Here we are, all the way up to Myth #4! That makes this the 4th installment of our 10 part series on the top IPv6 Security Myths. This myth is one of my favorite myths to bust when speaking with folks around the world. The reason for that is how many otherwise well-informed and highly experienced engineers, and others, hold this myth as truth. It's understandable, really. more
A significant quantity of unused, previously allocated IPv4 addresses are becoming readily available for re-distribution to IP network operators in need of the depleted addresses. Network World has published a report that takes a look at this emerging private market that's allowing companies with excess numbers to sell them to those in need. more
My friend Kurtis writes in his blog some points he has been thinking of while discussing "when we run out of IPv4 addresses". In reality, as he points out so well, we will not run out. It will be harder to get addresses. It is also the case that unfortunately people that push for IPv6 claim IPv6 will solve all different kinds of problem. Possibly also the starvation problems in the world... more
We're back again with part 3 in this 10 part series that seeks to bust 10 of the most common IPv6 security myths. Today's myth is a doozy. This is the only myth on our list that I have seen folks raise their voices over. For whatever reason, Network Address Translation (NAT) seems to be a polarizing force in the networking world. It also plays a role in differentiating IPv4 from IPv6. more
Now that IPv6 is being actively deployed around the world, security is more and more a growing concern. Unfortunately, there are still a large number of myths that plague the IPv6 security world. These are things that people state as fact but simply aren't true. While traveling the world, talking to the people who've already deployed IPv6, I've identified what I believe are the ten most common IPv6 security myths. more
I did a 2 hour interview on October 23rd with John Curran, Board Chair of ARIN the North American Regional Internet Routing Registry for the last decade. I now understand what is at stake with IPv6. Outside of a key core group of network engineers I think darn few people do understand. And not all of them agree on how the scenario plays out though virtually all say the situation is very serious. John believes that it is huge. It is as big as Y2K except no one knows a precise date by which everything has to be done... more
Today we continue with part 2 of the 10 part series on IPv6 Security Myths by debunking one of the myths I overhear people propagating out loud far too much: That you don't need to worry about security because IPv6 has it built into the protocol. In this post, we'll explore several of the reasons that this is in fact a myth and look at some harsh realities surrounding IPv6 security. more
The number of IPv4 transactions and volume of IP addresses flowing to and from organizations in the ARIN region in the last 6 months put 2018 on track to be the most active year in the history of the IPv4 market. Nearly 25 million numbers were transferred in the first half of this year, more than doubling the volume of numbers transferred by this time last year and continuing the level of market activity in the last half of 2017 when just over 28 million numbers were transferred. more
IPv6 is "critical to achieve our net-centric vision", said Kris Strance, DoD Lead for IP Policy, speaking at the Information Assurance Collaboration Forum (IACF) in Laurel, Maryland last week. The Defense Department sees the proliferation of IP-addressable devices as a key driver for IPv6 adoption, and does not believe that IPv4 can satisfy its future requirements. The imminent explosion of non-traditional IP-enabled devices that Defense intends to implement may even threaten the large IPv4 address allocations that the Department holds. more
I wrote a guest column for ZDNet last month on the importance of IPV6. I fear that the Internet has been devolving into a recreation of the old smart networks with a lot of perverse complexity in the infrastructure. The latest calls for protection from all that bad stuff only adds to my concern since the problems attributed to the "Internet" will encourage people to seek more meddling. Unfettered connectivity has been a necessary precondition for allowing innovation to thrive on the Internet. It worked because the same openness allowed those at the edges to protect themselves against the errors whether malicious or just problematic. In fact, the so-called Internet revolution was triggered by the key concept of the browser -- treating other systems with suspicion but leaving it to the end points to decide how much to trust each other. more
It's now been a decade since the world officially ran out of blocks of IP addresses. In early 2011 the Internet Assigned Numbers Authority (IANA) announced that it had allocated the last block of IPv4 addresses and warned ISPs to start using the new IPv6 addresses. But here we are a decade later and not one of my clients has converted to IPv6. more
Do "smart" parking meters really need phone numbers? Does every "smart meter" installed by electric utilities need a telephone number? Does every new car with a built-in navigation system need a phone number? Does every Amazon Kindle (and similar e-readers) really need its own phone number? In the absence of an alternative identifier, the answer seems to be a resounding "yes" to all of the above. more
The National Telecommunications and Information Administration (NTIA) is hosting a workshop today discussing the state of IPv6 in the U.S. and its impact on the industry, government, and the Internet economy. The moderators for the workshop are Aneesh Chopra, Chief Technology Officer of the United States and Vivek Kundra, Chief Information Officer of the United States. Participants include... more
In the transition from IPv4 to IPv6, the preferred solution for network endpoints is to have both native IPv4 and IPv6 connectivity (also called dual-stack connectivity). If a site cannot get native IPv6 connectivity, however, the IPv4 network endpoints can choose from a number of conversion technologies to connect to the IPv6 Internet. The most commonly used conversion mechanisms are 6to4, Teredo and tunnel-brokers. At recent RIPE meetings there have been claims that 6to4 connectivity is quite often broken. We were interested to find out how broken it really is. more
The debates are raging over whether or not we should migrate to IPv6. The strongest argument is the enormous address space that will allow for everyone and everything to have a unique public address, many addresses actually. It is often said that the shortage of public IPv4 addresses has limited our capabilities because it led to the pervasive use of private addressing, Network Address Translation (NAT) and Port Address Translation (PAT). Though these technologies remain critical, they are often regarded as stop-gap measures, and they sometimes create problems. In some circles, NAT has acquired a very bad name. But is that a fair perspective of the technology? Let's review the positives and negatives. more