What we really need here is better policy-making. Technology isn't just for the young anymore, and IPv4 should have taught us that letting things grow organically does not necessarily mean consumers will only do good things. Allocation of IP addresses, as IPv4 should have taught us, is a complex and sensitive political issue, among other things. I'd say the current system is not yet mature enough to handle that.
Reshared post from +EuroTech
IPv6 Launch: Preparing For The Internet Of Things
by , ; Germany
Today marks the beginning of a new era: Google, Facebook, Yahoo, and a number of other major Internet service operators are turning on their IPv6 stacks for good. At least, they are trying to… Google has, for example, identified 262 resolvers that may not support IPv6 properly.
What IPv6 promises to bring
IPv4 offered a limited number of IP addresses (2^32 or around 4.3 billion), which ran out in February 2011 thanks to bad allocation policies and massive growth of the number of Internet connections, in particular in the mobile market and in densely populated countries. To cope with this issue, IPv6 was proposed, with a considerably larger addressing space – at 2^128 or around 340 trillion trillion trillion addresses, it has enough space to give every insect on the planet a unique IP address. With that, we should be well prepared to provide not just our booming population with sufficient IP addresses, but also to cope with the Internet of Things, which is already bringing prototype smart utility meters, smart lighting, and other integrated devices into our households.
What we can expect to see today
Actually, not too much. Even any spikes in IPv6 traffic are bound to be minimal. See, enabling the Internet backbone is just the first step in moving the world to the new standard. We still have to conquer aging hardware still in use, in particular broadband connections and older home routers that do not support IPv6. Given that leading Internet access providers across Europe are just starting user tests now on how moving the customer base up to date would work, it will still be a while before the IPv6 rollout is complete.
Watch the German IPv6 traffic statistics with a slight delay: www.de-cix.net/about/statistics/
Hardware manufacturers know that each network device is identified by a unique MAC address. This implies that the MAC address, just like a static IP address, could be considered as a person-identifying piece of information. But since the MAC address is hardware-bound and not assigned by your Internet provider, it is not changeable, and thus a permanent identifier. Unfortunately, a number of mobile device manufacturers produced IPv6-compliant devices with a hidden flaw: they embed the MAC address in the device’s IPv6 address. This, in turn, implies that there is a whole fleet of mobile devices that unwittingly reveal their identities in plain text, and there is nothing their owners can do about that. This could pose a new challenge in several countries where IP addresses are considered personal information.
It is also just one example of how IPv6 address allocation policies are not as mature as they should be. The land grab for IPv6 address blocks has already begun, and almost anyone can reserve address blocks as large as a IPv4 class-B network – that’s 65,534 addresses! If every person and every company tried to reserve the maximum address block they can, we could very well soon be out of allocation space in IPv6 as well.
New security issues
Aside from potential issues due to weak or incorrect configuration, we can expect to see:
• Dual stack attacks: IPv4 and IPv6 are different security monsters. As long as companies are running IPv4 and IPv6 stacks, a hacker could use tunnelling techniques to pitch a new attack vector between the two stacks.
• Mobile protocol attacks: IPv6 security for mobile devices is not as advanced as security for desktop devices. This may lead to additional attack possibilities – although lack of experience with IPv6 makes it difficult to estimate.
• Rogue device attacks: IPv6 uses SLAAC instead of DHCP as network endpoints. And SLAAC only allows snooping to figure out who is on the network if the server supports SEND – which, it turns out, is not always the case (prominent offenders including Microsoft and Apple). Thus it is very possible that a rogue device manages to connect itself to a network.
Are you ready?
Check to see if you are ready for IPv6 here: http://ipv6-test.com/
Show your support by plussing the page and sharing it with friends.
→ More news | http://zipl.us/eurotech/feed (RSS)