krakow workshop extra exercises ipv6 workshop krakow may 2012 carlos friaças, fccn [email protected]...
TRANSCRIPT
Krakow Workshop Extra Exercises
IPv6 workshop KrakowMay 2012
Carlos Friaças, [email protected] De Ghein, [email protected]
Verify the existence of IPv6 in own laptops/devices Verify existing IPv6 addresses, with:
«ipconfig» (Windows) «ifconfig» (Linux)
Identify default gateway(s) IPv6, if they are available, using: «ipconfig» (Windows) «route –A inet6» (Linux)
Goal:Identify IPv6 inside an operating system
Addressing #1
Addressing #2IPv6 Address Syntax Check (Yes/No)
2001:DB8::15 2001:6GA:8000:4000:2000:1000:1:2 2002:C189:36:78A::2 2A01:498:5555:7I99:2345:0911:1122:909 2003:4000:AAAA:CAFE:7:6:8 AAAA:BBBB:0000:2001:192:168:0000:1 2004:BFA:3999::1FFF::2:3 2600::4444 FE80::213:C4FF:FED2:E619 2A01::3333:OOOO:F
Goal:Discuss IPv6 address syntax rules
Addressing #3Using the WHOIS tool on the trainer’s linux
server, find out which organizations own the following IPv6 address blocks:
2001:420::/32 2001:4D0::/32 2A01:1000::/21 2A00:1450::/32 2A02:26F0::/32
Syntax: /usr/bin/whois –h whois.<RIR>.net <NETWORK>
RIRs = {RIPE|ARIN|APNIC|LACNIC|AFRINIC}
Goal:Identify IPv6 address space owners
note: some databases don’t accept «/32»
DNS #1
Using the DIG tool (login to the trainer’s linux server, using SSH), check which domains are supported in IPv6-enabled nameservers (look for NS – nameserver - records):cnn.com nobelprize.orggoogle.com twitter.comfacebook.com amazon.comwikipedia.org nasa.gov6deploy.eu apple.comafrinic.net microsoft.com
Syntax: dig @resolver <domain> NS
Goal:Check reachability of domains from the IPv6 Internet
DNS #2
From the 27 EU countries, how many have their national domain (ccTLD) supported at least by one IPv6 reachable nameserver? AT, BE, BG, CY, CZ, DE, DK, EE, ES, FI, FR, GR, HU, IE, IT, MT, LT, LU, LV, NL, PL, PT, RO, SE, SI, SK, UK
Syntax: dig <cctld> ns
Goal:Check if a given domain is being supported by an IPv6 compatible DNS nameserver.
DNS #3
Measure with the dig tool, from your group’s server, the query time of the root zone nameservers, over IPv4 and IPv6:Syntax: dig -4 @[A-M].root-servers.net . soa dig -6 @[A-M].root-servers.net . soa
Goal:Analyze and compare the query time (IPv4/IPv6) of DNS nameservers
Management #1
Use a SSH client to establish a remote session over IPv6 on the trainer’s linux server
Check the address of the connection’s originating system, through: «/usr/bin/who am i»
Goal:Check the origin of a SSH connection established over IPv6
Management #2
Retrieve management info from equipments (routers) through the «6deployinfo» community, and the snmpget command•<community>: 6deployinfo•<ipv6 address>: 2001:DB8:1F00:1::1 and 2001:DB8:1F00:1::2•<object>: sysDescr.0 and sysName.0
Syntax: snmpget –v 2c –c <community> udp6:[ipv6 address]
<object>
Goal:Check that it’s possible to obtain management information through IPv6.
Security #1
Use NMAP tool (nmap.org)• Analyze ports/services opened both on IPv4
and IPv6 on the trainer’s Linux serverUsing Localhost addresses:
nmap 127.0.0.1nmap -6 ::1
Using Global addresses: (find addresses with ifconfig)
nmap <ipv4_address>nmap -6 <ipv6_address>
Goal:Diagnose open ports, able to receive connections on a system
Questions
11