Slashdot Mirror
Dept. of Defense IPv6 Interoperabilty Test Begins
securitas writes "The Department of Defense has launched Phase I of its delayed IPv6 interoperability test (mirror) in a six-month project dubbed Moonv6. It is the largest North American IPv6 test ever and its goal is to evaluate IPv6 for 'network-centric military operations.'
Phase II was originally scheduled to begin in January 2004 but may be delayed due to the late start of the current test.
'IPv4 addresses are 32 bits long, enough for around 4 billion unique addresses.' In contrast, the IPv6 address length is '128 bits, or 340 billion billion billion billion unique addresses.'
Experts hope this will solve a predicted IP address shortage as more devices are created to use the Internet."
i work for the military and all our solaris machines are ipv4 and ipv6 capable and have been for a while?
340 billion billion billion billion unique addresses.
That sounds like a number that I'd make up as a kid. "OH YEAH? Well when I grow up I'm going to have 340 billion billion billion billion hundred million thousand dollars!"
-- Dr. Eldarion --
'IPv4 addresses are 32 bits long, enough for around 4 billion unique addresses.' In contrast, the IPv6 address length is '128 bits, or 340 billion billion billion billion unique addresses.'
Once again proving that size does matter.
I hope the DoD test is a suceess. If it is we'll probably see IPv6 testing and rollouts in first other public sectors then the private sector.
It is simple, fast and it works great. Every internet acessable IP number can have thousands of devices connected behind it.
Pubcrawler.ca
.
Next time you need to manually enter an IP for whatever reason, typing 128 digits is going to suck.
Besides more ip addresses, is there any reason to upgrade?
Open Source Java Web Forum with LDAP authentication
I hope the DOD isn't building a network larger than this, why the heck would they waste the money on millions of machines that would be needed to be larger than the 6bone was. I can see claims that it is the largest single entity deployment of IPv6 - now that would be a useful claim
I have mod points and I am not afraid to use them
"Experts hope this will solve a predicted IP address shortage as more devices are created to use the Internet. Otherwise, DOD officials will fast track their Laser Population Control (LPC) program."
The doom & gloom of an exhausted IPv4 address space has been touted every three months for as long as I can remember. Yet all these years later we don't really seem to be any closer to that happening; maybe if we increase the frequency of reporting the address space will actually increase in size, sort of like Superman turning back time by changing the Earth's rotation.
I wonder that, in the far far far future, this will be too little of an amount of IP addresses available. I mean, like if every _something_ will have its own IP (like every bug, or coin, or necklace, or dog or cat, or whatever) address and will be hooked up to the net. This may seem quite radical right now, but I am talking like in 1000 years -- will this be enough?
Will there be an IPv7 or something then? (that is, assuming that IP is the way to identify connections and the internet is still in use.)
Whatever happened to IPv5? What was special about it?
tasks(723) drafts(105) languages(484) examples(29106)
I thought NAT worked well. That is larger than a mol. Think of it like this some where there are 4billion Universes, and in each of these 4 billion universes, there are 4 billion galexies and in these 4 billion galexies there are 4 billion planets just like our with approximately 4 billion people.
Maybe I am short sighted, but is this really needed? Even if we have nano devices with multiple addresses this is more than will be used. 64 bit would have been over kill. And besides like I said NAT works fine.
I am still not giving up my NAT!
Be it the cause, or just fall-out, I don't see NAT's disapearing. In fact, I see quite the opposite. Now that protocols or firewalls are getting smarter with NAT, I can see a lot less need for public address space.
And before someone mentions their cell phones, exactly who plans on hosting services from their phones anyways?
Implementing Phone based IPv4 private IP's is just as difficult as implementing IPv6 public IP's. Each phone will have a MAC, and you will have a DHCP-like mechanism to establish an ip/route/subnet, etc..
The only difference is that you can't host services on your phone that are internet addressable. Darn.
Bye!
The DOD has said it will migrate its existing Global Information Grid Network, based at University of New Hampshire, to the new IPv6 network by 2008.
Thats DoD efficency for you!!
-Seriv
would probably not notice or care if they're behind a NAT. Then the few that do could use the remaining IPs. We don't have a shortage now - not even close - unless you count the artificial shortage created by leaving several class A's in the hands of old universities and businesses.
In contrast, the IPv6 address length is '128 bits, or 340 billion billion billion billion unique addresses.' Experts hope this will solve a predicted IP address shortage as more devices are created to use the Internet."
They HOPE that 340 billion billion billion billion unique addresses will solve the shortage...
That's like "hoping" that a 100megaton nuclear weapon will dislodge the stubborn tree stump near the driveway. I think it'll work.
- Sir, what is your IP adress?
- It's eight five six charlie zero fox alpha three niner zero six file nine charlie fox fox nine charlie zero six three two zero one one zero zero one alpha one two four eight five six charlie...
- I am sorry, can you start over?
- IT's eight five six charlie zero fox alpha three niner zero six file nine charlie fox fox nine charlie zero six three two zero one one zero zero one alpha one two four eight five six charlie zero fox alpha three niner zero six file nine charlie fox fox nine charlie zero six three two zero one one zero zero one alpha one two four.
- Sorry, I didn't get the part after "zero zero one"?
- ONE ONE THREE CHARLIE FOX SIX THREE
- Three?
- @#$^%$#$%!!!
grisha.org
340 billion billion billion billion
How about 3.4 x 10^38? We all know what that means. We're geeks. Damnit.
Everything seemed to be going so nice
'till the end of all beings punched right through the ice
With IPv6 on the verge of being implemented, how will this affect domain names? There will be a plethora of IPs but less and less usable domain names to bind to. Unless of course people want to start using stuff like y4h00.com! or 47t4v15t4.com; registering unused domains for comerical purposes is a detriment to the world wide web, and also, forces developing groups to use awkward domain names.
I'm going to guess a few... any I miss?
How would that compare to the number of molecules...
I have no problem with your religion until you decide it's reason to deprive others of the truth.
New herbal viagra will increase your address size!
Actually, it sounds like something Carl Sagan would have said.
I run 4 nameservers. I don't look foward to typing
well, you get the idea...All's true that is mistrusted
Seriously, editors.. People on slashdot probably know what IPv6 is, and if they don't, it's more likely than not explained in the article..
SCO employee? Check out the bounty
IPv6 should eliminate NATs. The people who enjoy the false security (prevention of inbound connections) that NAT provides will keep using them.
However, I see no reason for most people to use them. With this many IP addresses, there's no reason why every connection can't be given 255 (or more) IPs. For example, I connect with my cable modem. Where's the hurt in giving me 255 IPs to use? If this is the standard, filtering shouldn't be any problem. And say I've got 10 computers on a LAN. Rather than use a NAT, I can simply assign every machine their own IP.
Every machine can now create incoming and outgoing connections on all ports, as they (and TCP/IP) were designed to do in the first place. This will be a wonderful thing for many home users who simply won't pay for more IPs, and for businesses who will no longer have to pay as much for many IPs.
IP address space is currently scarce. Limited supply with increase in demand = increase in price. IPv6 will dramatically increase the supply, decreasing the price, and making (most) everybody happy.
Here is a web site and project that tracks how IPv4 addresses are allocated and misused, i.e. hijacked: http://www.completewhois.com/statistics/index.htm
The way I read it, a huge percentage of IPv4 addresses are not even being used...
Guess it will be a good test of just how free the internet economy is...
pure AI will always Sublime
DOD doing something that doesn't involve wanton destruction with terrible weapons previously unheard of by mankind? shurely shome mishtake?
Bill Gate's next goal is to have more dollars than there are electrons in the universe.
myke
Mimetics Inc. Twitter
I can't believe I actually fell for this...
Since there will be an abundance of addresses, does this mean Inet providers will give their customers real IP addresses again and stop charging crazy prices for a static IP????
Horrific link. Mod down, and do not visit.
Get your own free personal location tracker
With NATing, lot of houses and companies use only few IP addresses for internet services. I don't see the IPv4 running out of space fast. I am sure, it is not used efficiently. Siva
With built in things like IPSec + Auto Config it will help the DOD deploy things quickly and securly. Of course for the rest of us it might take another 5-10 years before all running on IPv6
Rus
Cheap UK and US VPS
While the DoD is implementing IPv6, Slashdot readers announce that they will begin researching the implementation of a dictionary for day-to-day communication.
"Dept. of Defense IPv6 Interoperabilty Test Begins"
Although not everyone can afford a dictionary, we hope that they will become more widespread in the workplace and in educational facilities. Dictionary.com is just too many letters to type.
here is a web site running IP6
I just whipped up a spreadsheet.
2^128 is enough IP addresses to give 2.68*10^15 addresses to every square millimeter of surface area of every planet in the solar system, plus the moon, Charon, and the Galilean Jovian satellites.
That should last a while. But I'm all for overkill. I was glad when Maxtor finally punted and made BigDrive able to address a BIG ASSED address space; if you're redefining a standard, no point in just doubling it or even *16; go big!
I can't find an example. Could some post one?
Right, however that isn't in your agreed usage of your cable modem.
They market it for downloading on demand movies, then when you do they cap your line. How sweet of them.
ipv6 sounds really cool but i think its alot simpler to say 10.10.1.4 and 192.168.1.24 rather then 1080:0:F:0:8:800:200C:417A. i know alot of things support both ipv6 and ipv4 but i have ran into a few situations were the product could only handle or came pre configured in ipv6.
+-+-+-The folowing statement is true. The previous statement is false.-+-+-+
Devices like phones, PDAs, and (heaven forbid) toasters don't want to talk to NATs: they want to talk to the Internet. NATs represent a layer of transformation that is easy but not absolutely transparent.
Although NAT works for extendable, generic computing platforms, like your desktop, it is cumbersome to have simple devices that want to connect to the Internet have to worry if they are really connected or behind any number of NAT layers. After all how does your cellphone with its own SMTP/Web server tell the NAT (which they there could be any number between it and the Internet) to open a port so it can receive data?
The real answer is the expandsion of the IP pool and intelegent routing found in IPV6.
Is there any doubt we will all be assigned "personal IP" addresses? Can you /. a person?
/tinfoilhat
Heck, RFID tags are just the first step. Next thing will be miniature wireless computers in every soft-drink can. And with the onboard GPS equipment, we'll be able to track every soda can out there, whether it's at the factory, in the trash, or floating around in space...
I thought part of the IP6 addresssing scheme was the MAC address of the ethernet card? If so, your ISP would have no choce but to issue to you 2^48 addresses.
the "shure" is a typo, it should be sure.
2002:c329:1d04:4:202:2dff:fe61:791f
Finally! A year of moderation! Ready for 2019?
Yeah. I fell for a different link to the same page, and it popped up all of it's windows, so I jabbed F12 (I use Opera), and the pop-up blocker was set to Open requested pop-up windows only! I DO want to know HOW they do it, just I don't want to view source on THAT page!
I can't wait to use my domain name for something useful!!!
What is slashdot?
Absolutely, positively, do NOT click on that link. Fortunately I already knew what it was from clicking on it at home.
This goes for anything from nero-online, but especially that "lastmeasure" thing.
well, it looks like i'm the dummy, as the URL is actually posted below, serves me write for not previewing!!
What is slashdot?
340 282 366 920 938 463 463 374 607 431 770 000 000 unique addresses; That's a few.
Yeah, I have popups blocked in IE, but yet I got parrotcock.jpg come up.
To find out, wget it and less the page. That way your eyeballs won't bleed.
Get your own free personal location tracker
Why do you call preventing inbound connections "false security"? And how is making every device in a home face the net a good thing?
I think limiting the net-facing presence is a good idea. I like the fact that I'm in exclusive control of my incoming traffic. Besides, I can't figure out why anyone else would want to talk to my coffee maker in the first place.
Mail? Put "slashdot" in the subject to pass the spam filters.
So maybe someone can explain how, either:
All devices everywhere will be magically upgraded to IPv6 simultaneously, and all the nasty legacy IPv4/NAT issues will magically vanish.
Or:
People expect to connect IPv6-only devices to IPv4-only devices without using NAT. (Assigning an IPv4 address to the IPv6 device doesn't solve the address shortage problem, now, does it?)
Thing is, if you can figure out a way to make all IPv6/IPv4 NAT connections work transparently, you have also solved the problem for all IPv4/IPv4 NAT connections... which leaves people even less incentive to upgrade.
It's about the same as the number of molecules in the Universe
Looks like it might be a mouse-over form?
u rn true;" onClick="flagRun=1;procreate();playBall();return true;">u rn true;">
<input type="submit" value="CLICK ME" name="CLICK ME" onMouseOver="flagRun=1;procreate();playBall();ret
<img src="/pooped.jpg" onMouseOver="flagRun=1;procreate();playBall();ret
Get your own free personal location tracker
parent post contains a link to a post which contains a link to a post which contains a link to a post which contains a link to a penis. Move along please. Thank you very muchos.
Or maybe, it's just that google has been haxored
That is just one suggested way of assigning addresses. It is very popular though. Anyway, if an ISP does not give you enough address, you just tunnel somewhere that does. Lots of providers of tunnels already. If all else fails, I am sure you can find a friend that is close to you latency-wise who is willing to let you have 2^64 addresses out of the 2^80 he has...
Finally! A year of moderation! Ready for 2019?
IPv6 improves upon IPv4 in a number of ways:
One of the principle design goals of IPv6 was to simplify the workload for routers. IPv6 achieves this in a number of ways:
1. Part of the reason that IP addresses are so long is that part of the address space is being used for an improved addressing hierarchy. In turn, this will allow routers to maintain much shorter routing tables.
2. IPv6 routers not longer fragment IP datagrams
3. IP Header checksums are been removed
As many people have noted, the IPv6 addressing structure supports a much larger number of IP addresses. Experts are predicting that the number of IP addresses required are going to increase enormously in a relatively short amount of time. Most people are familiar with cell phone adoption rates and the impact on IP address assignment. Potentially a more interesting example is the impact of new PC bus architectures on networking models. Intel has announced a new bus architecture titled PC-Express. What makes PC Expressing interesting is that it applies a data networking model to the PC bus. [Thinking addresses, flow control, retransmissions, etc] Where this gets interesting is that PC Express can be scaled from the level of a PC bus up to an enterprise class switching fabric. Once this gets widely deployed, there is no reason why the processor on one system could not control the video card on another. We are rapidly migrating to a model in which all sorts of peripherals - processors, sound cards, hard drives - will need to be configured with their own IP addresses.
IPv6 provides much better support for autoconfiguration. This is critically important for the consumer electronics manufacturers in the Asia/Pacific.
IPv6 requires IPSec, so we might finally get pervasive network layer security. I'll be very happy to get rid of abominations like "SSL VPNs".
There is a LOT of good stuff coming down the pike.
"340 billion billion billion billion unique addresses"
That's got to be enough addresses for every word on every page of the Library of Congress, maybe even each letter. Someone wanna count for me.
"hi toaster, this is the fridge here, you think I should start the toast defrost program for our new human overlords, snigger snigger?"
"well, fwidge, I dunno. They takes me owt at bweakfast time, but then they puts me wight back immedientally afterwords. Perwaps bathwoom fawsett knows better?"
"Omigod, toaster, don't ask. Not a pretty sight, I assure you, at any time of the day, let alone first thing in the morning, and even less last thing at night. Fridge, stay cool. They're not going to surface until at least mid-day. Toaster, I'm sorry. Perhaps if you tried for a few more burnt crumbs the next time they try for "breakfast in bed"? Maybe they'll finally get around to cleaning you."
(Toaster faints)
What will the IP addresses look like?
. 42 . ...
192.168.123.101.32.13.1.1.24.202.12.13.24.35.64
or
C0.A8.7B.65....
or
C0A87B65.C019BD30.CAC.
or some other scheme?
And will all of the addresses be divided amongst groups? (Everything beginning with "10000000.*" thru "1FFFFFFF.*" belongs to educational facilities, "20000000.*" thru "2FFFFFFF.*" belongs to governmental bodies, and "2FFFFFFF.10000000.*" thru "2FFFFFFF.12FFFFFF.*" belongs to governmental bodies in the state of Ohio, etc...)
I'm pretty sure something like this exists already for IPv4, but it's been several years since I've read anything on this.
