra-Site Automatic Tunnel Addressing Protocol
IPv6 Tunneling Technologies Compared
ipv6-ops Mailing List
2011-01-22: YouTube - The Day The Routers Died...
DD-WRT IPv6 to Your Local Network
World IPV6 Day -- Let\'s proxy some sites!
IPv6 Day - Tunnel Brokers
2011-01-28: Gateway6 HTTP Server--another free IPv6 tunnel service
Personal ipv6 Tunnel Broker with OpenVPN
Good graph of Regional Internet Registryj IPv4 exhaustion dates
Understanding Internet Address Space Usage -- Excellent Visualization of IPv4
OMG! World IPv6 Day Tester
What is IPv6? And Why Should We Care (Infographic)
IPv6 Myths
How to become a Certified IPv6 Technician on a Mac
2011-02-28: Speaking of Standards » Using an iPad or iPhone 4 with IPv6
Setting up gogo6.net IPv6 client on Ubuntu Maverick
How to become a Certified IPv6 Technician with a Mac Part Two -- RobPickering.com
2011-03-12: Apple Mac OS X IPv6 - IPv6 Intelligence
Cisco ASA to Hurricane Electric IPv6 Service
2011-03-15: IPv6 Address Allocations <-- Interesting Graph
Preparing an IPv6 Addressing Plan
NAT444 (CGN/LSN) and What it Breaks %u2014 The IPv6 Experts .net
Preparing an IPv6 Addressing Plan Manual
Slowloris DoS attack now possible with NMAP <--CNIT 124 Project
Brocade switches can act as IPv4-to-IPv6 gateways
OMG! World IPv6 Day Tester
2011-04-04: IPv6 MITM attack with working exploit code
RFC 6104 - Rogue IPv6 Router Advertisement Problem Statement
RFC 3971 - SEcure Neighbor Discovery (SEND) -- the real solution to rogue RAs
Apple iOS 4.3 randomizes SLAAC IPv6 Addresses better than Windows 7
Cisco Blog » Securing IPv6 -- Excellent summary
IPv6 Crash Course For Linux
InteropNet\\\'s IPv6 Networks, including RAGuard
IPv6 Secure Neighbor Discovery: Protecting Your IPv6 Layer 2 Access Network  [IPv6] - Cisco Systems
Videos of Sam\'s IPv6 Class
Domain Name Registration at Joker.com <--Reportedly they support IPv6 Glue
IPv6 Provider-Independent addresses <--Will cause routing table growth
IPv6 and DirectAccess Troubleshooting Cheat Sheets <-- very interesting: IP-HTTPS!
YouTube videos about IPv6
OpenDNS provides free IPv6 DNS at 2620:0:ccc::2
Find a Router from its MAC Address
6to4 - Why is it so Bad? <--Fantastic and inspiring research
IPv6 Geolocation
Deploying ISATAP on Windows
ISATAP uses IPv4 as a link-local nonbroadcast network and tangles the OSI layers (Wikipedia)
Understanding ISATAP - Wonderful IPv6 Tutorials!
Securing IPv6 Transition Technologies
HP Blogs - Subnet security for IPv6 networks <--good tips for blocking ICMPv6 attacks
IPv6 and Security - Marc Heuse, creator of thc-ipv6 -- video worth watching!
RFC 6180 - Guidelines for Using IPv6 Transition Mechanisms during IPv6 Deployment
How To Enable IPv6 On Windows XP
2011-06-18: IPv6 Header and QoS
2011-06-28: Linphone -- IPv6-enabled softphone for Windows, Linux, and Mac
2011-07-03: enable IPv6 privacy extension on MacOS X 10.5/10.6
Thorough explanation of privacy extensions on many OS\'s
2011-07-03: Bypassing Cisco*quot*s ICMPv6 Router Advertisement Guard feature
How Secure Is IPv6? - Holes and Plugs
2011-07-03: thc-ipv6 shows that the iPad has IPv6, but the Nook does not
What You Should Know About IPv6 by Ed Horley, incl. how to disable transition technologies
RFC 6324 - Routing Loop Attack Using IPv6 Automatic Tunnels: Problem Statement and Proposed Mitigations
Freenet6 Routing Problem -- demonstration of IPv6 Routing Loops in Tunnels
Scariest IPv6 attack scenarios
Undesirable \'tainted\' IPv4 address blocks (from 2010)
Google public IPv6 DNS
CloudFlare*quot*s 2-click solution makes your website IPv6 compatible for free
Hilarious & cruel IPv6 presentation from 2007
Dynamically-Routed IPv6 With Multiple Subnets Using tinc and Quagga
Hilarious slides on IPv6 transition by Geoff Huston
USG IPv6 & DNSSEC Deployment Status
Good IPv6 slides from Ron Broersma -- IPv6 DNS Auto-update (slide 30)
Windows machines with ICS enabled put out Rogue IPv6 Router Advertisements RFC 6104
Configuring IPv6  [Cisco ASA 5500 Series Adaptive Security Appliances]
NAT444 (CGN/LSN) and What it Breaks
AX Series Server Load Balancer: IPv6, IPv4 Dual Stack
NAT64 and DNS64 in 30 minutes
IPv4 Exhaustion Predictions -- RIPE is next, then ARIN
gogoSERVER -- Hardware IPv4-to-IPv6 gateway
Personal ipv6 Tunnel Broker with OpenVPN
IPv6 Security Slides from Fernando Gont
Win 7 DoS by IPv6 RA Packets

