Google and IPv6

Terry Manderson terry at apnic.net
Mon Mar 17 13:30:02 CET 2008


On 17/03/2008, at 10:10 PM, Remi Denis-Courmont wrote:
>>
>> Speaking personally, I have seen analysis of neither client behaviour
>> nor connectivity in the IPv6 Internet today.  Are things really as  
>> bad
>> as folks say or is it partly a kind of "urban legend of horribleness"
>> that persists from earlier tests with less-mature operating systems
>> and less reliable connectivity?  I  just have 6to4 at home and my  
>> Mac,
>> Linux, and XP boxes all seem to work just fine.
>
> 6to4 at home is one thing...
>
> I have seen my 6to4 setup fail. For instance, some hotels do assign  
> public
> IPv4 addresses through DHCP, but yet they blackhole proto-41. Stateful
> firewalls also customarily drop proto-41 toward the native IPv6  
> Internet,
> because packets from the downstream 6to4 relay come from an  
> "unsolicited"
> IPv4 address.


Probably a little askew from topic..

In the past few IETFs and some security related meetings I have run  
into a few security folk who are rather concerned about 6to4, (proto  
41). Their concerns relate to the existence of command and control  
channels to and from botnets using 6to4 and completely bypassing IDS  
and firewall packet inspection.

Has anyone else heard or seen this?

Terry
--
Terry Manderson                         email:      terry at apnic.net
Network Operations Manager, APNIC       sip:    info at voip.apnic.net
http://www.apnic.net                    phone:      +61 7 3858 3100




More information about the ipv6-ops mailing list