Showing posts sorted by relevance for query miredo. Sort by date Show all posts
Showing posts sorted by relevance for query miredo. Sort by date Show all posts

Monday, January 30, 2006

IPv6 Behind NAT Using FreeBSD and Miredo

Thanks to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 generosity of a TaoSecurity Blog reader, I have been experimenting with a dual-stack IPv4 and IPv6 system at a university. I connect to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 IPv4 address using OpenSSH. Once on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 box, I can use IPv6.

I've been looking for ways to connect my home network directly to IPv6. At cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 moment I'm using a common gateway/router to perform NAT for my cable network connection. I needed a way to provide IPv6 for systems behind cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 NAT. Enter Teredo and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Miredo project.

Now, before you decide that I'm giving this protocol my "thumbs up," I'm going to explicitly tell you I just wanted to get cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 software working and use ping6. That's it for now.

Teredo, which is now a draft RFC, is a Microsoft protocol. Basically you take IPv6 traffic, tunnel it in UDP, and send it to a relay server. The relay pulls off cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 UDP and sends cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 traffic using IPv6 to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 destination. The process is reversed for return traffic. Obviously sending your traffic elsewhere, especially to one of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Microsoft relays, is enough to scare most people.

Installing Miredo is simple. Thanks to author Rémi Denis-Courmont responding to my troubleshooting emails, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 latest version compiles flawlessly on FreeBSD 6.0. The standard ./configure, make, make install is all that is needed.

Once installed, I run Miredo in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 foreground.

orr:/home/richard$ sudo miredo --foreground

***********************************************************************
* IMPORTANT NOTICE *
* *
* At cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 time of release of this version of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 program, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 IETF had *
* not yet published cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Teredo protocol specification (RFC). As such, *
* this version of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 program still uses experimental provisional *
* settings, which will most likely be altered when cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 specification *
* is published. A new version of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 program will cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n be released to *
* take cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se changes into consideration. Until cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n, this program *
* might not work properly and should be considered experimental. *
***********************************************************************

miredo[684]: Starting...
miredo[685]: Qualified (NAT type: restricted)
miredo[685]: Teredo pseudo-tunnel started
miredo[685]: (address: 3ffe:831f:8ac3:9ddd:0:3650:ba0c:d759, MTU: 1280)

Miredo creates a tun0 interface for IPv6.

orr:/home/richard$ ifconfig -a
fxp0: flags=8943 mtu 1500
options=8
inet6 fe80::203:47ff:fe0f:1f3c%fxp0 prefixlen 64 scopeid 0x1
inet 192.168.2.5 netmask 0xffffff00 broadcast 192.168.2.255
ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r 00:03:47:0f:1f:3c
media: Ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rnet autoselect (100baseTX )
status: active
plip0: flags=108810 mtu 1500
lo0: flags=8049 mtu 16384
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
inet 127.0.0.1 netmask 0xff000000
tun0: flags=80d1 mtu 1280
inet6 fe80::203:47ff:fe0f:1f3c%tun0 prefixlen 64 scopeid 0x4
inet6 fe80::5445:5245:444f%tun0 prefixlen 64 scopeid 0x4
inet6 3ffe:831f:8ac3:9ddd:0:3650:ba0c:d759 prefixlen 32
Opened by PID 685

Teredo encapsulates IPv6 inside UDP packets sent to port 3544.

Here is what it looks like to Tcpdump when Teredo starts. All we can see at this point is Miredo doing a DNS lookup for its default relay server, followed by UDP traffic to that server.

11:08:15.389255 IP 192.168.2.5.64226 > 192.168.2.1.53: 58453+ A? teredo.via.ecp.fr. (35)
11:08:15.394528 IP 192.168.2.1.53 > 192.168.2.5.64226: 58453 1/0/0 A 138.195.157.221 (51)
11:08:15.395024 IP 192.168.2.5.51631 > 138.195.157.221.3544: UDP, length 77
11:08:19.396616 IP 192.168.2.5.51631 > 138.195.157.221.3544: UDP, length 77
11:08:23.396031 IP 192.168.2.5.51631 > 138.195.157.221.3544: UDP, length 77
11:08:27.396404 IP 192.168.2.5.51631 > 138.195.157.222.3544: UDP, length 77
11:08:27.517795 IP 138.195.157.222.3544 > 192.168.2.5.51631: UDP, length 117
11:08:27.518031 IP 192.168.2.5.51631 > 138.195.157.221.3544: UDP, length 77
11:08:27.639923 IP 138.195.157.221.3544 > 192.168.2.5.51631: UDP, length 117
11:09:01.396212 IP 192.168.2.5.51631 > 138.195.157.221.3544: UDP, length 77
11:09:01.514967 IP 138.195.157.221.3544 > 192.168.2.5.51631: UDP, length 117

Tecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365real strips off cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 UDP traffic by default and shows cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 underlying IPv6 traffic. Keep this in mind if you're using Tecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365real and think you're seeing native IPv6. This is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same trace as examined above with Tcpdump.

Now with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 help of Tecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365real, we see Miredo making ICMPv6 router solicitations. Later we see ICMPv6 router advertisements from fe80::8000:dd8:753c:6222.