IPv6 in Microsoft Windows 7, Linux and OSX Lion

Remotely Triggered Black Hole Filtering in IP Version 6 for Cisco IOS

IPv6: Resistance is Futile

How to prevent ipv6 tunneling across firewalls and routers

RFC 5952 - A Recommendation for IPv6 Address Text Representation

IPv6 Wireless Support The Broadcast Problem -- VLANS leak

6to4 IPv6 Tunneling - Packet Life (Mobile)

Hacking IPv6 Networks Training from SI6 -- many interesting attacks!

IPv6 Toolbox - more attack tools! -- PROJECT IDEAS

ICMPv6 slides from Sharkfest 2012

Binary Games

Binary Games for CNIT 60

6Guard: a honeypot-based IPv6 attack detector The Honeynet Project

IPv6 Sage T-Shirt

HE IPv6 Certification Program: Its History and Importance by the man who developed it

Ipv6 ISATAP tunneling CCIE, the beginning!

IPv6 ISATAP configuration example with a Cisco router as a client

An Investigation into IPv4 to IPv6 Migration Techniques with hands-on Cisco projects

Vyatta Guide to IPv6 Support

Teredo for MacOS X

Routing Loop Attacks Using IPv6 Tunnels (undated, circa 2009)

VMware Fusion Virtual Network Configuration

VMWare Fusion Virtual Networks

Spread the Word Team ARIN

Vyatta Tunnels Reference Guide

6to4 and 6in4 Tunnels

Apple Mac OS X IPv6 Support

Fixing the IPv6 Firewall on MacOS X 10.6

The 99 Percent Demand IPv6

Charles Atlas Gets IPv6

IPv6 NAT - You can get it, but you may not need or want it

Achieving PCI Compliance When Using IPv6

Vyatta VPN Reference Guide

DNS Propagation Checker

Fixing Teredo on Windows Server 2008

How to customize VMware Fusion networking

Change your MTU under Vista or Windows 7

How to get an ipv6 stateful dhcp address on Windows 7 workstation?

IPv6 Address Autoconfiguration how to install -- Three options with Managed and Other Flags

Disabling IPv6 Communications on Windows 7

Batch script to watch network interface

Very helpful netsh command builder

DHCPv6 Flip-Flop Vulnerability--Both Windows 7 and Mac OS X Get it Wrong (ty Jeff Carrell)

IPv6 Forum Certified Engineer (Silver) -- Recommended for CNIT 60 Students

IPv6 Forum Certification Site

Google's IPv6 Adoption Graph

"IPv6 Preference" Defined by APNIC

US IPv6 Preference Graph--Percentage of users who use IPv6 when offered both v4 and v6

Intel predicts by 2020, 31 billion devices will be on the Internet...in 2010 there were 5 billion

NAT64 and DNS64: IPv4IPv6 Co-existence via Server Load Balancer

RFC 5570 - Common Architecture Label IPv6 Security Option (CALIPSO)

Chrome Web Store - IPvFoo

IPv6 NDP Table Exhaustion Attack Slides

IPv6 Neighbor Discovery exhaustion attack and IPv6 subnet sizes

Best Current Operational Practices-IPv6 Subnetting

More NDP Flooding Slides

Microsoft Windows IPv6 Router Advertisement (RA) MitM Weakness

Happy Eyeballs

Microsoft's deployment of RFC 3484 instead of Happy Eyeballs

RFC 6724 - Default Address Selection for Internet Protocol version 6 (IPv6)

Connecting with IPv6 in Windows 8 (June, 2012)

Firewall Design Considerations for IPv6 (NSA, 2007)

Recommendation for IPv6 Stateful Firewalls (from 2011)

RFC 6092: Simple Security in IPv6 Gateway CPE (Jan. 2011)

IPv6 Firewalls - ARIN IPv6 Wiki

IPv6 firewalling on Vyatta (from 2011)

2012-11-29: Video of wireless RA flood attacking iPad 3

IPv6 directions for openwrt

Vyatta Configuration Generator

IPv6 Router Advertisements Deep Dive

DNSSEC demo

Download usbit.zip free - USB Image Tool - It Works!

Security Assessment of Neighbor Discovery (ND) for IPv6

Teredo Overview--Explains how Teredo Relays are Used

IPv6 Exhaustion Counter

Global IPv6 stat, updated daily.

