{"id":1528,"date":"2019-01-21T18:02:54","date_gmt":"2019-01-21T18:02:54","guid":{"rendered":"http:\/\/control-h.org\/wordpress\/?p=1528"},"modified":"2019-01-21T18:02:54","modified_gmt":"2019-01-21T18:02:54","slug":"five-2","status":"publish","type":"post","link":"https:\/\/control-h.org\/index.php\/2019\/01\/21\/five-2\/","title":{"rendered":"Five"},"content":{"rendered":"\n<p>I went in to <a rel=\"noreferrer noopener\" aria-label=\"this one (opens in a new tab)\" href=\"https:\/\/www.shmoocon.org\/speakers\/#666\" target=\"_blank\">this one<\/a> with a fair amount of skepticism.  My worries were more than verified.<\/p>\n\n\n\n<p>IPv6 isn&#8217;t insecure because <strong>you<\/strong> don&#8217;t understand it, and your antiquated tools don&#8217;t work with it.<\/p>\n\n\n\n<p>ZOMG, there&#8217;s a separate deprecated Linux firewall tool for dealing with IPv6!!1!<\/p>\n\n\n\n<p>So write rulesets that deal with that difference.<\/p>\n\n\n\n<p>WTF, my segment scanning tools don&#8217;t work the same way they do with the one-true-IP &#8482;.<\/p>\n\n\n\n<p>The v4 network stack was introduced in the Nixon Administration.  My parents, half of whom are now dead, weren&#8217;t even married.  <\/p>\n\n\n\n<p>YHGTBFKM;  you can alias almost any address.<\/p>\n\n\n\n<p>Really.<\/p>\n\n\n\n<p>One of the guys actually tried articulating that PAT (probably not NAT, guy.  Maybe if you&#8217;d paid any attention in your networking classes, you&#8217;d know that).<\/p>\n\n\n\n<p>What PAT does do is allow you to effectively wall-off your enclave to &#8220;protect&#8221; the assets inside it.  You can do the same thing with a v6 netblock, too.  One of the things I frequently listen to is very concerned about the &#8220;5G revolution,&#8221; and how it might allow the Chinese to control everything inside the US.  Um, no.  Any network security guy who&#8217;s paying attention can block things going out just as easily as he blocks things coming in.<\/p>\n\n\n\n<p>I guess my message is:  learn how to track things other than IPv4, and write your filtering rules on traffic both ways.<\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>I went in to this one with a fair amount of skepticism. My worries were more than verified. IPv6 isn&#8217;t insecure because you don&#8217;t understand it, and your antiquated tools don&#8217;t work with it. ZOMG, there&#8217;s a separate deprecated Linux firewall tool for dealing with IPv6!!1! So write rulesets that deal with that difference. WTF, [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[21,31],"class_list":["post-1528","post","type-post","status-publish","format-standard","hentry","category-shmoocon","tag-ipv6","tag-shmoocon"],"_links":{"self":[{"href":"https:\/\/control-h.org\/index.php\/wp-json\/wp\/v2\/posts\/1528","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/control-h.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/control-h.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/control-h.org\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/control-h.org\/index.php\/wp-json\/wp\/v2\/comments?post=1528"}],"version-history":[{"count":0,"href":"https:\/\/control-h.org\/index.php\/wp-json\/wp\/v2\/posts\/1528\/revisions"}],"wp:attachment":[{"href":"https:\/\/control-h.org\/index.php\/wp-json\/wp\/v2\/media?parent=1528"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/control-h.org\/index.php\/wp-json\/wp\/v2\/categories?post=1528"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/control-h.org\/index.php\/wp-json\/wp\/v2\/tags?post=1528"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}