1 2006-01-30 11:08:15.389255 192.168.2.5 -> 192.168.2.1 DNS Standard query A
teredo.via.ecp.fr
2 2006-01-30 11:08:15.394528 192.168.2.1 -> 192.168.2.5 DNS Standard query response A 138.195.157.221
3 2006-01-30 11:08:15.395024 fe80::8000:5445:5245:444f -> ff02::2 ICMPv6 Router solicitation
4 2006-01-30 11:08:19.396616 fe80::8000:5445:5245:444f -> ff02::2 ICMPv6 Router solicitation
5 2006-01-30 11:08:23.396031 fe80::8000:5445:5245:444f -> ff02::2 ICMPv6 Router solicitation
6 2006-01-30 11:08:27.396404 fe80::5445:5245:444f -> ff02::2 ICMPv6 Router solicitation
7 2006-01-30 11:08:27.517795 fe80::8000:dd8:753c:6222 -> fe80::5445:5245:444f ICMPv6 Router advertisement
8 2006-01-30 11:08:27.518031 fe80::5445:5245:444f -> ff02::2 ICMPv6 Router solicitation
9 2006-01-30 11:08:27.639923 fe80::8000:dd8:753c:6222 -> fe80::5445:5245:444f
ICMPv6 Router advertisement
12 2006-01-30 11:09:01.396212 fe80::5445:5245:444f -> ff02::2 ICMPv6 Router solicitation
13 2006-01-30 11:09:01.514967 fe80::8000:dd8:753c:6222 -> fe80::5445:5245:444f ICMPv6 Router advertisement

Here is what cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 routing table for IPv6 looks like once Miredo is running.

orr:/home/richard$ netstat -nr -f inet6
Routing tables

Internet6:
Destination Gateway Flags Netif Expire
default link#4 ULS tun0
::1 ::1 UH lo0
3ffe:831f::/32 link#4 UC tun0
3ffe:831f:8ac3:9ddd:0:3650:ba0c:d759 link#4 UHL lo0
fe80::%fxp0/64 link#1 UC fxp0
fe80::203:47ff:fe0f:1f3c%fxp0 00:03:47:0f:1f:3c UHL lo0
fe80::%lo0/64 fe80::1%lo0 U lo0
fe80::1%lo0 link#3 UHL lo0
fe80::%tun0/64 link#4 UC tun0
fe80::5445:5245:444f%tun0 link#4 UHL lo0
fe80::203:47ff:fe0f:1f3c%tun0 link#4 UHL lo0
ff01::/32 ::1 U lo0
ff02::%fxp0/32 link#1 UC fxp0
ff02::%lo0/32 ::1 UC lo0
ff02::%tun0/32 link#4 UC tun0

Interface tun0 is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 default for IPv6. That is good news. Let's try to ping6 an IPv6 enabled host.

orr:/home/richard$ ping6 -c 2 www6.olympus-zone.net
PING6(56=40+8+8 bytes) 3ffe:831f:8ac3:9ddd:0:3650:ba0c:d759 --> 2001:1638:305:4::1
16 bytes from 2001:1638:305:4::1, icmp_seq=0 hlim=56 time=766.023 ms
16 bytes from 2001:1638:305:4::1, icmp_seq=1 hlim=56 time=394.536 ms

--- www6.olympus-zone.net ping6 statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 394.536/580.279/766.023/185.744 ms

Awesome. Here is how Tcpdump sees cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 traffic.

11:09:16.646506 IP 192.168.2.5.55205 > 192.168.2.1.53: 58174+ AAAA? www6.olympus-zone.net. (39)
11:09:16.648419 IP 192.168.2.1.53 > 192.168.2.5.55205: 58174 1/0/0 AAAA 2001:1638:305:4::1 (67)
11:09:16.649738 IP 192.168.2.5.51631 > 138.195.157.221.3544: UDP, length 64
11:09:16.977910 IP 138.195.157.221.3544 > 192.168.2.5.51631: UDP, length 48
11:09:16.978090 IP 192.168.2.5.51631 > 213.172.48.140.51246: UDP, length 40
11:09:17.130790 IP 213.172.48.140.51246 > 192.168.2.5.51631: UDP, length 64
11:09:17.130940 IP 192.168.2.5.51631 > 213.172.48.140.51246: UDP, length 56
11:09:17.415124 IP 213.172.48.140.51246 > 192.168.2.5.51631: UDP, length 56
11:09:17.649746 IP 192.168.2.5.51631 > 213.172.48.140.51246: UDP, length 56
11:09:18.043784 IP 213.172.48.140.51246 > 192.168.2.5.51631: UDP, length 56

Packet 3 would appear to be cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ICMPv6 request, with packet 4 cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 response. But what about cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 last 6 packets?

Here is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same traffic in Tecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365real.

14 2006-01-30 11:09:16.646506 192.168.2.5 -> 192.168.2.1 DNS Standard query AAAA www6.olympus-zone.net
15 2006-01-30 11:09:16.648419 192.168.2.1 -> 192.168.2.5 DNS Standard query response AAAA 2001:1638:305:4::1
16 2006-01-30 11:09:16.649738 3ffe:831f:8ac3:9ddd:0:3650:ba0c:d759 -> 2001:1638:305:4::1 ICMPv6 Echo request
17 2006-01-30 11:09:16.977910 fe80::8000:5445:5245:444f -> 3ffe:831f:8ac3:9ddd:0:3650:ba0c:d759 IPv6 IPv6 no next header
18 2006-01-30 11:09:16.978090 192.168.2.5 -> 213.172.48.140 UDP Source port: 51631 Destination port: 51246
19 2006-01-30 11:09:17.130790 213.172.48.140 -> 192.168.2.5 UDP Source port: 51246 Destination port: 51631
20 2006-01-30 11:09:17.130940 192.168.2.5 -> 213.172.48.140 UDP Source port: 51631 Destination port: 51246
21 2006-01-30 11:09:17.415124 213.172.48.140 -> 192.168.2.5 UDP Source port: 51246 Destination port: 51631
22 2006-01-30 11:09:17.649746 192.168.2.5 -> 213.172.48.140 UDP Source port: 51631 Destination port: 51246
23 2006-01-30 11:09:18.043784 213.172.48.140 -> 192.168.2.5 UDP Source port: 51246 Destination port: 51631

Tecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365real sees cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ICMPv6 request and reply, but it can't decode cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 last 6 packets.

I plan to investigate this furcá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r.

Wednesday, November 24, 2010

Trying Ubuntu 10.10 in AWS Free Usage Tier

After trying 60 Free Minutes with Ubuntu 10.10 in Amazon EC2 yesterday, I decided to take cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 next step and try cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 AWS Free Usage Tier. This blog post by Jay Andrew Allen titled Getting Started (for Free!) with Amazon Elastic Cloud Computing (EC2) helped me.