Security Implications of IPv6 on IPv4 Networks

Excellent list of IPv6 security issues

Filtering ICMPv6 at the Border

Preparing an IPv6 Addressing Plan -- RIPE Labs

Hurricane Electric BGP Looking Glass

2013-03-28: CCSF seems to run an open resolver

SLAAC attack: the "man in the middle" of IPv6

Hacking IPv6 data networks: Neighbor Spoofing

Capturing SMB files transmitted with man in the middle attacks in IPv6 using FOCA Evil

Evil FOCA: SLAAC Attack (1 of 4)

Bridging HTTP (IPv6) - HTTPs (IPv4) with FOCA Evil

Topera: Invisible IPv6 scanner evades Snort with Extension Headers

Interesting discussion of Microsoft's IPv6 Readiness Update and Happy Eyeballs (from 2012)

SI6 Networks' IPv6 Toolkit -- runs on Mac

2013-04-19: tunneling The Linux Foundation
Configuring tunnels with iproute2

One year left: a though explanation of IPv4 address depletion

Rogue Router Advertisement Attack--Bypassing RA Guard

RFC 6946: Processing of IPv6 "Atomic" Fragments

IPv6 Security Master Thesis

Infographic World IPv6 Launch

Verizon runs their entire LTE network over IPv6 (June, 2013)

Over 25 of Verizon Wireless Traffic Is Now Over IPv6 (April, 2013)

Exotic IPv6 Packets: Hop-By-Hop Headers and Destination Options

OpenWrt native IPv6-stack

2013-06-13: An easy way to get IPv6 ready on the outside (IPv6 to IPv4 proxy)

IPv6 multicast MAC addresses always start with 33:33

Discovering IPv6 with Wireshark -- Excellent slides detailing neighbor discovery and address configuration (from 2010)

IPv6 multicast background traffic (Part 6) - Apple's Bonjour -- Wow, this is just BEGGING to be exploited

BonJour's IPv6 Multicast Defeats IGMP Snooping and Creates Broadcast-Like Chatter on a LAN

IPV6 ATTACKS AND COUNTERMEASURES by @netsec14

IPv6 Security Threats and Mitigations (Cisco, c. 2009) Cisco supports SeND!

First-Hop IPv6 Security Features in Cisco IOS

IPv6 RA Flooder for Android: Flood Port - Android Apps on Google Play

IPv6 Extension Headers - New Features, and New Attack Vectors

IPv6 Fragmentation Attacks -- a lot of them!

Microsoft Teredo Server 'Sunset'

AirPlay and IPv6

DEFCON 21: Fear the Evil FOCA -- IPv6 Attacks -- Slides

IPv6 Buddy

CVE-2011-2391 Apple fixed an IPv6 flood vulnerability from 2011 in iOS 7

6rd Slides -- VERY GOOD

Homenet slides, using OSPF, IPv6 and Google Plus

Microsoft's DNS Servers fec0 from 2005

FECO:: windows DNS servers

RFC 3879 - Deprecating Site Local Addresses (2004)

Cisco IPv6 Lab: IPv6 Deployment

Pv6-only servers

Germany's second largest ISP "KDG" has no IPv4 left and reconfigures all customers for #IPv6 + DS-lite (private IPv4 addresses with ISP NAT)

Measurements World IPv6 Launch

IPv6 training - free class from gogoNET

HE IPv6 Certitication -- Frequently Asked Questions

Testing the security of IPV6 implementations

RFC 6555 - Happy Eyeballs: Success with Dual-Stack Hosts

How to reset the DHCPv6 DUID on Windows workstations

DHCP Unique ID for Clients and Servers Overview - Technical Documentation - Support - Juniper Networks

How to find DUID on Lion: Apple Support Communities

IPv6 Extension Headers - New Features, and New Attack Vectors

IPv6 Routing Header Security (from 2007)

Troopers14 IPv6 Security Summit 2014 - Talks

RFC 7157: IPv6 Multihoming without Network Address Translation

What is wrong with the IPv6 RA protocol ? Some analysis and proposed solutions (from 2012)

IPv6 Security: Attacks and Countermeasures in a Nutshell

IPv6 Attack tools - Scott Hogg

Chiron -- An All-In-One IPv6 Penetration Testing Framework

Handling IPv4 using IPv6 - Best Explanation of Apache's IPv4-Mapped Addresses (2012)

RFC 6724 -- apparently fec0:: addresses are valid for some purposes!

IPv6 Security Myth #2 -- IPv6 Has Security Designed In
MLD, a tale on Complexity in IPv6
Chiron: IPv6 Attack Tool
ARIN IPv4 Free Pool Reaches Zero 24 September 2015
Are second-hand MoD IPv4 addresses being used in invoice scams? (Dec. 14, 2015)
Abstruse Goose | Behold the pale horse...

Last Updated: 7-14-11 1 pm