Letters

Hacking Contest on a Live CD

I made something recently that you might find interesting: a hacking contest embedded on an ultra-light live CD (less than 30MB).

Just pop the ISO in VirtualBox or your favorite virtualization tool, and enjoy (ahem, struggle?) crunching through the levels. See the following links:

I hope you like it!

—
Janos

I really love the idea of a bootable ISO with a built-in hacking contest. However, it really made me realize just how terrible I am at hacking! I don't want to mention exactly how sad my hacking skills are, but let's just say I don't know what it looks like when you get past the first level.—Shawn Powers

IPv6

We asked readers to write in and let us know whether they are using IPv6, and if so, what they do with it. Read on to see what they had to say.

Thomas2:

For one, I did the IPv6 certificate with Hurricane Electric, and you need one running. You also get a very geeky T-shirt when you succeed. I am (one of many hats) a network admin and want to stay up to date. I actually had to use IPv6 at work once, just for a PoC. This was just a local internal setup. At home, I have a permanent IPv6 setup via Hurricane Electric tunnel. I also had IPv6 a while ago on my server on the Internet, but I moved and didn't get a chance to set it up again. My hoster provides IPv6 via a tunnel (tunnel endpoint on their end), so I do send e-mail right now via IPv6.

Unfortunately, my ISP does not support IPv6 natively. I am in the UK, and native IPv6 is very, very rare here (there is one provider, but for businesses). So, I am running a tunnel with HE, and it works just fine.

Even though I am “certified” IPv6 with Hurricane Electric and do have some experience, it still is different in an enterprise. It is new, and people need to get to know it first. I have found that there are a lot of misunderstandings about IPv6. I like it though, and with my /48 and /64 address ranges, I have enough IP addresses, which is good—you can have never enough.

I wish I could deploy/migrate an IPv6 network in an enterprise soon—I really would love that.

Sending e-mail via IPv6 counts as something more than, “just to see if I can do it”—thanks!—Shawn Powers

Scott Gilbert:

All of my hosted VPSes have native IPv6. On some of them, I've removed the IPv4 addresses, so they are only accessible via IPv6.

Alas, at home, my ISP (US/Texas) does not provide IPv6, so I use a tunnel from he.net to my router (running OpenWRT). When I set this up two or three years ago, I was really disappointed in the level of IPv6 support from consumer wireless routers. It looks like things have improved somewhat since then, but v6 support still seems like an afterthought for most products.

What do I use it for? Well, everything that traditionally used IPv4, of course! (SSH, HTTP, IMAP, SMTP, BT and so on.)

As I see it, we will all migrate to IPv6 eventually (although I expect v4 and v6 will coexist for a very long time), so why not start using IPv6 now and start reaping the benefits of IPv6 as soon as possible? While working with IPv6 feels very foreign at first, one quickly finds that it is just much easier to manage than IPv4 (using v6, subnetting is trivial, there are plenty of available addresses in even a “small” /96 network, there's no need for NAT, and so on).

Scott, I think having your VPSes on both IPv4 and IPv6 (for Web sites and such) will be the key to an eventual migration. Unfortunately, since NATing works so well now, the stress over running out of IPv4 addresses has lessened. I think we'll see a hybrid world for a very long time.—Shawn Powers

Rob Hooft:

I'm in The Netherlands, and I'm using IPv6 where possible. xs4all gave me a static /48 net, which gives me enough address space to fill my whole house with 400 m3 of sand and address each of the grains individually.

At work, I am trying to convince people that all services should be hosted on both address spaces, but some hosters really make this unnecessarily complicated.

Rob, keep pushing! Until there's a saturation of services hosted on parallel address spaces, I don't think the migration will really go anywhere.—Shawn Powers

Sander Steffann:

I have been using IPv6 for almost ten years now. I was responsible for the technical department of a small ISP in The Netherlands that I cofounded, and I implemented IPv6 everywhere as soon as I could. The routers, firewalls, DNS servers, mail servers and the ISP's own Web servers all have IPv6. I left the ISP five years ago, and I am now a freelance consultant specializing in IPv6. I also run my own LISP (RFC6830)-based ISP, which, of course, has full IPv6 support. I helped several ISPs implement IPv6 in their back-bones, data centers and access (DSL, fiber) networks, did some IPv6 consultancy for a Dutch bank, and I am giving regular IPv6 training courses in the Middle East.

What do I do with it? Use the Internet. Seriously—using IPv6 should be invisible. It just works, behind the scenes. IPv6 is not something you consciously use. It is the technology that lets us keep and increase the flexibility that the Internet gives us today.

IPv4 addresses have run out. The last IPv4 addresses are in the distribution chain and are being handed out to users. Some parts of the world, like the US, still have some IPv4 addresses in their Regional Internet Registry (in the US that is ARIN). They distribute the right to use blocks of IP addresses to ISPs and companies, until they run out. ARIN is expected to run out approximately one year from now. In other parts of the world, the RIRs already have run out, and the last IPv4 addresses are being used by ISPs. Enterprises in those regions cannot get their own provider-independent IPv4 addresses anymore.

Because of the shortage of IPv4 addresses, it won't be possible to give every connected subscriber his or her own IPv4 address anymore. IPv4 addresses have to be shared. That means that connected subscribers lose control over their Internet connections. Certain applications (mostly VPNs to the office) will not work properly. Running your own servers for Web, mail and other applications will become impossible and so forth. For on-line applications (like banking), it will become almost impossible to distinguish between different subscribers based on their IPv4 address, so if one subscriber tries to attack the on-line service they will have no choice but to block all subscribers sharing the same IPv4 address—and that could be hundreds or thousands of subscribers.

IPv6 provides enough addresses to give all users more than they will ever need. This sounds like a “640K ought to be enough for anybody” statement, until you do the math. Every LAN in IPv6 gets 2⁶⁴ = 18,446,744,073,709,551,616 addresses, and every subscriber gets a block big enough for multiple LANs (in Europe usually 65,536 subnets per subscriber, sometimes residential subscribers get only 256 subnets). Using IPv6 means that we don't do address-sharing tricks; subscribers keep full control over their Internet connection, and security can be as fine-grained (or even better) than it is today.

As far as whether my ISP supports it natively, it's as native as you can get with LISP.

Sander, you're absolutely correct that using IPv6 should be seamless. I think we're at the place now that IPv6 should be provided to everyone by all ISPs, so that the transition/migration can happen. I hope that is soon!—Shawn Powers

Anonymous:

My ISP is Internode in Australia, and it offers a /64 static IPv6 natively. Obviously, I use it whenever a server I connect to offers an IPv6 address. My VPS provider (Reliable Hosting) and dedicated server provider (Wholesale Internet, Inc.) both offer IPv6 on their servers.

Jonathan Guthrie:

I've had my networks on IPv6 for a long time now, as my original tunnel to the 6bone was over my Sprint T1—that was like 15 years ago. I originally connected to the 6bone to learn how this IPv6 stuff worked, and I'm still waiting for the rest of the world to figure out it's useful. My tunnel now is through he.net, because it's the best solution I could find. (I have Comcast business-class as my provider now, and it swears that it'll roll out native IPv6 “real soon now”.) My VPS provider was chosen specifically because it offered native IPv6, among other criteria.

What I do with it is, well, stuff. All my computers have IPv6 addresses, and I SSH to and from them, do Web stuff and whatnot. Mr Graber's experience notwithstanding [see below], there seems to be a vanishingly small number of sites that are available over IPv6 and a vanishingly small number of people using IPv6, most of which (at least in my Apache logs) appear to be running Mac OS X. The last time I looked, about a year ago, I was getting about one IPv6 connection every other month, while my normal traffic is maybe 200–300 IPv4 connections a day (that's after filtering out my home addresses, of course).

Perhaps answering this survey will change that. Perhaps not. I'll keep an eye on my logs.

One thing that I find interesting is that my Verizon 4G service is often IPv6. When the 4G works, that is.

I have a similar business account with an ISP, and I'm expecting IPv6 “real soon now” too. I didn't know about Verizon 4G/IPv6—that's fascinating!—Shawn Powers

Peter Nunn:

I'm using it at my home office, and my ISP, Internode, is one of the very few in oz to offer it natively.

I intend to use it to access my servers running in my network from outside, but I have to say that so far I've struggled to find an IPv6 connection anywhere else even to see if I can get back in.

Aaron Ogle:

I use IPv6 to access IPv6 Interwebs. My VPSes have IPv6, so I can set a different address for each service and so on. Being allocated a /64 and having that many routable addresses is a no-brainer. Supposedly IPv6 is coming to crapcast. I have yet to see it.

Kevin Otte:

I have an ASUS N66R router that has firmware based on DD-WRT. I have a Hurricane Electric IPv6 tunnel set up through it. It's very handy to be able to have a publicly accessible IPv6 address for every device. I am having to beef up on iptables in my firewall box though.

My home ISP does not yet have IPv6 support. It gave me the “We have enough IPv4, so we don't care” line. This made me sad. My VPS provider does offer IPv6, which has come in very handy for VPN access from places that don't.

I am testing the IPv6 on everything I can get my hands on—I've got to do it early to avoid the panic when IPv4 fully exhausts and the laggards finally freak out.

My main focus of late has been trying to get the word out. Here's a little bit about those efforts: teamarin.net/2013/05/29/the-internet-its-not-commodity-its-community-guest-blog.

I share in the disappointment that LJ.com isn't reachable over IPv6. I see from the BGP announcements that the data center is advertising a v6 prefix. Perhaps y'all would like a hand?

Although many of us are sysadmins in our day jobs, the magazine and Web site are clients in the hosting world along with every other business. It will be pretty cool if we can work with our hosting provider(s) to get native IPv6 going, but as you note, we haven't started that process yet.—Shawn Powers

Thomas Schafer:

I am using IPv6 to have Internet. As far as whether my ISP supports it natively, it depends on the situation. At work, yes—Leibniz Supercomputing Centre supports native IPv6. At home, in theory, the Deutsche Telekom could give IPv6 addresses, but in practice, I am still forced to use a tunnel broker. On the way: I am a lucky UMTS/IPV6-tester—native IPv6 (with NAT64).

Stephane Graber:

Not too surprisingly as the networking guy for Ubuntu, I've been using IPv6 for years now. My home ISP (teksavvy) supports it natively. I have separate IPv4 and IPv6 PPP sessions with a /29 IPv4 subnet and a /56 IPv6 subnet statically assigned to me.

During a normal month, IPv6 typically represents 75% of my traffic (around 800GB), although that's mostly explained because of backups of other IPv6-capable machines and because of Google who's been supporting IPv6 on all its services for a while now.

I've occasionally had issues with my IPv4 connectivity ending up in a few hours of surfing in the IPv6-only world, which is surprisingly usable so long as you mostly use Google, Wikipedia and things like the Debian servers that are all dual-stack.

I also have native IPv6 for my hosted server in Germany (hetzner), so all my server services are dual-stack.

For some other networks I managed (family setup) where native IPv6 isn't available yet, I'm using HE.net IPv6 tunnels. Those are very reliable, free and often provide a shorter (number of hops and latency) path between two hosts than going through the standard IPv4 route.

So in short, I've got IPv6 everywhere and try to make sure I never put something new on-line that's not IPv6-capable and that I port or retire anything that's already on-line and that's IPv4-only.

There are a few things that people will need to get used to to get good IPv6 connectivity though, like making sure ICMP packets aren't blocked in or out and that the MTU/PMTU is set properly on all machines. But that's really where most of the pain has been for me. The rest tends to just work. Now it's just a matter of waiting for the rest of the world to catch up!

PS: When will we have www.linuxjournal.com on IPv6?

Stephane, it's awesome to hear how much you're able to use IPv6 on a daily basis! Hopefully we'll be able to get our Web site on IPv6 soon. We'll be an interesting litmus test, as Linux Journal is staffed by brilliant folks, but is hosted just like any other company. Once it's easy for a nerdy company like us to provide IPv6 connectivity, other companies should be able to follow fairly quickly! (PS: On a personal note, thank you for all you've done for LTSP over the years—I was one of the sysadmins in the trenches for years making LTSP work for students, and you're one of my heroes!)—Shawn Powers

Tiny Tina:

I've been a longtime user of IPv6 via Hurricane Electric's TunnelBroker.net. I use multiple subnets (from a /48) for my internal networks. Unfortunately, my ISP (Suddenlink) is still in the testing phase and has not yet rolled out native dual-stack. My previous ISP (Comcast) supported IPv6 natively, and it was enjoyable.

Tiny Tina, it's interesting that Comcast provided you native IPv6. I recently had it as an ISP and was told very clearly IPv6 was not available. Perhaps it's a regional thing.—Shawn Powers

Photo of the Month

This Web server was retired last year. In the picture is a Dell Precision based on PIII running Red Hat. It hosted several Web sites at the Texas A&M University for years, and has been replaced by a new server-grade Dell running Ubuntu 12.04 LTS.

—
Tomo Popovic