One important caveat applies: this activity will not be completely free. The AMI chose uses a 15 GB filesystem, and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 terms of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 free usage stipulate no more than a 10 GB filesystem. I'll pay $0.50 per month for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 privilege of using a prebuilt Ubuntu AMI. Since I'm an AMI n00b, I decided to pay cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 $0.50. At some point when I am comfortable creating or trusting 10 GB AMIs, maybe I'll switch.

  1. First I visited http://aws.amazon.com/ec2/ and signed up for Amazon EC2. At Amazon Web Services Sign In, I chose to "Identity Verification by Telephone." When I completed sign up I received three emails: 1) Amazon Virtual Private Cloud Sign-Up Confirmation; 2) Amazon Elastic Compute Cloud Sign-Up Confirmation; and 3) Amazon Simple Notification Service Sign-Up Confirmation.

  2. Next I visited cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 AWS Management Console at https://console.aws.amazon.com/ec2/home. In Getting Started, I choose Launch Instance. I had to decide what sort of virtual machine I wanted to run. I decided to try a 64 bit Ubuntu 10.10 Amazon Machine Image (AMI) I found mentioned at http://uec-images.ubuntu.com/releases/maverick/release/ and at http://alestic.com/. I selected an AMI available at Amazon's us-east-1 facility, identified as ami-548c783d. This AMI uses Amazon's Elastic Block Store (EBS) so that changes persist.

  3. Under Instance Details, I chose:

    Number of Instances: 1
    Availability Zone: No Preference
    Instance Type: Micro (t1.micro, 613 MB)

  4. Under Select Launch Instances, I chose:

    Kernel ID: Use Default
    RAM Disk ID: Use Default
    No Monitoring
    No User Data
    No Tags

  5. Next I had to Create and Download Key Pair. That produced a file called taosecuritykey.pem which we'll use later.

  6. I chose

    Security Groups: Default

  7. When I reviewed my choices I saw:

    AMI: Ubuntu AMI ID ami-548c783d (x86_64)
    Name:
    Description:
    Number of Instances: 1
    VPC Subnet:
    Availability Zone: No Preference
    Instance Type: Micro (t1.micro)
    Instance Class: On Demand
    Number of Instances: 1
    Availability Zone: No Preference
    Instance Class: On Demand
    Maximum Price:
    Request Valid From:
    Availability Zone Group:
    Request Valid Until:
    Launch Group:
    Persistent Request:
    Placement Group:
    Strategy:
    Monitoring: Disabled
    Bursting:
    Kernel ID: Use Default
    RAM Disk ID: Use Default
    IP Address:
    User Data:
    Key Pair Name: taosecuritykey
    Security Group(s): default

  8. Finally I launched Launched cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 instance and visited cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Instances Page.

  9. In order to SSH to my AMI I had to add "SSH" to my Security Group and I decided to add my own IP address (with /32 netmask) as cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 IP allowed to traverse cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 firewall.

  10. To SSH to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 system I had to find cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 hostname in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 EC2 Instance listing at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 bottom of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 page, e.g., ec2-obfuscated.compute-1.amazonaws.com. I also had to set permissions on my .pem so I could use it with SSH:


    richard@neely:~$ mv taosecuritykey.pem .ssh/
    richard@neely:~$ chmod 400 .ssh/taosecuritykey.pem

  11. Then I connected to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 AMI:

    richard@neely:~$ ssh -v -i .ssh/taosecuritykey.pem \
    ubuntu@ec2-obfuscated.compute-1.amazonaws.com

    Linux domU-12-31-39-14-F9-0C 2.6.35-22-virtual #33-Ubuntu SMP
    Sun Sep 19 21:05:42 UTC 2010 x86_64 GNU/Linux

    Ubuntu 10.10

    Welcome to Ubuntu!
    * Documentation: https://help.ubuntu.com/

    System information as of Wed Nov 24 20:36:24 UTC 2010

    System load: 0.0 Processes: 60
    Usage of /: 4.4% of 14.76GB Users logged in: 0
    Memory usage: 6% IP address for eth0: 10.206.250.250
    Swap usage: 0%

    Graph this data and manage this system at https://landscape.canonical.com/
    ---------------------------------------------------------------------
    At cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 moment, only cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 core of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 system is installed. To tune cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365
    system to your needs, you can choose to install one or more
    predefined collections of software by running cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following
    command:

    sudo tasksel --section server
    ---------------------------------------------------------------------

    The programs included with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Ubuntu system are free software;
    cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 exact distribution terms for each program are described in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365
    individual files in /usr/share/doc/*/copyright.

    Ubuntu comes with ABSOLUTELY NO WARRANTY, to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 extent permitted by
    applicable law.

    To run a command as administrator (user "root"), use "sudo ".
    See "man sudo_root" for details.

    ubuntu@domU-12-31-39-14-F9-0C:~$


At this point my system was working, so I poked around a little.

ubuntu@domU-12-31-39-14-F9-0C:~$ df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda1 15G 665M 14G 5% /
none 290M 108K 290M 1% /dev
none 297M 0 297M 0% /dev/shm
none 297M 48K 297M 1% /var/run
none 297M 0 297M 0% /var/lock

ubuntu@domU-12-31-39-14-F9-0C:~$ sudo netstat -natup
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 468/sshd
tcp 0 48 10.206.250.250:22 98.218.35.11:57655 ESTABLISHED 577/sshd: ubuntu [p
tcp6 0 0 :::22 :::* LISTEN 468/sshd
udp 0 0 0.0.0.0:68 0.0.0.0:* 387/dhclient3

ubuntu@domU-12-31-39-14-F9-0C:~$ ifconfig -a
eth0 Link encap:Ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rnet HWaddr 12:31:39:14:f9:0c
inet addr:10.206.250.250 Bcast:10.206.251.255 Mask:255.255.254.0
inet6 addr: fe80::1031:39ff:fe14:f90c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:429 errors:0 dropped:0 overruns:0 frame:0
TX packets:337 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:67019 (67.0 KB) TX bytes:49777 (49.7 KB)
Interrupt:9

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

ubuntu@domU-12-31-39-14-F9-0C:~$ sudo lft -D eth0 www.bejtlich.net

Tracing __________________________________.

