Juan Ortega 8/13/09 NTS300
“The problem with version 5 relates to an experimental TCP/IP protocol called the Internet Stream Protocol, Version 2, originally defined in RFC This protocol was originally seen by some as being a peer of IP at the Internet Layer in the TCP/IP architecture, and in its standard, these packets were assigned IP version 5 to differentiate them from “normal” IP packets (version 4). This protocol apparently never went anywhere, but to be absolutely sure that there would be no confusion, version 5 was skipped over in favor of version 6.” (2005). The TCP/IP Guide – IP History, Standards, Versions and Closely-Related Protocols. Retrieved August 13, 2009 from TCPIPGuide Web site:
“The 20-bit Flow Label field in the IPv6 header may be used by a source to label sequences of packets for which it requests special handling by the IPv6 routers, such as non-default quality of service or "real-time" service. This aspect of IPv6 is, at the time of writing, still experimental and subject to change as the requirements for flow support in the Internet become clearer. Hosts or routers that do not support the functions of the Flow Label field are required to set the field to zero when originating a packet, pass the field on unchanged when forwarding a packet, and ignore the field when receiving a packet.” (1998). Internet Protocol, Version 6 (IPv6) Specification – RFC2460. Retrieved August 13, 2009 from faqs Web site:
“One of the promises of IPv6 is that the almost infinite number of addresses and the better (but not perfect) renumbering makes NAT unnecessary so it will once again be possible to deploy new applications without cumbersome workarounds or random failures that the widespread use of NAT imposes in today's IPv4.” IPv6.com – Network Address Translation (NAT) – an in-depth look. Retrieved August 13, 2009 from IPv6 Web site:
“IPv6 addresses were added for six of the world’s 13 root server networks (A, F, H, J, K, M) to the appropriate files and databases. This move allows for the possibility of fuller IPv6 usage of the Domain Name System (DNS). Prior to today, those using IPv6 had needed to retain the older IPv4 addressing system in order to be able to use domain names.” IPv6 Address Added for Root Servers in the Root Zone. Retrieved August 13, 2009 from ICANN Web site:
“The 6bone is an IPv6 test bed to assist in the evolution and deployment of IPv6, the next generation Internet network layer IP protocol often referred to as IPng.” “The 6bone was an IPv6 test bed to assist in the evolution and deployment of IPv6. It was phased out on the 6th of June 2006 per agreements with the IETF IPv6 community.” 6bone Legacy IPv6 Testbed. Retrieved August 13, 2009 from go6 Web site: 6bone/ 6bone/
“Whether or not the new protocol is required at all has been the subject of some debate within the technical community. While some argue that IPv6 is required for the future growth of the Internet, there remains a sizable camp who argue that the protocol is "too little, too late" and that IPv4 with the addition of network address translation (NAT) offers a viable system for the future.” “However, NAT inhibits many forms of innovative network use beyond the simple client-server model that is popular today, and presents very challenging operational problems when deployed on a massive scale.” IPv6 and the Future of the Internet. Retrieved August 13, 2009 from ISOC Web site:
“The address autoconfiguration feature be used by attackers to announce rogue routers. In addition, some of the transitioning mechanisms designed to allow for easier interaction between IPv6 and IPv4 networks can be misused by attackers. Transitioning tools create a way for IPv4 applications to connect to IPv6 services, and IPv6 apps to connect to v4 services.” Address autoconfiguration - IPv6 hosts can configure themselves automatically when connected to a routed IPv6 network using ICMPv6 router discovery messages. Does IPv6 Introduce New Security Vulnerabilities?. Retrieved August 13, 2009 from DSLReports Web site: RFC 4862 – IPv6 Stateless Address Autoconfiguration. Retrieved August 13, 2009 from IETF Web site:
“Existing devices and networks connected to the Internet through IPv4 addresses will continue to work as they do now. In fact, IPv4-based networks are expected to co-exist with IPv6-based networks at the same time. It will become increasingly difficult and expensive (and eventually prohibitively so) to obtain new IPv4 address space to grow their networks. The cost and complexity associated with keeping track of and managing remaining IPv4 address space efficiently will also increase. Therefore, network operators and enterprises will need to implement IPv6 in order to ensure long-term network growth and global connectivity.” Internet Society (ISOC). Retrieved August 13, 2009 from ISOC Web site:
“The main purpose of IPSec is to provide interoperable, high quality, cryptographically-based security for IPv4 and IPv6. It offers various security services at the IP layer and therefore, offers protection at this (i.e. IP) and higher layers. These security services are, for example, access control, connectionless integrity, data origin authentication, protection against replays (a form of partial sequence integrity), confidentiality (encryption), and limited traffic flow confidentiality.” IPv6 and IPsec. Retrieved August 13, 2009 from IPv6 Web site:
“The major benefit of this standard is that the mobile nodes (as IPv6 nodes) change their point-of-attachment to the IPv6 Internet without changing their IP address. This allows mobile devices to move from one network to another and still maintain existing connections. Although Mobile IPv6 is mainly targeted for mobile devices, it is equally applicable for wired environments..” Mobile IPv6. Retrieved August 13, 2009 from IPv6 Web site:
I know that IPv4 was running out of addresses, so I always though, why not just set up more NATs? Doesn't that create private IP addresses for the intranet, doesn't that make it hard for attackers to get the private IP not just the public IP? According to ISOC: “No. All the security features provided in an IPv4 NAT box can be provided by an IPv6 router with firewall capabilities, without the need to modify the address.” Internet Society (ISOC) - Education and Training. Retrieved August 13, 2009 from ISOC Web site: