Monthly Archives: November 2014

IPV6 Router configurations

First enable the protocol and assign IPv6 addresses to your interfaces

Router(config)# ipv6 unicast-routing
Router(config)# interface type [slot_#/]port_#
Router(config-if)# ipv6 address ipv6_address_prefix/prefix_length [eui-64]

just add an address to the interface use
interface configuration command ipv6 address <ipv6prefix>/ <prefix-length > [eui-64

Router(config)# interface fastethernet0/0
Router(config-if)# ipv6 address 2001:1cc1:dddd:2::/64 eui-64
Router(config-if)# end
Router# show ipv6 interface fastethernet0/0
FastEthernet0/0 is administratively down, line protocol is down
IPv6 is enabled, link-local address is FE80::207:EFF:FE46:4070
[TEN]
No Virtual link-local address(es):
Global unicast address(es):
2001:1CC1:DDDD:2:207:EFF:FE46:4070, subnet is
2001:1CC1:DDDD:2::/64 [EUI/TEN]
Joined group address(es):
FF02::1
FF02::2

To set up a static DNS resolution table on the router
Router(config)# ipv6 host hostname [port_#] ipv6_address1 [ipv6_address2…]
Router(config)# ip name-server DNS_server_IPv6_address

Enabling RIP
Router(config)# ipv6 router rip tag

ipv6 rip tag enable command
Router(config)# interface type [slot_#/]port_#
Router(config-if)# ipv6 rip tag enable

show ipv6 rip command
Router# show ipv6 rip
RIP process “RIPPROC1”, port 521, multicast-group FF02::9,
pid 187
Administrative distance is 120. Maximum paths is 16
Updates every 30 seconds, expire after 180
Holddown lasts 0 seconds, garbage collect after 120
Split horizon is on; poison reverse is off
Default routes are not generated
Periodic updates 2, trigger updates 0
Interfaces:
FastEthernet0/0
Redistribution:
None

EIGRPv6
Router1(config)#ipv6 router eigrp 12
Router1(config-rtr)#no shutdown
Router1(config-if)#ipv6 eigrp 12

OSPFv3
Router1(config)#ipv6 router osfp 10
Router1(config-rtr)#router-id 1.1.1.1
Router1(config-if)#ipv6 ospf 10 area 0.0.0.0

What is IPV6
https://teckadmin.wordpress.com/2014/11/23/what-is-ipv6-address/

How to configure in windows
https://teckadmin.wordpress.com/2014/11/23/how-to-configure-ipv6-in-windows/

How to configure in Linux
https://teckadmin.wordpress.com/2014/11/23/ipv6-static-address-configuration-for-linux/

IPv6 static address configuration for linux

By default, most linux distributions use autoconfiguration to pick an IPv6 address that is

derived based on the host’s mac address.

Fedora, Redhat Enterprise Linux, and clones like Centos
Add lines to these files: •/etc/sysconfig/network
NETWORKING_IPV6=yes
IPV6FORWARDING=no
IPV6_AUTOCONF=no
IPV6_AUTOTUNNEL=no
IPV6_DEFAULTGW=fe80::1
IPV6_DEFAULTDEV=eth0

•/etc/sysconfig/network-scripts/ifcfg-eth0
IPV6INIT=yes
IPV6ADDR=2607:f388:xxxx:yyyy::zzzz/64     # replace with your static address

Debian and derivatives like Ubuntu
Add lines to these files: •/etc/sysctl.conf
net.ipv6.conf.eth0.accept_ra=0

•/etc/network/interfaces
iface lo0 inet6 loopback
iface eth0 inet6 static
address 2607:f388:xxxx:yyyy::zzzz        # replace with your static address
netmask 64
gateway fe80::1

Where,
NETWORKING_IPV6=yes|no – Enable or disable global IPv6 initialization.
IPV6INIT=yes – Enable or disable IPv6 configuration for all interfaces.
IPV6ADDR=2607:f388:xxxx:yyyy::zzzz – Specify a primary static IPv6 address here.
IPV6_DEFAULTGW=fe80::1 – Add a default route through specified gateway.

Save and close the file. Restart networking:
# service network restart

Using ip

# /sbin/ip -6 addr add <ipv6address>/<prefixlength> dev <interface>

# /sbin/ip -6 addr add 2607:f388:xxxx:yyyy::zzzz/64 dev eth0

Using ifconfig

# /sbin/ifconfig <interface> inet6 add <ipv6address>/<prefixlength>

# /sbin/ifconfig eth0 inet6 add 2607:f388:xxxx:yyyy::zzzz/64

Removing IPV6

Using ip
# /sbin/ip -6 addr del <ipv6address>/<prefixlength> dev <interface>
# /sbin/ip -6 addr del 2607:f388:xxxx:yyyy::zzzz/64 dev eth0

Using ifconfig
# /sbin/ifconfig <interface> inet6 del <ipv6address>/<prefixlength>
# /sbin/ifconfig eth0 inet6 del 2607:f388:xxxx:yyyy::zzzz/64

 

What is IPV6
https://teckadmin.wordpress.com/2014/11/23/what-is-ipv6-address/

How to configure in windows
https://teckadmin.wordpress.com/2014/11/23/how-to-configure-ipv6-in-windows/