TTL LFT trace to vhost.identityvector.com (205.186.148.46):80/tcp
1 10.206.248.3 0.8ms
2 216.182.232.236 0.5ms
3 216.182.232.64 0.4ms
** [neglected] no reply packets received from TTLs 4 through 6
7 dca-edge-18.inet.qwest.net (65.120.78.57) 2.1ms
8 dcp-brdr-03.inet.qwest.net (205.171.251.110) 4.9ms
** [neglected] no reply packets received from TTL 9
10 216.88.34.170 3.7ms
11 cr02-1-1.iad1.net2ez.com (65.97.48.206) 9.7ms
12 65.97.50.26 4.2ms
13 static-70-32-64-246.mtsvc.net (70.32.64.246) 4.2ms
14 vzd052.mediatemple.net (205.186.147.5) 3.7ms
15 [target] vhost.identityvector.com (205.186.148.46):80 4.1ms

I decided to update cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 AMI using apt.

$ sudo apt-get update
$ sudo apt-get upgrade

After reboot

ubuntu@domU-12-31-39-14-F9-0C:~$ uname -a
Linux domU-12-31-39-14-F9-0C 2.6.35-22-virtual #35-Ubuntu
SMP Sat Oct 16 23:19:29 UTC 2010 x86_64 GNU/Linux

I decided to try sending email from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 system:

ubuntu@domU-12-31-39-14-F9-0C:~$ sudo apt-get install exim4-daemon-light
...edited...
ubuntu@domU-12-31-39-14-F9-0C:~$ sudo dpkg-reconfigure exim4-config
* Stopping MTA for restart [ OK ]
* Restarting MTA [ OK ]

ubuntu@domU-12-31-39-14-F9-0C:~$ echo "test mail 1557" | mailx -v -s "test mail 1557" richard@bejtlich.net
LOG: MAIN
<= ubuntu@domu-12-31-39-14-f9-0c.compute-1.amazonaws.com U=ubuntu P=local S=489
ubuntu@domU-12-31-39-14-F9-0C:~$ delivering 1PLMPR-0000eu-4P
R: dnslookup for richard@bejtlich.net
T: remote_smtp for richard@bejtlich.net
Connecting to ASPMX.L.GOOGLE.COM [74.125.93.27]:25 ... connected
SMTP<< 220 mx.google.com ESMTP g35si18125523qcs.170
SMTP>> EHLO domU-12-31-39-14-F9-0C.compute-1.internal
SMTP<< 250-mx.google.com at your service, [174.129.106.239]
250-SIZE 35651584
250-8BITMIME
250 ENHANCEDSTATUSCODES
SMTP>> MAIL FROM: SIZE=1523
SMTP<< 250 2.1.0 OK g35si18125523qcs.170
SMTP>> RCPT TO:
SMTP<< 250 2.1.5 OK g35si18125523qcs.170
SMTP>> DATA
SMTP<< 354 Go ahead g35si18125523qcs.170
SMTP>> writing message and terminating "."
SMTP<< 250 2.0.0 OK 1290632265 g35si18125523qcs.170
SMTP>> QUIT
LOG: MAIN
=> richard@bejtlich.net R=dnslookup T=remote_smtp H=ASPMX.L.GOOGLE.COM [74.125.93.27]
LOG: MAIN
Completed

I also decided to try an IPv6 tunnel client:
ubuntu@domU-12-31-39-14-F9-0C:~$ sudo apt-get install miredo

ubuntu@domU-12-31-39-14-F9-0C:~$ ifconfig -a
eth0 Link encap:Ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rnet HWaddr 12:31:39:14:f9:0c
inet addr:10.206.250.250 Bcast:10.206.251.255 Mask:255.255.254.0
inet6 addr: fe80::1031:39ff:fe14:f90c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5025 errors:0 dropped:0 overruns:0 frame:0
TX packets:2849 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2717010 (2.7 MB) TX bytes:1308113 (1.3 MB)
Interrupt:9

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

teredo Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet6 addr: 2001:0:53aa:64c:102c:3760:517e:9510/32 Scope:Global
inet6 addr: fe80::ffff:ffff:ffff/64 Scope:Link
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1280 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:3 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:0 (0.0 B) TX bytes:144 (144.0 B)

ubuntu@domU-12-31-39-14-F9-0C:~$ host ipv6.google.com
ipv6.google.com is an alias for ipv6.l.google.com.
ipv6.l.google.com has IPv6 address 2001:4860:800f::68

ubuntu@domU-12-31-39-14-F9-0C:~$ ping6 2001:4860:800f::68
PING 2001:4860:800f::68(2001:4860:800f::68) 56 data bytes
64 bytes from 2001:4860:800f::68: icmp_seq=1 ttl=59 time=3.70 ms
64 bytes from 2001:4860:800f::68: icmp_seq=2 ttl=59 time=3.97 ms
64 bytes from 2001:4860:800f::68: icmp_seq=3 ttl=59 time=4.73 ms
^C
--- 2001:4860:800f::68 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 3.707/4.140/4.736/0.435 ms

I did that all under an hour, so before cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 first hour finished I shut down cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 AMI.

The next time I want to use it, I'll visit cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 console, start it, and SSH. I don't have any real plans for this AMI besides experimentation, for now. I'll probably keep my eye on this ec2ubuntu Google Group too.

Sunday, August 05, 2007

Black Hat USA 2007 Round-Up Part 2

I'm waiting in anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r airport, so it's time to summarize my second day at Black Hat USA 2007. (The first day is Black Hat USA 2007 Round-Up Part 1.)

  • I started cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 day in Bruce Schneier's keynote. Bruce's talk was interesting but plauged by audio problems (not his fault). Bruce reiterated his ideas of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 "security consumer" who asks "is it worth it?" when deciding whecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r or not to wear a bullet-proof vest when walking out his front door. Bruce seems to have changed his mind about cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 evils of "security cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ater," because he said "security is a feeling and a reality," and sometimes security cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ater is needed to right imbalances between cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 feeling and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 reality. This imbalance can come about when citizens watch television, which impairs cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir availability heuristic by making rare and catastrophic events seem common and personal.

    Bruce focused on psychology, stating people, on average, are risk-seeking when facing losses but risk-adverse when facing gains. In ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r words, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y are more likely to take a chance to avoid a loss than cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y are to take a chance to acquire a greater gain. Bruce published a paper describing his views at The Psychology of Security. Pay attention to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 five aspects of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 security trade-off.

  • Jim Hoaglund from Symantec presented my first technical talk of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 day. He described cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 new Windows Vista TCP/IP stack and emphasized cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 role of tunnels for IPv6. It's probably best just to read cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 papers behind cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 talk, namely Windows Vista Network Attack Surface Analysis (.pdf), The Teredo Protocol: Tunneling Past Network Security and Ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r Security Implications (.pdf), draft-ietf-v6ops-teredo-security-concerns , Microsoft's Objectives for IPv6, and Jim's blog post. Jim said "stacks are complex entities that take years to mature." Jim discussed stack vulnerabilities found in beta versions of Vista. I was very interested in hearing about cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 new fragmentation reassembly standard used in Vista, which differs from previous versions. (Hello trouble for IDS/IPS/etc, good news for stack fingerprinters.)

    Jim spent a lot of time talking about Teredo, documented in RFC 4380. Teredo is designed as an IPv6 transition mechanism "of last resort." I've documented my tests with Miredo, a Unix implementation. What struck me about Jim's comments were his revelation that Teredo was designed without visibility or control. This directly contradicts my idea of Security Application Instrumentation. Essentially, unless an inspection product analyzes every UDP packet, it is not possible to control Teredo. It is possible to "starve" Teredo traffic by blocking outbound to Teredo servers on UDP port 3544, but that is not a complete solution. Also, Jim claimed that in some cases Teredo "may be preferred even over native IPv4." He recommended that Teredo not be deployed on "managed networks," which is just about anywhere that matters.

  • Nick Harbour of MANDIANT discussed basic, intermediate, and advanced ways to hide malware. He talked about hook injection to hide malware in existing processes, library injection (cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 most common attack) via CreateProcessThread() to hide in libraries, and direct injection, where code is inserted directly into processes. He mentioned registry tricks like Image File Execution Options to launch malware as a "debugger" that calls a legitimate process. Nick said he would release Malvm and his Executable Toolkit on nickharbour.com soon.

  • I watched almost all of Gadi Evron's talk about cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Estonia "information war," but I felt like he took over an hour when probably 20 minutes would have sufficed.

  • One of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best talks on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 second day was delivered by Tom Ptacek and Eric Monti who described vulnerabilities and exposures in extrusion detection and related products. Because cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y could not name cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 products cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y had tested, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y profiled a "fake" product called PlugBoy. Basically, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se products are nearly worthless, except for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 value cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y deliver in demonstrations to executives and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 launch pad cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y provide for intruders. They focused on host-based systems instead of those that sit inline or offline.

    Tom and Eric said "evasion is a given." For example, you can trivially bypass cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir filters using any number of techniques at layers 3, 4, or higher. It could take as simple a technique as changed text in a word document to bold or adding a space between every character of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 document. The problem with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se products is that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y need to do some sort of file format decoding in order to have a prayer of making sense of a document's contents. Unfortunately, by introducing file format dissection decoding, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y are incredibly vulnerable (think of Wireshark's security history with protocol dissectors and recent file format fuzzing exploits.)

    Here's anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r problem with extrusion products on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 host: cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y tend to communicate what cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y find in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 clear to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir management platforms. (Zlib compression doesn't count as "encryption.") So, think of this: you have a product sitting between a remote SSL-enabled site, inspecting and grabbing sensitive content, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n retransmitting a subset of that content in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 clear to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 management server. Who designed this train wreck? Furcá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rmore, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se products tend to have application, service, and kernel components. This means you have a piece of code that by design has access to everything you consider sensitive sitting in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 kernel.

    Tom and Eric said this code is rife with vulnerabilities. They described how sending a malformed AIM packet would root cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 agent and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365refore cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 kernel and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365refore cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 box. Returning to agent to manager communications, this channel is unaucá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365nticated. This means anyone could spoof traffic or send traffic to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 management console. That content tends to be rendered in a Web application viewable by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 administrator. Now you can send traffic to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 management console (think XSS or ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r file rendering attacks) and own it.

    In case you didn't put all cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se steps togecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r, here cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y are: 1) Web browser with ED agent visits malicious Web site; 2) Web site attacks and owns ED agent; 3) Owned ED agent attacks ED manager; 4) Owned ED managed attacks and owns all ED agents on all hosts; Game Over.

    In brief, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 host-based ED products Eric and Tom reviewed are "latent botnets" in addition to all cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir potential violations of PCI and ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r regulations protecting data.

    I managed to briefly talk with Tom and Eric prior to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir presentation, which was cool. They reminded me I need to try cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir tools, like Black Bag, which is "Netcat on steroids."

  • I finished cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 day watching my friends Keith Jones and Rohyt Belani present three case studies on insider attacks. Keith talked about cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Duronio case. Rohyt described a wireless exploit at a retail company and a law firm document management system abused by an administrator.


I had cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following thoughts after watching cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se talks.

  • We cannot eliminate cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 probability of compromise of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 general Internet population. This is anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r way to say "prevention eventually fails." We can reduce cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 probability of compromise by applying costing countermeasures or drastically limiting exposure. You could think of this situation as cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 difference in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 lives between cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 President and his Secret Service vs Joe Sixpack. The President can try to venture outside if protected by agents, but Joe is a sitting duck. His best bet is to stay home if he feels threatened. This deserves more thought, so I will probably address it later. A digital equivalent is hiring a team to build your own special Web browser or using a text-based Web browser and living a more monastic life.

  • Modern countermeasures applied to reduce vulnerability and/or exposure in many cases increase both vulnerability and exposure. This is certainly cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 case with so many agents (see Matasano is Right About Agents.)

