Slashdot Mirror

← Back to Stories (view on slashdot.org)

World IPv6 Launch Day Underway

Posted by Unknown on from the it's-finally-1999 dept.

A number of readers have written in with stories related to today's permanent rollout of IPv6 by several major organizations. From the looks of it, for the 1% or so of end users with IPv6 support, everything is going smoothly. For those not so lucky to have IPv6 already, an anonymous reader writes with (mostly) good news: 60% of ISPs intend to enable IPv6 by the end of 2012. For business users, darthcamaro provides some words of caution: "...the Chief Security Officer of VeriSign doesn't think IPv6 should be turned on by a whole lot of people. The problem is network security devices in many cases don't scan IPv6. So if you turn IPv6 on, you're screwed. 'If you don't have that visibility into IPv6, you should probably consider explicitly disabling IPv6 on your systems until you can take a very concerted approach to enabling IPv6 in a secure manner,' McPherson said."

7 of 236 comments (clear)

  1. Verisign != Verisign by tepples · · Score: 5, Informative

    This is Verisign the operator of the .com and .net registry, not the other Verisign the certificate racket. The CA business was sold to Symantec in August of 2010. So don't mix this up with the recent news about the $99 fee to get your signed with the UEFI key that will be preloaded on every Windows 8-certified PC motherboard; that's all VeriNorton.

  2. Re:It will be a pain in the ass to remember... by pe1rxq · · Score: 5, Informative

    Google for this thing called 'DNS' it has been around for a while....

    --
    Secure messaging: http://quickmsg.vreeken.net/
  3. Re:I am the 1% by pe1rxq · · Score: 1, Informative

    No you are not... at most you are the 0.5% with IPv6, I have it to!

    --
    Secure messaging: http://quickmsg.vreeken.net/
  4. REally.... by Lumpy · · Score: 3, Informative

    "The problem is network security devices in many cases don't scan IPv6. So if you turn IPv6 on, you're screwed."

    Funny, The ones here do. In fact the last firebox update said it covered ipV6.

    What out of date garbage are people running out there that will not scan ipV6?

    --
    Do not look at laser with remaining good eye.
  5. Re:It will be a pain in the ass to remember... by DarkOx · · Score: 5, Informative

    You have many options, DHCP6, you don't have to use autoconfigure you can still assign all nice consecutive address to each machine if you like. Setup DNS that actually works and use the host names. Best yet and actually probably the easiest to do and still be secure both (dhcp6 server can do the DNS updates so the hosts don't need to).

    This is not that difficult, and if you think it is you are in the wrong industry.

    --
    Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
  6. Re:It will be a pain in the ass to remember... by daniel23 · · Score: 5, Informative

    This is IPv6 Launch day. He needs to go to 2a00:1450:4016:801::1000

    --
    605413? Yes, it's a prime.
  7. Re:It will be a pain in the ass to remember... by IAN · · Score: 5, Informative

    Doing a reverse lookup for every goddamn IP I ever see would be completely impractical.

    Hyperbole much? Recognizing IPv6 addresses is not that different from recognizing IPv4 ones, especially if you assign local parts manually, which you should do for the servers instead of relying on autoconfiguration, for reasons which should be obvious. So, 2001:db8:0:1001::4 is...?

    • 2001:db8::/32 is your organization's prefix. You're supposed to know it by heart.
    • 0:1001 is, say, Accounting. You know your network's addressing plan, right?
    • ::4 is their print server.

    With a bit of practice, parsing the IPv6 addresses you deal with frequently will become second nature. If it doesn't, then maybe you're not such a hot network admin.