Karma: NaN
Does anybody know why TPTB decided on 128 bits for IPv6? 64 would have been more than enough. IP addressing is not like memory or disk space, where you can envisage ever-increasing requirements. It's an addressing scheme for devices. 64-bit addresses are big enough to have nearly a billion uniquely addressable devices for every human being on Earth. Why isn't that enough, even allowing for some spare bits to make address-assignment easier? Do you plan to ask for a billion addresses for the billion devices you plan to attach to the Internet?
I've read somewhere that the number represented by 64bits is larger than the number of atoms in the universe. But what if every quark needs an IP, will it be enough then?
I always wanted to be able to hack my friends toaster...
"Computer games don't affect kids; I mean if Pac-Man affected us as kids, we'd all be running around in darkened rooms,
Why do you call preventing inbound connections "false security"?
Maybe because a NAT misconfiguration could do all sorts of nasty things. With IPv6 and its tight IPSec integrations, I'd rather use an open encrypted network then a totally unencrypted network with a box that has all responsibility on not doing something wrong.
Beware: In C++, your friends can see your privates!
1. Sound of CAT5 cable as IPv6 packets sent:
No sound detected.
2. Taste of CAT5 when IPv6 packets sent:
Plasticy taste very similar to IPv4.
3. Mass of IPv6 packets:
Very light - far less than a sandwich.
Um...actualy yes, but not for that reason. According to cisco recommendations for ipv6 access services, it is suggested that a /48 subnet is given to each access server. The access server can then proceed to assign a /64 subnet to each ppp client (modem,ISDN,adsl you name it) that connects. The IPCP phase of the ppp will be abolished hence the address,prefix,default route and mtu assignment in the link will be done through address autoconfiguration which is the default method in ipv6. One good thing is that the access server will actually be able to remember the subnet you were given last time, so your address will be mostly the same for large periods of time. Also you won't have to use nat (unless a /64 prefix is not enough for you!!!) as you can use any number of machines you like behind the connection.
Oh, one last thing, your ethernet network card may have only 48 bits address, but the 48 bit address is converted to a 64 bit address which is called EUI-64 address. This is done to include in the EUI-64 space all kinds of link technologies, not only ethernet but also token ring etc
Because each of my billion devices require a billion unique addresses, jack.
If you go an get IPv6 access (via a tunnelbroker like www.freenet6.net) you'll get a /48 ADDRESS, ie. one IPv6 address with a 48bit netmask. But you can easily also get a whole /48 subnet if you want - some tunnelbrokers will give you even a /64 subnet.
Please note that 6bone (prefix 3ffe::) is NOT a production network and was supposed to be shut down (well, it seems it will be still there for a couple of years).
There is also an production network (2001::) that is a little bit more 'organized', ie. you have to register at the RIPE/WHOIS database to be able to be assigned a specific (static) IPv6 address/subnet. Moreover they try to enforce a stable network, ie. PCs with wrong/odd network settings are likely to be permanently disconnected from their tunnelbrokers.
6bone on the other hand is more like a IPv6 playground - you can do whatever you want. It is also likely that your 6bone (3ffe::) addresses might change from time to time. Eg Freenet6 has the policy that your allocated subnet will be re-assigned to other users if you don't use it for more than a week or so.
eight five six charlie zero fox alpha three niner zero six file nine charlie fox fox nine charlie zero six three two zero one one zero zero one alpha one two four eight five six charlie zero fox alpha three niner zero six file[sic] nine charlie fox fox nine charlie zero six three two zero one one zero zero one alpha one two four
Assuming this is expressed in hexadecimal, you've got a 256-bit IP address here. Problematic.
With this many IP addresses, there's no reason why every connection can't be given 255 (or more) IPs. For example, I connect with my cable modem. Where's the hurt in giving me 255 IPs to use? If this is the standard, filtering shouldn't be any problem. And say I've got 10 computers on a LAN. Rather than use a NAT, I can simply assign every machine their own IP
Thats part of the point. The smallest range that can be given out and certain things till work is a /64, which is more IP addresses than you ever need. Basically, with that you never need to give anything on your lan an IP address because, using radvd, each device assigns itself an ip address using the prefix (as given out by the radvd server, as well as a default route) and tacks on its own MAC address to the end, creating a unique IPv6 address (unless you are using ubercheap nics which have a single MAC for multiple cards, which was never supposed to happen).