  • Developers continue to ignore history by reintroducing old vulnerabilities and exposures. Tom and Eric talked about how so many products ship old vulnerable versions of Gzip libraries, as one example.

  • As assets are increasingly managed, it becomes easier for intruders to exploit vulnerabilities in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m and assume management of those assets. Eric and Tom noted that monolithic agents are being placed on assets of all types for purposes of managing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m (if operating system homogeneity weren't enough of a problem). These agents are not coded to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 standards found in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 OS (props to Microsoft for getting its act togecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r in recent years). The problem with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se agents is that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y open a brittle window for takeover by malicious parties.

  • Firewalls are channel restriction products, not compromise prevention products. As cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 number of channels proliferates, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 firewall is increasingly irrelevant. Inspection products (which include detection and filtering devices) are caught in a quandry. Application-unaware (think content matching alone, maybe via regex) inspection and filtering systems are less able to understand content and counter attacks. Application and protocol awareness would seem to be cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 answer, but those dissectors are directly targted by intruders and are heavily vulnerable to protocol and file format attacks. (Previously cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 content inspectors were mainly vulnerable if cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir content-matching system [think regex library] had a flaw.) No one wins.


I'm really rushed here so I may revisit this post to fix a few thoughts. I will post my overall defensive recommendations in a future post.

Friday, September 08, 2006

IPv6 Only FreeBSD Scenario

Earlier this year I described running Miredo on FreeBSD to gain access to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 IPv6 Internet. Today I decided I would try to accomplish two goals. First, I would connect my FreeBSD gateway to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 IPv6 Internet using Hexago/Freenet6 through cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 net/tspc2 port (Tunnel Setup Protocol Client). Second, I would deploy an IPv6-only host behind my FreeBSD gateway, and have it speak only IPv6 to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 outside world.

I do not intend for this to be definitive by any means. Again, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se are more or less personal notes. If someone else finds cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m useful, great.

First I registered with Hexago. This is not strictly necessary since anonymous access is apparently allowed. After registering I received an email with a username (I specified) and a password (provided) that I would add to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Tsp client. (I decided to try Tspc instead of manually deploying a tunnel because I heard Tspc was just too easy.)

After installing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 net/tspc2 package, I literally added cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 information from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 email to my /usr/local/etc/tspc.conf and started tspc2 manually.

mwmicro:/root# tspc -vvv
tspc - Tunnel Setup Protocol Client v2.1.1
Initializing (use -h for help)


Connecting to server with reliable udp
Using TSP protocol version 2.0.0
Establishing connection with tunnel broker...
Getting capabilities from server
Connection established
Aucá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365nticating taosecurity
Using aucá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ntification mecanism DIGEST-MD5
Aucá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ntication success
Asking for a tunnel
sent: Content-length: 204


69.143.202.28

::



recv:
200 Success


64.86.88.116

2001:05c0:8fff:fffe:0000:0000:0000:5888



69.143.202.28

2001:05c0:8fff:fffe:0000:0000:0000:5889


2001:05c0:8fff:fffe:0000:0000:0000:5888






Processing response from server
sent: Content-length: 35


Got tunnel parameters from server, setting up local tunnel
keepalive interval: 30

Going daemon, check /var/log/tspc.log for tunnel creation status

So far so good. Next I checked my routing table.

mwmicro:/root# netstat -nr -f inet6
Routing tables

Internet6:
Destination Gateway Flags Netif Expire
default 2001:5c0:8fff:fffe::5888 UGS gif0
::1 ::1 UH lo0
2001:5c0:8fff:fffe::5888 link#9 UHL gif0
2001:5c0:8fff:fffe::5889 link#9 UHL lo0
fe80::%sf1/64 link#3 UC sf1
fe80::200:d1ff:feed:8c72%sf1 00:00:d1:ed:8c:72 UHL lo0
fe80::%sf2/64 link#4 UC sf2
fe80::200:d1ff:feed:8c73%sf2 00:00:d1:ed:8c:73 UHL lo0
fe80::%fxp0/64 link#6 UC fxp0
fe80::202:b3ff:fe0a:cd5e%fxp0 00:02:b3:0a:cd:5e UHL lo0
fe80::%lo0/64 fe80::1%lo0 U lo0
fe80::1%lo0 fe80::1%lo0 UHL lo0
fe80::%gif0/64 link#9 UC gif0
fe80::204:e2ff:fe29:4c3c%gif0 link#9 UHL lo0
ff01:3::/32 link#3 UC sf1
ff01:4::/32 link#4 UC sf2
ff01:6::/32 link#6 UC fxp0
ff01:8::/32 ::1 UC lo0
ff01:9::/32 link#9 UC gif0
ff02::%sf1/32 link#3 UC sf1
ff02::%sf2/32 link#4 UC sf2
ff02::%fxp0/32 link#6 UC fxp0
ff02::%lo0/32 ::1 UC lo0
ff02::%gif0/32 link#9 UC gif0

There's a lot of routes here, automatically created. This will be an issue for understanding IPv6 in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 future. For now I was interested in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 entries with gif0, for those represent cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 new tunnel.

mwmicro:/root# ifconfig gif0
gif0: flags=8051 mtu 1280
tunnel inet 69.143.202.28 --> 64.86.88.116
inet6 2001:5c0:8fff:fffe::5889 --> 2001:5c0:8fff:fffe::5888 prefixlen 128
inet6 fe80::204:e2ff:fe29:4c3c%gif0 prefixlen 64 scopeid 0x9

I decided to see if I could ping6 cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r end of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 tunnel.

mwmicro:/root# ping6 2001:5c0:8fff:fffe::5888
PING6(56=40+8+8 bytes) 2001:5c0:8fff:fffe::5889 --> 2001:5c0:8fff:fffe::5888
16 bytes from 2001:5c0:8fff:fffe::5888, icmp_seq=0 hlim=64 time=26.540 ms

I could also ping6 an IPv6 host.

mwmicro:/root# ping6 www.6bone.net
PING6(56=40+8+8 bytes) 2001:5c0:8fff:fffe::5889 --> 2001:5c0:0:2::24
16 bytes from 2001:5c0:0:2::24, icmp_seq=0 hlim=61 time=32.894 ms

Note that I used IPv4 to resolve www.6bone.net:

21:05:41.961734 IP 69.143.202.28.61517 > 68.87.73.242.53: 59311+ AAAA? www.6bone.net. (31)
21:05:42.053465 IP 68.87.73.242.53 > 69.143.202.28.61517: 59311 2/0/0 CNAME 6bone.net., (73)

I wondered how I could resolve IPs using an IPv6-speaking DNS server. I hunted high and low for one that would respond to my queries. Finally someone in #ipv6 on Freenode mentioned that NetBSD's resolver pointed by default to 2001:240::1. Could I use that?

mwmicro:/root# host 2001:240::1
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. 0.0.0.0.0.4.2.0.1.0.0.2.ip6.arpa
domain name pointer ns9.iij.ad.jp.

