Healthy Paranoia Show 4:IPv6 Security Smackdown!

Join Healthy Paranoia for The Matchup of the Century: The IPv6 Security Smackdown! Where builders and breakers wrestle with some of the most difficult security challenges surrounding the protocol. We discuss some of the common vulnerabilities, make recommendations for getting started (safely) and even find time to lament the evils of Carrier-grade NAT (CGN). Michele and Ethan are joined by a cast of luminaries, including:

  • Fernando Gont, security researcher*
  • Eric Vyncke, Cisco Distinguished Consulting Engineer and author
  • Joe Klein, security researcher*
  • TJ Evans, IPv6 instructor and engineer
  • Jim Small, Sr. Consultant – Network/Security Architecture and Engineering, CDW
  • Scott Hogg, Cisco Press author and Director of Technology Solutions for RMv6TF

Show notes:

NIST Guidelines for the Secure Deployment of IPv6

Planning Guide/Roadmap Toward IPv6 Adoption within the U.S. Government

NSA: Firewall Design Considerations for IPv6 

NSA: A Filtering Strategy for Mobile IPv6 

NSA: Router Security Configuration Guide Supplement – Security for IPv6 Routers 

IPv6 Fact Sheet 

Internet Society | IPv6 

NIST: Estimating IPv6 & DNSSEC External Service Deployment Status 

Controversial ZDNET article

Hurricane Electric Global IPv6 Deployment Progress Report

Arbor Networks Worldwide Infrastructure Security Report 2011 Volume VII 

SI6 IPv6 Toolkit

IPv6 Hackers Mailing List 

The Hacker’s Choice IPv6 Attack Tool Kit

IPv6 Security Lab:Veripy 

IPv6 Security, by Scott Hogg and Eric Vyncke

gogoNET Live! 3 , Event for professionals to go v6

UPDATE: check out Ivan Pepelnjak’s upcoming webinar on IPv6 security. Wish I had enough hours in the day to view them all.

I think this requires an xkcd comic.

* Security researcher is really just a nice way of saying hacker or breaker.

Mrs. Y
Mrs. Y is a recovering Unix engineer working in network security. Also the host of Healthy Paranoia and official nerd hunter. She likes long walks in hubsites, traveling to security conferences and spending time in the Bat Cave. Sincerely believes that every problem can be solved with a "for" loop. When not blogging or podcasting, can be found using up her 15 minutes in the Twittersphere or Google+ as @MrsYisWhy.
Mrs. Y
Mrs. Y
  • Will Dean

    RDNSS is supported on OS X 10.7 and 10.8. It’s also supported on iOS 5 and up.

    • TJ Evans

      I didn’t realize Apple had gotten that in, kudos on that front (They also got DHCPv6 on Mac recently). Now, if only “Everyone Else” did likewise …

  • r

    looking forward to your podcast downloads being from a v6-enabled content server at some point – hopefully sooner rather than later.

    • Etherealmind

      We have too much traffic to handle our own servers, and too little time to scale up our own solution. So we use managed services. Our web CDN is IPv6 enabled, but the podcast CDN does not.

      Not much we can do. Impossible to run our own services and produce content and have $dayjobs.


  • Nathan

    I am just listened to this today and was wondering where to obtain the neighbor cache mapping daemon described by Eric or Fernando.