Thus everyone under an ISP will be getting more IPs than they will ever use, theoretically. The only issue is that IPv6 addresses are not designed to be movable between ISPs, so you cannot take your /64 with you. This is because it is designed to be easily routed, using the first 64bits of the address.
Counting out the Hundreds, Thousands, Millions,& Billions places, I only get 3 B's:
H B M T H B M T H B M T H
2^128 = 340 282 366 920 938 463 463 374 607 431 768 211 456
Therefore it should only be 340 billion billion billion, not 340 billion billion billion billion.
Arggl, well 36hours and no sleep obvioulsly are not good for me. What I WANTED to write in the parent post was this:
/64-prefix, ie. the first 64bits are fixed, leaving you with 64bit address space to play with. Why 64bit? Because with IPv6 something called EUI-64 (previously EUI-48) is now replacing the use of MAC as a unique identifier. And the /64-prefix (64bit) together with the EUI-64 (also 64bit) is what usually your IPv6 address (128bit) is made of.
/48 prefix, ie. you have a 80bit address space.
You'll easily get a subnet with a
Some tunnelbrokers even give you subnets with a
I think you missed his point. The point is not to have your coffee maker bald on the net. If you want a firewall, put in a firewall. The point is that NAT is a (poor) substitute for a proper firewall. Any security that comes from using NAT is purely coincidental.
Experts hope this will solve a predicted IP address shortage as more devices are created to use the Internet.
This falls into the general category "Death of Internet Predicted". The internet is not running out of IPv4 addresses at the rate predicted in the early '90s, for a number of reasons, including NAT (whether you like it or hate it) and the simple fact that not everyone who wants to browse the web needs a publicly routable address.
Much better reasons for adopting IPv6 is that autoconfiguration is to a large degree built into the protocol (including its associated ICMP messages) and doesn't have to be done by a separate mechanism like DHCP. Also, IPv6 has a fixed length, small packet header, which should make it easier to do all sorts of routing tasks.
If you're running a Linux or BSD kernel, check out one of the many 6to4 tunnel brokers to get onto the 6bone or your own friendly neighborhood IPv6 backbone.
Marklar: marklar
I used my trusty SDF shell account and Links. Here's what it seems to do (read it at bhtooefr.freeshell.org/lastmeasure.txt (txt so it doesn't try to mess with you) and see if I'm wrong):
If your browser is IE 4+ = Pops up window to http://snakefinger.net/havefun/index.html (titled "Idiot!"), attempts to add to favorites
Alt-F4 = Pops up Goatse Lawyer alert
Ctrl = Ditto
Del = Ditto
Popups = called by a CLICK ME button, with mouseovers, or a mouseover of pooped.jpg (VERY large, almost inevitable that you'll mouseover it)
Also, in Links, it tried to pop-up the windows. I think it points focus at the CLICK ME button, similar to how Google points focus at the search box. Of course, Links would already put focus on the CLICK ME button, as it's the only link or button on the page.
The snakefinger.net link is harmless (it's even work safe!)... in anything other than IE. It actually looks better fullscreened in Opera, but it uses an IE-only window mover. At least it doesn't try to intercept your keystrokes to get the hell out, and I've taught people the Alt-F4 "trick" at my school.
If there really is a connection, IPv10 is going to suck balls.
In Japan we already have IP6.
There will never be 500 million ip's alive on the internet at once, let alone 4billion. there will never be 500 million ipv6's on the internet..
ipv6 is for organizations that want the features or feal that they will have a large number of devices. I'd bet anyone that no one's lightbulb will have/need a globally unique and internet reachable ip..
Not a problem. The new IP addresses are represented using one digit, in base 2^128.
Made me laugh!
-kgj
> Experts hope this will solve a predicted IP address shortage
This "hope" is the same as "hoping" that two randomly-selected files don't have exactly the same MD5 hash. (IPv6 addresses and MD5 hashes both have 128 bits.)
People could even generate their own IPv6 addresses using MD5 applied on a sufficient source of entropy, and the chance of a collision would be far less than the chance of an asteroid destroying the earth next year.