2001:240::1 is ns9.iij.ad.jp. Count on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Japanese to have a working IPv6 system! Now will it resolve IPs?

mwmicro:/root# host www.6bone.net 2001:240::1
Using domain server:
Name: 2001:240::1
Address: 2001:240::1#53
Aliases:

www.6bone.net is an alias for 6bone.net.
6bone.net has address 206.162.147.152
Using domain server:
Name: 2001:240::1
Address: 2001:240::1#53
Aliases:

www.6bone.net is an alias for 6bone.net.
6bone.net has IPv6 address 2001:5c0:0:2::24
Using domain server:
Name: 2001:240::1
Address: 2001:240::1#53
Aliases:

www.6bone.net is an alias for 6bone.net.
6bone.net mail is handled by 10 quark.isi.edu.
6bone.net mail is handled by 20 darkstar.isi.edu.
6bone.net mail is handled by 0 venera.isi.edu.

Bingo. By cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 way, if you can suggest alternative IPv6 DNS servers, please leave a comment.

At this point I accomplished my first goal. On to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 second. To get cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 gateway to work as an IPv6 gateway, I added cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following to /usr/local/etc/tspc.conf:

#---------------------
# Router configuration
#
# In order to configure cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 machine as a router, a prefix must be requested
# and an interface must be specified. The prefix will be advertised
# through that interface.
#
# host_type=host|router
# default = host.
host_type=router

#
# prefixlen specifies cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 required prefix length for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 TSP client
# network. Valid values are 64 or 48. 64 is for one link. 48 is for
# a whole enterprise network (65K links).
prefixlen=48

#
# if_prefix is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 name of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 OS interface that will be configured
# with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 first /64 of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 received prefix from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 broker and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365
# router advertisement daemon is started to advertise that prefix
# on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 if_prefix interface.
if_prefix=sf3

Note sf3 is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 internal interface, i.e., cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 one facing away from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Internet.

mwmicro:/root# ifconfig sf3
sf3: flags=8843mtu 1500
inet6 fe80::200:d1ff:feed:8c74%sf3 prefixlen 64 scopeid 0x5
inet6 2001:5c0:925d::1 prefixlen 64
ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r 00:00:d1:ed:8c:74
media: Ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rnet autoselect (10baseT/UTP)
status: active


I also added cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se entries to /etc/rc.conf on my gateway:

ipv6_enable="YES"
ipv6_gateway_enable="YES"
rtadvd_enable="YES"
rtadvd_interfaces="sf3"
tspc2_enable="YES"

I next built a new FreeBSD host (on a P200 with 32 MB RAM, no less). The box did not have a working CD-ROM, so I had to use boot floppies. I found no easy way to do an IPv6-only network install, so I assigned a temporary IPv4 address for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 network installation.

After installing FreeBSD, I rebooted cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 p200 system and removed cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 IPv4 address. Now my interface looked like this:

p200:/home/richard$ ifconfig dc0
dc0: flags=8843 mtu 1500
options=8
inet6 fe80::204:5aff:fe79:43a7%dc0 prefixlen 64 scopeid 0x1
inet6 2001:5c0:925d:0:204:5aff:fe79:43a7 prefixlen 64 autoconf
ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r 00:04:5a:79:43:a7
media: Ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rnet autoselect (10baseT/UTP)
status: active

My routing tables on p200 looked like this:

p200:/home/richard$ netstat -nr -f inet6
Routing tables

Internet6:
Destination Gateway Flags Netif Expire
::/96 ::1 UGRS lo0 =>
default fe80::200:d1ff:feed:8c74%dc0 UG dc0
::1 ::1 UH lo0
::ffff:0.0.0.0/96 ::1 UGRS lo0
2001:5c0:925d::/64 link#1 UC dc0
2001:5c0:925d::1 00:00:d1:ed:8c:74 UHLW dc0
2001:5c0:925d:0:204:5aff:fe79:43a7 00:04:5a:79:43:a7 UHL lo0
fe80::/10 ::1 UGRS lo0
fe80::%dc0/64 link#1 UC dc0
fe80::200:d1ff:feed:8c74%dc0 00:00:d1:ed:8c:74 UHLW dc0
fe80::204:5aff:fe79:43a7%dc0 00:04:5a:79:43:a7 UHL lo0
fe80::%lo0/64 fe80::1%lo0 U lo0
fe80::1%lo0 fe80::1%lo0 UHL lo0
ff01:1::/32 link#1 UC dc0
ff01:3::/32 ::1 UC lo0
ff02::/16 ::1 UGRS lo0
ff02::%dc0/32 link#1 UC dc0
ff02::%lo0/32 ::1 UC lo0

I achieved setting a default route manually with

route add -inet6 2000::/3 2001:5c0:925d::1

where 2001:5c0:925d::1 is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 IPv6 address of my gateway (remember cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 output for interface sf3 earlier).