How to configure in Router
https://teckadmin.wordpress.com/2014/11/23/ipv6-router-configurations/

How to configure IPV6 in Windows

Below documents shows how to configure in Windows

ipv6inwindows

What is IPV6 Address

https://teckadmin.wordpress.com/2014/11/23/what-is-ipv6-address/

How to configure in Linux
https://teckadmin.wordpress.com/2014/11/23/ipv6-static-address-configuration-for-linux/

How to configure in Router
https://teckadmin.wordpress.com/2014/11/23/ipv6-router-configurations/

What is IPV6 address

History
After IPv4’s development in early 80s, the available IPv4 address pool begun to shrink rapidly as the demand of addresses exponentially increased with Internet. Taking pre-cognizance of situation that might arise IETF, in 1994, initiated the development of an addressing protocol to replace IPv4.A protocol version 5 (IPV5)was used while experimenting with stream protocol for internet,so IPV6 is the next.

An ip address is a 4 sets of decimal numbers separated by dots. The decimal number in each and every set is in the range 0 to 255(2^32 -1). Each and every set is called octet. So, there are 4 octets in an ip address.

Eg. 192.168.0.1

This Numeric no converted into binary format,there are 32 bit numbers

Eg. 11000000.10101000.00000000.00000001 or modify by 11000000.10101000.0.1

192 = 1100 0000
168 = 1010 1000
0 = 0000 0000
1 = 0000 0001

reffer the converter and method ho to
http://www.wikihow.com/Convert-from-Decimal-to-Binary
decimal-binary-hex

Where in IPv6 128-bit address is divided along 16-bit boundaries. Each 16-bit block is then converted to a 4-digit hexadecimal number, separated by colons.This is in contrast to the 32-bit IPv4 address represented in dotted-decimal format, divided along 8-bit boundaries, and then converted to its decimal equivalent, separated by periods

The following example shows a 128-bit(2^128-1) IPv6 address in binary form
0010000111011010000000001101001100000000000000000010111100111011
0000001010101010000000001111111111111110001010001001110001011010

The following example shows this same address divided along 16-bit boundaries
0010000111011010   0000000011010011   0000000000000000   00101111001110110000001010101010   0000000011111111   1111111000101000   1001110001011010

The following example shows each 16-bit block in the address converted to hexadecimal and delimited with colons.

21DA:00D3:0000:2F3B:02AA:00FF:FE28:9C5A

Rule:1 Discard leading Zero(es)
Rule:2 If two of more blocks contains consecutive zeroes, omit them all and replace with double colon sign ::,

So simplifies without the leading zeros
21DA:D3:0:2F3B:2AA:FF:FE28:9C5A

Interface ID
IPv6 has three different type of Unicast Address scheme. The second half of the address (last 64 bits) is always used for Interface ID. MAC address of a system is composed of 48-bits and represented in Hexadecimal. MAC address is considered to be uniquely assigned worldwide. Interface ID takes advantage of this uniqueness of MAC addresses. A host can auto-configure its Interface ID by using IEEE’s Extended Unique Identifier (EUI-64) format. First, a Host divides its own MAC address into two 24-bits halves. Then 16-bit Hex value 0xFFFE is sandwiched into those two halves of MAC address, resulting in 64-bit Interface ID.

Global Unicast Address
This address type is equivalent to IPv4’s public address. Global Unicast addresses in IPv6 are globally identifiable and uniquely addressable.
Global Routing Prefix: The most significant 48-bits are designated as Global Routing Prefix which is assigned to specific Autonomous System. Three most significant bits of Global Routing Prefix is always set to 001.

Link-Local Address
Auto-configured IPv6 address is known as Link-Local address. This address always starts with FE80. First 16 bits of Link-Local address is always set to 1111 1110 1000 0000 (FE80). Next 48-bits are set to 0, thus:

Link-Local addresses are used for communication among IPv6 hosts on a link (broadcast segment) only. These addresses are not routable so a Router never forwards these addresses outside the link.

Subnetting
In IPv4, addresses were created in classes. Classful IPv4 addresses clearly defines the bits used for network prefixes and the bits used for hosts on that network. To subnet in IPv4 we play with the default classful netmask which allows us to borrow hosts bit to be used as subnet bits. This results in multiple subnets but less hosts per subnet. That is, when we borrow host bit to create a subnet that costs us in lesser bit to be used for host addresses.

IPv6 addresses uses 128 bits to represent an address which includes bits to be used for subnetting. Second half of the address (least significant 64 bits) is always used for Hosts only. Therefore, there is no compromise if we subnet the network.

Routig prefix(48 Bits)—–Subnet ID(16 Bits)—–Interface ID(64 Bits)

16 Bits of subnet is equivalent to IPv4’s Class B Network. Using these subnet bits an organization can have more 65 thousands of subnets which is by far, more than enough.

Thus routing prefix is /64 and host portion is 64 bits. We though, can further subnet the network beyond 16 bits of Subnet ID, borrowing hosts bit but it is recommended that 64 bits should always be used for hosts addresses because auto-configuration requires 64 bits.