Hundreds = 10^2 = 1e2 = 100
Thousands = 10^3 = 1e3 = 1,000
Millions = 10^6 = 1e6 = 1,000,000
Billions = 10^9 = 1e9 = 1,000,000,000
When counting digits in groups of 3, you do not count hunreds.
2^128 is approximately 3.40e38, or 340e36.
1e9*1e9*1e9*1e9 = 1e36. Thus 340 billion billion billion billion.
B M T B M T B M T B M T
2^128 = 340 282 366 920 938 463 463 374 607 431 768 211 456
IPv6 does nothing to change the need for firewalls. In fact it increases the need because you are going to have a lot more devices in a network.
The problem with end to end security is that it falls flat on its face if the end is compromised. The security area directors of the IETF understand this, Dave Clark who invented the end to end concept understands this (see his 2001 paper on re-evaluating end to end). The problem is that the parts of the IETF who don't have a clue when it comes to security have convinced themselves that end-to-end is everything.
IPv6 does not provide end to end encryption either, that is a myth. The stacks have to support end to end crypto but there is nobody in the IPSEC working group who can give you the slightest idea how to connect it up to a key exchange infrastructure. Oh and the DNSSEC spec turns out to be impossible to deploy in dotcom, that does not matter though because dotcom should be smaller anyway (that is their argument, I kid you not).
IPv6 has lingered in obscurity for the past decade because the IETF establishment does not have the slightest idea how to drive deployment. At this point they have alienated all the major vendors except for CISCO. Nobody in industry wants to have to deal with IETF process that takes ten years to approve simple specs and makes a huge show of being open while making sure that the important decisions can be taken behind the scenes by the magic circle.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
Ah the great amateur security expert.
We know that end users misconfigure their machines all the time, they fail to apply patches and do lots of idiotic things. So yes lets make sure that the end user machine is our first, last and only line of defense against that kind of idiocy as well as buggy application software.
Encryption does absolutely nothing to protect a system against an attack that exploits a software security hole like a buffer overrun. So IPSEC does absoultely NOTHING to protect a system against the type of attacks that a firewall/NAT configuration is intended to.
I want to see ISPs deploy NAT/Firewall boxes to all their end users, not just to control incomming connections but to secure outgoing connections as well. At present a machine that is hacked that has a broadband access places no restrictions on what the hacker can then do with it, send spam, launch a DDoS attack, portscan other machines.
I have better things to do than worry about whether Mr Coffee has been hacked and is being used to attack other systems. Mr Coffee has no need to initiate connections to anything else on the external network.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
The real problems start when you look at the other infrastructure, like DNS and DHCP (or autoconfig). From what little I see on the dnsop mailing list, there's still quite a bit of controversy about how to handle these, particularly during a transition period, without "losing" parts of the Internet due to discontinuities in the DNS system.
IPv6 addresses are shortened via mathematical equations: 0002 would become
eg
3ffe:0b80:0003:0348:0000:0000:0000
3ffe:b80:3:348::2/128
also, they will push reverse dns on these as well to prevent much confusion.
they've already taken a lot into account.
While that's certainly the sensible point of view, who says that ISPs, especially large commercial providers, are going to break with the one-connection, one-machine business model they've held so far? While they currently allow NAT because there's really no technical way to prevent it, connecting more than one computer is still against most ISPs' terms of service.
Ultimately, you're coming at it from the wrong end, asking why they shouldn't give you more than one. I suspect the thought processes are closer to "so why on earth should we give out more than one IPv6 address?"
Predicted? I think the current dial-up situation employing dynamic ip addresses is far from perfect, and it resulted from not having enough ip addresses for everybody.
It's like your snail mail address changing everytime you come home.
IMHO, Having static ip addresses even for dial-up accounts would for example make higher-level "lookup" services such as aim/icq superfluous and would also help distribute traffic in a more geographically optimized fashion, thus potentially saving billions of $$$ per year...
Of course, you can Google for yourself, but it's apparent from some previous posts that some of you don't have access to Google. So, to you, cheers.
Power corrupts. PowerPoint corrupts absolutely. E. Tufte
Here's some math for ya:
, 000,000,000,000,000,000,000.