I configured p200's /etc/rc.conf like so:

hostname="p200.taosecurity.com"
ipv6_enable="YES"
ipv6_defaultrouter="2001:5c0:925d::1"
sshd_enable="YES"

From my gateway, I could now reach p200 using eicá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r of its IPv6 addresses (local or global):

mwmicro:/root# ping6 -c 1 fe80::204:5aff:fe79:43a7%sf3
PING6(56=40+8+8 bytes) fe80::200:d1ff:feed:8c74%sf3 --> fe80::204:5aff:fe79:43a7%sf3
16 bytes from fe80::204:5aff:fe79:43a7%sf3, icmp_seq=0 hlim=64 time=1.184 ms

--- fe80::204:5aff:fe79:43a7%sf3 ping6 statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 1.184/1.184/1.184/0.000 ms

Note using cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 above local method requires specifying an interface (%sf3) out of which cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ICMP6 echo is sent.

mwmicro:/root# ping6 -c 1 2001:5c0:925d:0:204:5aff:fe79:43a7
PING6(56=40+8+8 bytes) 2001:5c0:925d::1 --> 2001:5c0:925d:0:204:5aff:fe79:43a7
16 bytes from 2001:5c0:925d:0:204:5aff:fe79:43a7, icmp_seq=0 hlim=64 time=1.205 ms

--- 2001:5c0:925d:0:204:5aff:fe79:43a7 ping6 statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 1.205/1.205/1.205/0.000 ms

The ping to 2001:5c0:925d:0:204:5aff:fe79:43a7 does not require cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same interface specification.

After I connected via SSH from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 gateway to p200, i.e.

mwmicro:/root# ssh richard@2001:5c0:925d:0:204:5aff:fe79:43a7

I was able to perform IPv6-only actions from p200. For example:

p200:/home/richard$ ping6 -c 1 www.6bone.net
PING6(56=40+8+8 bytes) 2001:5c0:925d:0:204:5aff:fe79:43a7 --> 2001:5c0:0:2::24
16 bytes from 2001:5c0:0:2::24, icmp_seq=0 hlim=60 time=29.471 ms

--- 6bone.net ping6 statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 29.471/29.471/29.471/0.000 ms

Here is what cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 traffic looked like between p200 and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 gateway:

21:24:56.729796 IP6 2001:5c0:925d:0:204:5aff:fe79:43a7.49166 > 2001:240::1.53:
39700+ AAAA? www.6bone.net. (31)
21:24:57.188971 IP6 2001:240::1.53 > 2001:5c0:925d:0:204:5aff:fe79:43a7.49166:
39700 2/2/2[|domain]
21:24:57.193397 IP6 2001:5c0:925d:0:204:5aff:fe79:43a7 > 2001:5c0:0:2::24:
ICMP6, echo request, seq 0, length 16
21:24:57.222194 IP6 2001:5c0:0:2::24 > 2001:5c0:925d:0:204:5aff:fe79:43a7:
ICMP6, echo reply, seq 0, length 16

I also caught neighbor soliciation and advertisements between cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 two hosts.

21:24:59.309014 IP6 2001:5c0:925d:0:204:5aff:fe79:43a7 > 2001:5c0:925d::1:
ICMP6, neighbor solicitation, who has 2001:5c0:925d::1, length 32
21:24:59.309325 IP6 2001:5c0:925d::1 > 2001:5c0:925d:0:204:5aff:fe79:43a7:
ICMP6, neighbor advertisment, tgt is 2001:5c0:925d::1, length 24
21:25:01.728706 IP6 fe80::204:5aff:fe79:43a7 > fe80::200:d1ff:feed:8c74:
ICMP6, neighbor solicitation, who has fe80::200:d1ff:feed:8c74, length 32
21:25:01.729104 IP6 fe80::200:d1ff:feed:8c74 > fe80::204:5aff:fe79:43a7:
ICMP6, neighbor advertisment, tgt is fe80::200:d1ff:feed:8c74, length 24

How cool is this -- public IPv6 NTP servers:

p200:/root# ntpdate ntp6.space.net
8 Sep 21:28:49 ntpdate[599]: adjust time server 2001:608::1000:1 offset -0.045629 sec

Here is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 traffic.

21:28:47.456604 IP6 2001:5c0:925d:0:204:5aff:fe79:43a7.49168 > 2001:240::1.53:
36503+ A? ntp6.space.net. (32)
21:28:48.240130 IP6 2001:5c0:925d:0:204:5aff:fe79:43a7 > 2001:5c0:925d::1:
ICMP6, neighbor solicitation, who has 2001:5c0:925d::1, length 32
21:28:48.240433 IP6 2001:5c0:925d::1 > 2001:5c0:925d:0:204:5aff:fe79:43a7:
ICMP6, neighbor advertisment, tgt is 2001:5c0:925d::1, length 24
21:28:48.280169 IP6 2001:240::1.53 > 2001:5c0:925d:0:204:5aff:fe79:43a7.49168:
36503 2/3/0[|domain]
21:28:48.281557 IP6 2001:5c0:925d:0:204:5aff:fe79:43a7.49169 > 2001:240::1.53:
36504+ AAAA? ntp6.space.net. (32)
21:28:48.847565 IP6 2001:240::1.53 > 2001:5c0:925d:0:204:5aff:fe79:43a7.49169:
36504 2/3/0[|domain]
21:28:48.972514 IP6 2001:5c0:925d:0:204:5aff:fe79:43a7.123 > 2001:608::1000:1.123:
NTPv4, Client, length 48
21:28:49.115271 IP6 2001:608::1000:1.123 > 2001:5c0:925d:0:204:5aff:fe79:43a7.123:
NTPv4, Server, length 48

Even FTP works.

p200:/root# ftp ftp.freebsd.org
Trying 2001:4f8:0:2::e...
Connected to ftp.freebsd.org.
220 Welcome to freebsd.isc.org.
Name (ftp.freebsd.org:richard): ftp
331 Please specify cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 password.
Password:
230-
230-You have reached cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 freebsd.isc.org FTP server, serving cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365
230-full FreeBSD FTP archive over IPv4 (204.152.184.73) and IPv6
230-(2001:4f8:0:2::e) networks. This server is also known as:

I think cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 key to understanding IPv6 is to start running deployments like this and watching traffic. I'm remembering that's how I started learning IPv4 in September 1998.

I welcome any constructive tips!