IPv6 Wall of Shame
▻https://ipv6wallofshame.com
65% of the top 124 websites don’t support IPv6 yet
iOS 9 Supporting IPv6-only Networks
▻https://developer.apple.com/news/?id=05042016a
At WWDC 2015 [Apple] announced the transition to IPv6-only network services in iOS 9. Starting June 1, 2016 all apps submitted to the App Store must support IPv6-only networking.
#IPv6
La newsletter Afnic de janvier est en ligne ! Consultez la ici ▻http://afnic-media.fr/newsletter/20160119.html
Pour vous inscrire ►https://www.afnic.fr/fr/ressources/newsletter-afnic-36.html
Afnic newsletter for January is out! Read it here ▻http://www.afnic-media.fr/newsletter/20160119-english.html
Subscribe directly here ▻https://www.afnic.fr/en/resources/afnic-newsletter-43.html
[Blog Afnic] IPv6 et DNSSEC ont 20 et 19 ans. Même combat et mêmes défis !? par Mohsen Souissi ▻https://www.afnic.fr/fr/ressources/blog/ipv6-et-dnssec-ont-20-et-19-ans-meme-combat-et-memes-defis.html
[Afnic blog] IPv6 and DNSSEC are respectively 20 and 19 years old. Same fight and challenges? by Mohsen Souissi ▻https://www.afnic.fr/en/resources/blog/ipv6-and-dnssec-are-respectively-20-and-19-years-old-same-fight-and-challenges
NetworkManager and privacy in the IPv6 internet
▻https://blogs.gnome.org/lkundrak/2015/12/03/networkmanager-and-privacy-in-the-ipv6-internet
after 3.5 years: nmap 7 : new an improved
adds among other improvements:
• mature IPv6 support
• faster and better SSL/TLS-related scans
• 171 new scripts:
ajp-auth, ajp-brute, ajp-headers, ajp-methods, ajp-request, allseeingeye-info, bacnet-info, bjnp-discover, broadcast-ataoe-discover, broadcast-bjnp-discover, broadcast-eigrp-discovery, broadcast-igmp-discovery, broadcast-pim-discovery, broadcast-sonicwall-discover, broadcast-tellstick-discover, cassandra-brute, cassandra-info, cups-info, cups-queue-info, dict-info, distcc-cve2004-2687, dns-check-zone, dns-ip6-arpa-scan, dns-nsec3-enum, docker-version, enip-info, eppc-enum-processes, fcrdns, firewall-bypass, flume-master-info, freelancer-info, gkrellm-info, gpsd-info, hnap-info, hostmap-ip2hosts, hostmap-robtex, http-adobe-coldfusion-apsa1301, http-avaya-ipoffice-users, http-cisco-anyconnect, http-coldfusion-subzero, http-comments-displayer, http-cross-domain-policy, http-csrf, http-devframework, http-dlink-backdoor, http-dombased-xss, http-drupal-enum, http-drupal-enum-users, http-errors, http-exif-spider, http-feed, http-fetch, http-fileupload-exploiter, http-form-fuzzer, http-frontpage-login, http-git, http-gitweb-projects-enum, http-huawei-hg5xx-vuln, http-icloud-findmyiphone, http-icloud-sendmsg, http-iis-short-name-brute, http-ls, http-mobileversion-checker, http-ntlm-info, http-phpmyadmin-dir-traversal, http-phpself-xss, http-referer-checker, http-rfi-spider, http-robtex-shared-ns, http-server-header, http-shellshock, http-sitemap-generator, http-slowloris-check, http-slowloris, http-stored-xss, http-svn-enum, http-svn-info, http-tplink-dir-traversal, http-traceroute, http-useragent-tester, http-virustotal, http-vlcstreamer-ls, http-vuln-cve2006-3392, http-vuln-cve2010-0738, http-vuln-cve2013-0156, http-vuln-cve2013-7091, http-vuln-cve2014-2126, http-vuln-cve2014-2127, http-vuln-cve2014-2128, http-vuln-cve2014-2129, http-vuln-cve2014-8877, http-vuln-cve2015-1427, http-vuln-cve2015-1635, http-vuln-misfortune-cookie, http-vuln-wnr1000-creds, http-waf-fingerprint, http-webdav-scan, http-wordpress-users, http-xssed, icap-info, ike-version, ip-forwarding, ip-https-discover, ipv6-ra-flood, irc-sasl-brute, isns-info, jdwp-exec, jdwp-info, jdwp-inject, knx-gateway-discover, knx-gateway-info, llmnr-resolve, mcafee-epo-agent, metasploit-info, metasploit-msgrpc-brute, mikrotik-routeros-brute, mmouse-brute, mmouse-exec, mrinfo, msrpc-enum, ms-sql-dac, mtrace, murmur-version, mysql-dump-hashes, mysql-enum, mysql-query, mysql-vuln-cve2012-2122, nje-node-brute, omron-info, oracle-brute-stealth, pcanywhere-brute, qconn-exec, quake1-info, rdp-enum-encryption, rfc868-time, rmi-vuln-classloader, rpc-grind, s7-info, sip-call-spoof, sip-methods, smb-ls, smb-print-text, smb-vuln-conficker, smb-vuln-cve2009-3103, smb-vuln-ms06-025, smb-vuln-ms07-029, smb-vuln-ms08-067, smb-vuln-ms10-054, smb-vuln-ms10-061 [stuxnet], smb-vuln-regsvc-dos, snmp-hh3c-logins, snmp-info, ssl-ccs-injection, ssl-date, ssl-dh-params, ssl-heartbleed, ssl-poodle, sstp-discover, supermicro-ipmi-conf, targets-ipv6-map4to6, targets-ipv6-wordlist, targets-xml, teamspeak2-version, tls-nextprotoneg, tor-consensus-checker, traceroute-geolocation, unittest, ventrilo-info, weblogic-t3-info, whois-domain, xmlrpc-methods
#IPv6 performance (2015-11-19 presentation at #RIPE71)
▻https://ripe71.ripe.net/wp-content/uploads/presentations/39-2015-11-19-v6-performance.pdf
The open #Internet ?
