ipv6 - 16 byte?? - Networking

This is a discussion on ipv6 - 16 byte?? - Networking ; On Jul 9, 5:46 am, Roger Blake wrote: > I find that NAT works quite well, The Internet worked quite well without the world wide web too. > and from a security standpoint certainly > it is a good thing ...

+ Reply to Thread
Page 2 of 2 FirstFirst 1 2
Results 21 to 30 of 30

Thread: ipv6 - 16 byte??

  1. Re: ipv6 - 16 byte??

    On Jul 9, 5:46 am, Roger Blake wrote:

    > I find that NAT works quite well,


    The Internet worked quite well without the world wide web too.

    > and from a security standpoint certainly
    > it is a good thing to have an IP address that is not completely exposed
    > to the internet.


    You can do precisely the same filtering of inbound traffic and
    connections with or without NAT. However, with NAT it is much harder
    to allow inbound TCP connections or peer-to-peer traffic.

    DS


  2. Re: ipv6 - 16 byte??

    In article <1183990032.207562.283240@w3g2000hsg.googlegroups.c om>, David Schwartz wrote:
    > The Internet worked quite well without the world wide web too.


    Agreed, it was a much better place.

    --
    Roger Blake
    (Subtract 10s for email.)

  3. Re: ipv6 - 16 byte??

    ArameFarpado wrote:
    > Even the easter bunny can see your mac-adress if it knows your ip.


    Only if he is on the same side of the router. Or is allowed to query
    the ARP tables on your router.

    rick jones
    --
    denial, anger, bargaining, depression, acceptance, rebirth...
    where do you want to be today?
    these opinions are mine, all mine; HP might not want them anyway...
    feel free to post, OR email to rick.jones2 in hp.com but NOT BOTH...

  4. Re: ipv6 - 16 byte??

    Em Segunda, 9 de Julho de 2007 19:05, Rick Jones escreveu:


    >> Even the easter bunny can see your mac-adress if it knows your ip.

    >
    > Only if he is on the same side of the router. Or is allowed to query
    > the ARP tables on your router.
    >
    > rick jones


    Don't you put to much faith on that...

  5. Re: ipv6 - 16 byte??

    ArameFarpado wrote:
    > Em Segunda, 9 de Julho de 2007 19:05, Rick Jones escreveu:
    > >> Even the easter bunny can see your mac-adress if it knows your ip.

    > >
    > > Only if he is on the same side of the router. Or is allowed to
    > > query the ARP tables on your router.


    > Don't you put to much faith on that...


    Given that I'm not worried about my world ending if someone knows the
    MAC addresses of my systems... That being said, I am curious to learn
    how MAC addresses are going to propagate through layer 3 devices. Or
    are you referring to insecurities on the systems themselves?

    rick jones
    --
    oxymoron n, Hummer H2 with California Save Our Coasts and Oceans plates
    these opinions are mine, all mine; HP might not want them anyway...
    feel free to post, OR email to rick.jones2 in hp.com but NOT BOTH...

  6. Re: ipv6 - 16 byte??

    Em Segunda, 9 de Julho de 2007 19:48, Rick Jones escreveu:

    > Given that I'm not worried about my world ending if someone knows the
    > MAC addresses of my systems...

    And you are right

    > That being said, I am curious to learn
    > how MAC addresses are going to propagate through layer 3 devices. Or
    > are you referring to insecurities on the systems themselves?

    I don't know how to do it, but i've seen guys fooling mac-adress filters of
    routers to gain access to private wireless networks.


  7. Re: ipv6 - 16 byte??

    ArameFarpado wrote:
    > I don't know how to do it, but i've seen guys fooling mac-adress
    > filters of routers to gain access to private wireless networks.


    Hmm, what sort of "routers" are we talking about here? Classic
    Routers, or are we talking about "home routers" those
    egg-laying-wooly-milk-pig mishmashes of switch, NAT, firewall, router
    and wireless? I'm guessing the latter, with those guys operating on
    the "same" side of the "router" (the wireless net) rather than on the
    "far" side of the router. That though is simply pure speculation on
    my part though.

    rick jones
    --
    portable adj, code that compiles under more than one compiler
    these opinions are mine, all mine; HP might not want them anyway...
    feel free to post, OR email to rick.jones2 in hp.com but NOT BOTH...

