Krakow Workshop Extra Exercises

IPv6 workshop KrakowMay 2012

Carlos Friaças, FCCNcfriacas@fccn.ptLuc De Ghein, CISCOldeghein@cisco.com

Verify the existence of IPv6 in own laptops/devices Verify existing IPv6 addresses, with:

«ipconfig» (Windows) «ifconfig» (Linux)

Identify default gateway(s) IPv6, if they are available, using: «ipconfig» (Windows) «route –A inet6» (Linux)

Goal:Identify IPv6 inside an operating system

Addressing #1

Addressing #2IPv6 Address Syntax Check (Yes/No)

2001:DB8::15 2001:6GA:8000:4000:2000:1000:1:2 2002:C189:36:78A::2 2A01:498:5555:7I99:2345:0911:1122:909 2003:4000:AAAA:CAFE:7:6:8 AAAA:BBBB:0000:2001:192:168:0000:1 2004:BFA:3999::1FFF::2:3 2600::4444 FE80::213:C4FF:FED2:E619 2A01::3333:OOOO:F

Goal:Discuss IPv6 address syntax rules

Addressing #3Using the WHOIS tool on the trainer’s linux

server, find out which organizations own the following IPv6 address blocks:

2001:420::/32 2001:4D0::/32 2A01:1000::/21 2A00:1450::/32 2A02:26F0::/32

Syntax: /usr/bin/whois –h whois.<RIR>.net <NETWORK>

RIRs = {RIPE|ARIN|APNIC|LACNIC|AFRINIC}

Goal:Identify IPv6 address space owners

note: some databases don’t accept «/32»

DNS #1

Using the DIG tool (login to the trainer’s linux server, using SSH), check which domains are supported in IPv6-enabled nameservers (look for NS – nameserver - records):cnn.com nobelprize.orggoogle.com twitter.comfacebook.com amazon.comwikipedia.org nasa.gov6deploy.eu apple.comafrinic.net microsoft.com

Syntax: dig @resolver <domain> NS

Goal:Check reachability of domains from the IPv6 Internet

DNS #2

From the 27 EU countries, how many have their national domain (ccTLD) supported at least by one IPv6 reachable nameserver? AT, BE, BG, CY, CZ, DE, DK, EE, ES, FI, FR, GR, HU, IE, IT, MT, LT, LU, LV, NL, PL, PT, RO, SE, SI, SK, UK

Syntax: dig <cctld> ns

Goal:Check if a given domain is being supported by an IPv6 compatible DNS nameserver.

DNS #3

Measure with the dig tool, from your group’s server, the query time of the root zone nameservers, over IPv4 and IPv6:Syntax: dig -4 @[A-M].root-servers.net . soa dig -6 @[A-M].root-servers.net . soa

Goal:Analyze and compare the query time (IPv4/IPv6) of DNS nameservers

Management #1

Use a SSH client to establish a remote session over IPv6 on the trainer’s linux server

Check the address of the connection’s originating system, through: «/usr/bin/who am i»

Goal:Check the origin of a SSH connection established over IPv6

Management #2

Retrieve management info from equipments (routers) through the «6deployinfo» community, and the snmpget command•<community>: 6deployinfo•<ipv6 address>: 2001:DB8:1F00:1::1 and 2001:DB8:1F00:1::2•<object>: sysDescr.0 and sysName.0

Syntax: snmpget –v 2c –c <community> udp6:[ipv6 address]

<object>

Goal:Check that it’s possible to obtain management information through IPv6.

Security #1

Use NMAP tool (nmap.org)• Analyze ports/services opened both on IPv4

and IPv6 on the trainer’s Linux serverUsing Localhost addresses:

nmap 127.0.0.1nmap -6 ::1

Using Global addresses: (find addresses with ifconfig)

nmap <ipv4_address>nmap -6 <ipv6_address>

Goal:Diagnose open ports, able to receive connections on a system

Questions

11