▻https://blog.apnic.net/2015/10/07/the-open-internet
"The massive proliferation of network-based middleware has resulted in an internet that has few remaining open apertures. Most of the time the packet you send is not precisely the packet I receive, and all too often if you deviate from a very narrowly set of technical constraints within this packet, then the packet you send is the packet I will never receive"
"the result is Africa becoming a dumping ground for all of that equipment (as the vendors scramble to off-load these toxic assets) — either as cheap equipment for the market or as “technical aid”. [...] I’ve seen this before — stores filled with ’donated’ networking equipment that the recipient was unable to use because the technology was old and worthless or never even existed in most African countries (think hubs and routers with ATM interfaces in Northern Cameroon or Nigeria)."
▻http://www.circleid.com/posts/20150713_ipv4_exhaustion_5_implications_for_africa_running_out_last
Apple OS X 10.11 and iOS 9 now prefer IPv6 for connections
Thanks to an improved Happy Eyeballs implementation (Erick Vyncke says 25 ms instead of the 300 ms specified in RFC 6555) that went from roughly 50/50 IPv4/IPv6 in iOS 8 and OS X 10.10 to about 99% IPv6 in iOS 9 and OS X 10.11.
This is good news, when you think that now ARIN also “ran out of IPv4 addresses”; i.e. was unable to meet a legitimate demand for IPv4 address space as from 1 July 2015. (This does not mean there are no more IPv4 addresses, it just means that for the first time ARIN could not satisfy a valid demand for address space).
▻https://www.arin.net/resources/request/waiting_list.html
#IPv6
Apple Will Require IPv6 Support For All iOS 9 Apps
▻http://seenthis.net/messages/380174
#Microsoft IT’s #IPv6 killer app: #IPv4 address depletion... Familiar story !
▻http://www.ipv6conference.ch/wp-content/uploads/2015/06/B07-Keane_Microsoft_IPv6-at-enterprise-2015-final.pdf
#IPv6 at #Swisscom - ambitious, with pure IPv6 #VoLTE among other things:
▻http://www.ipv6conference.ch/wp-content/uploads/2015/06/B10-Swisscom-Status_Roadmap_and_Outlook_IPv6.pdf
Apple Will Require IPv6 Support For All iOS 9 Apps
▻http://www.internetsociety.org/deploy360/blog/2015/06/apple-will-require-ipv6-support-for-all-ios-9-apps
“Because IPv6 support is so critical to ensuring your applications work across the world for every customer, we are making it an AppStore submission requirement, starting with iOS 9.
Well, it’s one more step in the right direction towards the tipping point
Most significantly, though, this step by Apple means that all the iOS apps that run on iOS 9 will work well over the IPv6-only networks that are starting to be deployed. Even in dual-stack (IPv6/IPv4) networks, this should mean that iOS 9 apps will work better in those environments when, for instance, IPv6 may be faster. (More needs to be understood here about the specifics of the IPv6 support.)
May 2015 update on measuring #IPv6
▻https://ripe70.ripe.net/wp-content/uploads/presentations/129-2015-05-14-ipv6-stats.pdf #RIPE70
Money quote: « IPv6 users represent 7% of the total “net user value” of the Internet »
#IPv6 for #ISP - state, lessons, future
▻https://ripe70.ripe.net/wp-content/uploads/presentations/133-IPv6-for-ISPs.pdf #RIPE70
“#Telstra has revealed it has run out of #IPv4 internet addresses, prompting warnings that its use of network addressing translation could impact the carrier’s ability to accurately collect customer metadata for the Government”
Yes, of course, undermining the police state is the most important impact from running out of IPv4 addresses.
▻http://www.itnews.com.au/News/401918,telstra-runs-out-of-ipv4-addresses.aspx #surveillance #terrorism
Oh well, let’s use the next batch of stupid pseudoantiterrorist legislation to mandate migration to #IPv6 - the moral dilemma will tear Internet geeks apart !
