[Dshield] IPv6 support?
Valdis.Kletnieks at vt.edu
Tue Apr 18 22:15:14 GMT 2006
On Tue, 18 Apr 2006 14:39:56 EDT, "Johannes B. Ullrich" said:
> IPv6 will require a very different data structure then IPv4 to do it
> right. Its more difficult then just expanding the address size (and even
> thats not that easy).
Amen to that. ff02:: and fe80:: are going to be pains, and 6-in-4
addresses for ffff:: are going to suck too...
> One big problem is that I don't really have any good sample data to show
> what regular vs. abnormal IPv6 traffic looks like in iptables. Does
> anybody have such samples? Maybe there is a simple "first cut" I could
> do. But at this point: who would submit data?
Well, here's what a 2.6.17-rc1-mm3 kernel says about an attempted telnet into
Apr 18 17:20:15 turing-police kernel: IN=eth3 OUT= MAC=00:06:5b:ea:8e:4e:00:0f:35:3e:d4:1a:86:dd SRC=2001:0468:0c80:2105:0211:43ff:feda:d769 DST=2001:0468:0c80:2103:0206:5bff:feea:8e4e LEN=80 TC=0 HOPLIMIT=63 FLOWLBL=0 PROTO=TCP SPT=57664 DPT=23 WINDOW=5760 RES=0x00 SYN URGP=0
That's what basically any 2.6.16 or later will show...
(For those who care, my laptop has interfaces:
eth3 Link encap:Ethernet HWaddr 00:06:5B:EA:8E:4E
inet addr:188.8.131.52 Bcast:184.108.40.206 Mask:255.255.252.0
inet6 addr: 2001:468:c80:2103:206:5bff:feea:8e4e/64 Scope:Global
inet6 addr: fe80::206:5bff:feea:8e4e/64 Scope:Link
eth5 Link encap:Ethernet HWaddr 00:02:2D:5C:11:48
inet addr:220.127.116.11 Bcast:18.104.22.168 Mask:255.255.255.0
inet6 addr: 2001:468:c80:2181:202:2dff:fe5c:1148/64 Scope:Global
inet6 addr: fe80::202:2dff:fe5c:1148/64 Scope:Link
Yes, we support IPv6 on the wireless network (eth5).. ;)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/list/attachments/20060418/e2069341/attachment.bin
More information about the list