110 likes | 248 Views
Krakow Workshop Extra Exercises. Carlos Fria ças , FCCN cfriacas@fccn.pt Luc De Ghein , CISCO ldeghein@cisco.com. IPv6 workshop Krakow May 2012. Addressing #1. Verify the existence of IPv6 in own laptops/devices Verify existing IPv6 addresses, with: « ipconfig » (Windows)
E N D
Krakow Workshop Extra Exercises Carlos Friaças, FCCN cfriacas@fccn.pt Luc De Ghein, CISCO ldeghein@cisco.com IPv6 workshop Krakow May 2012
Addressing #1 Verify the existence of IPv6 in own laptops/devices • Verify existing IPv6 addresses, with: • «ipconfig» (Windows) • «ifconfig» (Linux) • Identify default gateway(s) IPv6, if they are available, using: • «ipconfig» (Windows) • «route –A inet6» (Linux) Goal: Identify IPv6 inside an operating system
Addressing #2 IPv6 Address Syntax Check (Yes/No) • 2001:DB8::15 • 2001:6GA:8000:4000:2000:1000:1:2 • 2002:C189:36:78A::2 • 2A01:498:5555:7I99:2345:0911:1122:909 • 2003:4000:AAAA:CAFE:7:6:8 • AAAA:BBBB:0000:2001:192:168:0000:1 • 2004:BFA:3999::1FFF::2:3 • 2600::4444 • FE80::213:C4FF:FED2:E619 • 2A01::3333:OOOO:F Goal: Discuss IPv6 address syntax rules
Addressing #3 Using the WHOIS tool on the trainer’s linux server, find out which organizations own the following IPv6 address blocks: • 2001:420::/32 • 2001:4D0::/32 • 2A01:1000::/21 • 2A00:1450::/32 • 2A02:26F0::/32 Syntax: /usr/bin/whois –h whois.<RIR>.net<NETWORK> RIRs = {RIPE|ARIN|APNIC|LACNIC|AFRINIC} Goal: Identify IPv6 address space owners note: some databases don’t accept«/32»
DNS #1 Using the DIG tool (login to the trainer’s linux server, using SSH), check which domains are supported in IPv6-enabled nameservers(look for NS – nameserver - records): cnn.com nobelprize.org google.comtwitter.com facebook.comamazon.com wikipedia.org nasa.gov 6deploy.eu apple.com afrinic.net microsoft.com Syntax: dig @resolver <domain> NS Goal: Check reachability of domains from the IPv6 Internet
DNS #2 From the 27 EU countries, how many have their national domain (ccTLD) supported at least by one IPv6 reachable nameserver? • AT, BE, BG, CY, CZ, DE, DK, EE, ES, FI, FR, GR, HU, IE, IT, MT, LT, LU, LV, NL, PL, PT, RO, SE, SI, SK, UK Syntax: dig <cctld> ns Goal: Check if a given domain is being supported by an IPv6 compatible DNS nameserver.
DNS #3 Measure with the dig tool, from your group’s server, the query time of the root zone nameservers, over IPv4 and IPv6: Syntax: • dig -4 @[A-M].root-servers.net . soa • dig -6 @[A-M].root-servers.net . soa Goal: Analyze and compare the query time (IPv4/IPv6) of DNS nameservers
Management #1 Use a SSH client to establish a remote session over IPv6 on the trainer’s linux server • Check the address of the connection’s originating system, through: • «/usr/bin/who am i» Goal: Check the origin of a SSH connection established over IPv6
Management #2 Retrieve management info from equipments (routers) through the «6deployinfo» community, and the snmpget command • <community>: 6deployinfo • <ipv6 address>: 2001:DB8:1F00:1::1 and 2001:DB8:1F00:1::2 • <object>: sysDescr.0 and sysName.0 Syntax: snmpget–v 2c –c <community> udp6:[ipv6 address] <object> Goal: Check that it’s possible to obtain management information through IPv6.
Security #1 Use NMAP tool (nmap.org) • Analyze ports/services opened both on IPv4 and IPv6 on the trainer’s Linux server Using Localhostaddresses: nmap 127.0.0.1 nmap -6 ::1 Using Global addresses: (find addresses with ifconfig) nmap <ipv4_address> nmap -6 <ipv6_address> Goal: Diagnose open ports, able to receive connections on a system