  8. Re: ipv6 - 16 byte??

    Em Segunda, 9 de Julho de 2007 20:52, Rick Jones escreveu:

    > Hmm, what sort of "routers" are we talking about here? Classic
    > Routers, or are we talking about "home routers" those
    > egg-laying-wooly-milk-pig mishmashes of switch, NAT, firewall, router
    > and wireless?

    don't know, i didn't saw the router but i guess it was a home wireless
    router.

    > I'm guessing the latter, with those guys operating on
    > the "same" side of the "router" (the wireless net) rather than on the
    > "far" side of the router. That though is simply pure speculation on
    > my part though.

    they wore in the wireless area of the acess point, yes.

    i'm just not to faithful about a mac can not be read for another point...
    i've seen some wierd stuff, specialy done by high school guys.
    i got a nephew that doesn't know much about computers but he knows ways to
    bring down firewalls using wierd programs from remote points on the
    internet. he and his friends old a huge collection of programs like nukes,
    sniffers, war irc-scripts, password-crackers and other stuff...
    i guess there is allways a way...

    regards


  9. Re: ipv6 - 16 byte??

    ArameFarpado coughed up some electrons that declared:

    > Em Segunda, 9 de Julho de 2007 19:48, Rick Jones escreveu:
    >
    >> Given that I'm not worried about my world ending if someone knows the
    >> MAC addresses of my systems...

    > And you are right
    >
    >> That being said, I am curious to learn
    >> how MAC addresses are going to propagate through layer 3 devices. Or
    >> are you referring to insecurities on the systems themselves?

    > I don't know how to do it, but i've seen guys fooling mac-adress filters
    > of routers to gain access to private wireless networks.


    It's not very hard...

    If they are connecting to the WIFI network, then they are automatically
    within the same subnet. Given that the WIFI security is a MAC address
    filter, we will assume no further encryption. So anyone can see every
    packet.

    Now one runs a simple scanner, eg tcpdump, on the WIFI interface and notes
    the MAC address of other devices that appear to be happily engaged in
    conversation.

    Now re-configure your NIC to the same MAC address as someone else and you
    are in.

    The bizarre thing is that you *can* get away with running two duplicated
    MACs on two different NICs simultaneously and, for TCP connections, the TCP
    error handling sorts everything out well enough.

    I've built two of these WIFI MAC-filter systems, one home and one large site
    (with 2 colleagues). It is well known they are insecure, but they were
    necessary due to the large number of handheld devices in use (does
    everything support WPA? Or even WEP? etc...). It was considered "good
    enough" for the job in hand, and cut the use of the network down from every
    passerby to probably a few more persistent folk who could be bothered to do
    the above, which was fine by us.

    Cheers

    Tim

  10. Re: ipv6 - 16 byte??

    On Sat, 7 Jul 2007 08:52:39 +0200 toni wrote:
    | ipv4 it's a *little bit* too small (only approx 4.000.000.000 hosts... )
    |
    | ipv6, 128 bit, approx
    | 1.000.000.000.000.000.000.000.000.000.000 hosts
    | 1.000.000.000.000 <- this is a trillion

    Closer to 340.282.366.920.938.463.463.374.607.431.768.211.45 6 if you do
    not consider the addressing structure. Portions of the address space are
    divided up for specific kinds of usage. 2000::/3 is for global addresses
    for 42.535.295.865.117.307.932.921.825.928.971.026.432 total hosts ... if
    everyone who gets a connection uses 18.446.744.073.709.551.616 of them.
    Apparently the US government gets a whole /16 which means they can have
    up to 281.474.976.710.656 subnets of up to 18.446.744.073.709.551.616 hosts.


    | It'n only my opinion, or ipv6 is a little bit *expensive* and *wasteful*?

    It might seem so. But it's a structure designed for a lot of flexibility
    as well as leaving space available for future unanticipated needs for
    special kinds of addresses.

    --
    I'm glad the Romans didn't invent the internet. I would
    hate to have IP addresses like cxcii.clxviii.vii.xxxi.

+ Reply to Thread
Page 2 of 2 FirstFirst 1 2