[colug-432] IPv6 adventures
Jim Wildman
jim at rossberry.com
Mon Aug 31 11:43:09 EDT 2015
My talk from Texas Linux Fest (with some slides lifted straight from Rick's talk)
https://youtu.be/qksUJDZT5_g
I'll be doing 2 3 hour labs on this at OLF in October.
I already have a list of corrections for the content. Nothing like putting it on the
Internet to find out what you are wrong about.
On Mon, 31 Aug 2015, Rob Funk wrote:
> R P Herrold wrote:
>> The IPv6 address calculator tool I mentioned was:
>> ipv6calc
>> for more easily building PTR records
>> http://www.deepspace6.net/projects/ipv6calc.html
>
> That reminds me: Someone needs to send that to Time-Warner, because
> their IPv6 reverse-lookup is completely broken.
>
>> Probably multiple units thinking they are the 'authortative'
>> radvd. On the clients a ip6tables rule pair like this may
>> help:
>>
>> -A FORWARD -p ipv6-icmp --icmpv6-type
>> router-advertisement -s fe80::202:b3ff:feda:5e8b -j ACCEPT
>> -A FORWARD -p ipv6-icmp --icmpv6-type
>> router-advertisement -j DROP
>>
>> for all but wanted radvd's.
>
> As far as I know I don't have any radvd on my network, though I assume
> there's one on the T-W side. Maybe their radvd plus my dhcp is the
> problem?
>
>> [We intentionally use the Link-Local side, not the Global scoped
>> source, to reduce the likelihood of successful 'spoofing' from
>> external 'forgers' -- ^fe packets do not properly cross router
>> boundries] The log files on the radvd's should be settable to a
>> debug level to show the MAC addresses of the clients they are
>> servicing
>
> I get an "Invalid argument" error when I try to ping or ssh to the
> link-local address of one machine from the other.
>
>> TCPDUMP should also know how to display only that packet type.
>> Write an ! host rule for known radvd's and see what other MAC
>> addresses are talking that ICMP packet type. The 'man' page
>> for my local version suggests crafting such rules is left as
>> an exercise of the reader ;)
>
> Hmmm.....
>
> _______________________________________________
> colug-432 mailing list
> colug-432 at colug.net
> http://lists.colug.net/mailman/listinfo/colug-432
>
----------------------------------------------------------------------
Jim Wildman, CISSP, RHCE jim at rossberry.com http://www.rossberry.net
"Society in every state is a blessing, but Government, even in its best
state, is a necessary evil; in its worst state, an intolerable one."
Thomas Paine
More information about the colug-432
mailing list