Emperor of the Internet — Shelly Palmer
▻http://www.shellypalmer.com/spb/2015/1/30/emperor-of-the-internet
“I am NoMan, Emperor of the Internet, Online Imperator and Lord of IPv6, Imperial ruler of the web, Grand King of the Ethernet, Keeper of the Royal Encryption Algorithms, Monarch of Virtual World. If I allow you to communicate with me, you will address me as, Your Majesty, the Heavenly Digital Sovereign.”
This had to be a hoax. The message continued...
“I am all powerful. No computer, no mobile phone, no device, nothing with an on/off switch is out of my reach...
When you are chosen, you will pay tribute to me in an amount equal to 2% of every online transaction, every online purchase, every online transfer of funds you make for the rest of your natural life. No transactions may be excluded. Ever.
In honor of your tribute, I grant you immunity from identity theft, cyber-attack, all cyber-weapons and protection against all other cyber-terrorists - for none are more powerful than I. If my conditions are met, I, as the beneficent Emperor that I am, will allow you to live a peaceful, tranquil, profitable digital life.
Should to choose to disobey me, I will give you three warnings. On the day of the third transgression, every aspect of your digital life will be destroyed. I will take 100 percent of your bank balance and leave you with no identity, no home, no transportation, no medical records, no financial records, no insurance, no data and no hope of ever recovering any of it. I will erase you from existence.
These are the rules. Do not test me. I am, NoMan. Pray that I favor you with my greatness.”
Pretty much everyone thought this was bit of technical magic performed by a disgruntled hacker with a sixth-grade sense of humor and delusions of grandeur. But after a few victims, it became clear that – not only was this not a hoax, it was the beginning of the end.
C’est comme ca qu’on vend son beurre quand on est conseiller de #sécurité. Pas mal.
L’Afnic et Stiftelsen för Internetinfrastruktur (.SE) publient Zonemaster, un logiciel pour améliorer la résilience du Net ▻http://urlz.fr/1sgO
Afnic and Stiftelsen för Internetinfrastruktur (.SE) release Zonemaster to improve Internet resilience ▻http://urlz.fr/1sgT
#AFNIC #Internet #Numérique #Web #ZoneMaster
% zonemaster-cli seenthis.net
Seconds Level Message
======= ========= =======
17.65 WARNING All nameservers IPv4 addresses are in the same AS (29169).
17.65 WARNING All nameservers IPv6 addresses are in the same AS (29169).
17.65 WARNING All nameservers are in the same AS (29169).
17.80 NOTICE 192.5.6.30 returned no DS records for seenthis.net.
18.09 NOTICE SOA 'refresh' value (10800) is less than the recommended one (14400).
Pas mal pour SeenThis
ovh.com a le même genre de souci “All nameservers are in the same AS”
Article from the swedish, on their blog ▻https://www.iis.se/se-tech/meet-our-new-tool-zonemaster
Sub-allocation of a legacy “class A” network (a /8, in modern parlance). Apparently, DuPont sold a part of its #IPv4 addresses to #Amazon.
▻https://www.reddit.com/r/networking/comments/2tc4ss/looks_like_amazon_just_got_42_million_ips_from
ObiWanBaloney:
BGP is very OCD. You can tell because it’s letters are in alphabetical order.
:D:D
’Sold’ ? Wow - I didn’t know about section 8.3 of the NRPM (▻https://www.arin.net/policy/nrpm.html#eight3). Section 8.4 even describes inter-RIR sales. #ARIN
D’après ce que je lis, le prix moyen d’une IP est à peu près de 10 USD.
▻http://www.internetgovernance.org/wordpress/wp-content/uploads/IPv4marketTPRC20121.pdf
Vous avez vu d’autres références sur les prix du « marché » ?
Bluetooth 4.2 increases privacy, adds speed and IPv6
▻http://www.nfcworld.com/2014/12/08/333126/bluetooth-4-2-increase-speed-security-smart-devices
Bluetooth beacons are now unable to engage with smartphones without permission from the user and making it harder for eavesdroppers to track a device via its Bluetooth connection.
[...]
the Internet Protocol Support Profile (IPSP) will allow Bluetooth Smart sensors to access the Internet directly via IPv6/6LoWPAN,”
The Verge :
▻http://www.theverge.com/2014/12/3/7330117/bluetooth-4-2-is-faster-safer-and-lets-lightbulbs-connect-to-the
Bluetooth 4.2 has clear advances over its predecessors, but Ars Technica reports that “some, but not all” of the new specification’s features will be available to those with older devices. Many Bluetooth adapters included in modern devices are configured to work with Bluetooth 4.0, and although a software update previously meant devices using such adapters could also use version 4.1, a Bluetooth SIG spokesperson said that to take advantage of the increased speed and packet size of version 4.2, a hardware update would be required.
A #USB keypad with a key layout dedicated to #IPv6 address entry !
▻http://www.ipv6buddy.com