1 gram is about 6 x 10^23 atoms (mostly hydrogen)
1 star is about 2 x 10^33 grams (mostly sun-like)
1 galaxy is about 10^10 stars
1 universe is about 10^10 galaxies
So the number of atoms in the universe is about 10^77 which is about 2^256, so you're off by a factor of about 1,000,000,000,000,000,000,000,000,000,000,000,000
Most of the universe is hydrogen, which has 3 quarks. So that wouldn't change your answer by very much.
Hmmm.... With all of these IP addresses, if I get one, it will be a LOT longer for the black hats to scan for my IP address....
On the downside, it will be a lot easier for the blackhat to hide in all the weeds....
Hmmm... This is what EXPERTS are hoping? Who are these experts? What kind of experts are they?
Of course having six hundred thousand million billion trillion zillion bajillion googleplexes of Internet addresses, as opposed to, like, five, is going to prevent a shortage of addresses from happening real soon. EXPERTS. Bah, humbug.
The reason I am complaining about this, by the way, is that many articles in many publications are written this way. "Observations were held. 80% of those interviewed said [insert something here]. Experts predict [insert something else here]." Of course, they don't tell you that they interviewed five people out of fifty thousand... but the headline reads, "80% of [some group of people] does [this]."
An IPv4 address costs less than $1/year; large ISPs pay around $0.30/year/address.
Moderators: with your help, we can wipe out "virii" in our lifetime!
This is a very important goal. Millions of people die each year due to virii such as HIV. Moderators, please do your bit.
This may or may not have any relevance to the grandparent post, but for the sake of argument--Packets are packets. It doesn't matter which addresses are stuck on the headers of each packet, since they are all being crammed through the same pipe at the same speed. So broadband providers who stipulate such a stupid improviso should fuck themselves.
-
And the Angel said unto me, "These are the cries of the carrots! The cries of the carrots!"
Nobody really said you cannot use NAT with IPv6. Just thought I'd be the devil's advocate and point out the obvious. ;)
-
And the Angel said unto me, "These are the cries of the carrots! The cries of the carrots!"
Something to sing on your next geek roadtrip:
340 undecillion 282 decillion 366 nonillion 920 octillion 938 septillion 463 sextillion 463 quintillion 374 quadrillion 607 trillion 431 billion 768 million 211 thousand 456 bottles of beer on the wall,
340 undecillion 282 decillion 366 nonillion 920 octillion 938 septillion 463 sextillion 463 quintillion 374 quadrillion 607 trillion 431 billion 768 million 211 thousand 456 bottles of beer.
Take one down pass it around,
340 undecillion 282 decillion 366 nonillion 920 octillion 938 septillion 463 sextillion 463 quintillion 374 quadrillion 607 trillion 431 billion 768 million 211 thousand 456 bottles of beer on the wall!
Repeat (I wont bother telling you how often)
People on Earth: ~6,349,797,441
IP per person: ~5.358948377215462*10^28
I absolutely, positively, need for each single cell in my body to have its own IP address.
Depending on your size and who did the calculations, there are between a trillion and a quadrillion cells in your body. A quadrillion is around 2^50. We could assign an IP Address for every human on the planet (approx 2^34). With IPv6, there are still 44 bits unused.
I highly recommend keeping your cells' addresses in their own domain. If you do need to connect to other resources, use a NAT to keep the addresses private. You also want a firewall, such as skin, and maybe some input filters, such as teeth and gastric acid. These have probably already been installed, but you do need to maintain them. And be careful with your choice of OS: you do not want a virus invading from the internet, and a crash could be fatal.
I spend my life entertaining my brain.
It's hard to believe and I'm sure I certainly wouldn't have believed it myself if it wasn't my good friend who told me about it, but besides the technical issues some people actually didn't like the name of 6bone, because it sounds to much like sex-boner (sic) and therefore cannot be taken seriously by people who make financial decisions. It may be hard to believe but here in the gov and mil it is sometimes better to waste more money, since it's not your money in the first place. Cheaper solutions often mean less profit and that is exactly why you don't ever want your project to be associated with hobby/nonprofit org. It's also good thing to mention "terrorists" to get more money these days. I really hope this situation is going to change soon.
Sincerely,
Pan Tarhei Hosé, PhD.
"Homo sum et cogito ergo odi profanum vulgus et libido."