IPv6 subnetting works on the same concept as Variable Length Subnet Masking in IPv4.

/48 prefix can be allocated to an organization providing it the benefit of having up to /64 subnet prefixes, which is 65535 sub-networks, each having 264 hosts. A /64 prefix can be assigned to a point-to-point connection where there are only two hosts (or IPv6 enabled devices) on a link.

Routing
Routing concepts remain same in case of IPv6 but almost all routing protocol have been redefined accordingly. We have seen in Communication in IPv6 segment, how a host speaks to its gateway. Routing is a process to forward routable data choosing best route among several available routes or path to the destination. A router is a device which forwards data which is not explicitly destined to it.

There exists two forms of routing protocols

Distance Vector Routing Protocol: A router running distance vector protocol advertises its connected routes and learns new routes from its neighbors. The routing cost to reach a destination is calculated by means of hops between the source and destination. A Router generally relies on its neighbor for best path selection, also known as “routing-by-rumors”. RIP and BGP are Distance Vector Protocols.

Link-State Routing Protocol: This protocol acknowledges the state of a Link and advertises to its neighbors. Information about new links is learnt from peer routers. After all the routing information has been converged, Link-State Routing Protocol uses its own algorithm to calculate best path to all available links. OSPF and IS-IS are link state routing protocols and both uses Djikstra’s Shortest Path First algorithm.

Routing protocols can be divided in two categories:

Interior Routing Protocol: Protocols in this categories are used within an Autonomous System or organization to distribute routes among all routers inside its boundary. Examples: RIP, OSPF.

Exterior Routing Protocol: Whereas an Exterior Routing Protocol distributes routing information between two different Autonomous Systems or organization. Examples: BGP.

Routing protocols

RIPng

RIPng stands for Routing Information Protocol Next Generation. This is an Interior Routing Protocol and is a Distance Vector Protocol. RIPng has been upgraded to support IPv6.

OSPFv3

Open Shortest Path First version 3 is an Interior Routing Protocol which is modified to support IPv6. This is a Link-State Protocol and uses Djikrasta’s Shortest Path First algorithm to calculate best path to all destinations.

BGPv4

BGP stands for Border Gateway Protocol. It is the only open standard Exterior Gateway Protocol available. BGP is a Distance Vector protocol which takes Autonomous System as calculation metric, instead of number of routers as Hop. BGPv4 is an upgrade of BGP to support IPv6 routing.

Protocols changed to support IPv6:

ICMPv6: Internet Control Message Protocol version 6 is an upgraded implementation of ICMP to accommodate IPv6 requirements. This protocol is used for diagnostic functions, error and information message, statistical purposes. ICMPv6’s Neighbor Discovery Protocol replaces ARP and helps discover neighbor and routers on the link.

DHCPv6: Dynamic Host Configuration Protocol version 6 is an implementation of DHCP. Though IPv6 enabled hosts do not require any DHCPv6 Server to acquire IP address as they can be auto-configured. Neither do they need DHCPv6 to locate DNS server because DNS can be discovered and configured via ICMPv6 Neighbor Discovery Protocol. Yet DHCPv6 Server can be used to provide these information.

DNS: There has been no new version of DNS but it is now equipped with extensions to provide support for querying IPv6 addresses. A new AAAA (quad-A) record has been added to reply IPv6 query messages. Now DNS can reply with both IP versions (4 & 6) without any change in query format.

Dropbox and Microsoft are teaming up to integrate Dropbox into Office

MS files to store in DropBox and use directly from there. With this features DropBox users to link their account directly to the Word, Excel, and PowerPoint iPad apps.Users can save files to DropBox and edit files from there. Even though MS have OneDrive cloud storage,Microsoft looks into 30,00,00,00(30Crore)DropBox users from this deal.

News
https://blog.dropbox.com/2014/11/dropbox-microsoft-office-partnership/
http://www.techrepublic.com/article/using-microsoft-office-ipad-apps-with-dropbox/

Read my previous blog for DropBox
https://teckadmin.wordpress.com/2013/10/26/dropbox-a-cloud-storage/

CVE-2014-6321 Vulnerability (SCHANNEL Winshock)

Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via crafted packets, aka “Microsoft Schannel Remote Code Execution Vulnerability.”
Original release date: 11/11/2014

Impact

CVSS Severity (version 2.0):
CVSS v2 Base Score:10.0 (HIGH) (AV:N/AC:L/Au:N/C:C/I:C/A:C) (legend)
Impact Subscore: 10.0
Exploitability Subscore: 10.0
CVSS Version 2 Metrics:
Access Vector: Network exploitable
Access Complexity: Low
Authentication: Not required to exploit
Impact Type: Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service

What microsoft saying
MS14-066 covers a single CVE, CVE-2014-6321, in Microsoft’s Secure Channel security package in Windows, which provides security protocol support for applications. While it is covered by only a single CVE, there’s actually multiple vulnerabilities, ranging from buffer overflows to certificate validation bypasses.

Reffer
https://technet.microsoft.com/library/security/MS14-066
https://support.microsoft.com/kb/2992611

%d bloggers like this: