If you have IPv6 on your Internet connection and you’re going to be driving around the Internet giving out that address (every web site and server will see it, some will tell you what it is on their web pages.) – you might as well make it a cool, shorter IPv6 address.
You can go here:
to test if you have IPV6 and see what your IPV6 and IPV4 addresses are.
By default – usually your Internet Router will announce your IPv6 Prefix, like:
and your computer (Windows 7 or whatever) will create a long sort of random IPV6 address out of that for its own use.
UGLY! And no fun at all!
If you go into the settings and manually set your IP Address (you have 64 bits you can play with – 16 Hexadecimal Characters – 4 x 4 = 16 characters, 4 bits in binary each character 16 x 4 = 64 bits) and the Gateway, and the DNS Server … you can Roll Your Own IPv6 Address. In Windows 7 – Open Network and Sharing Center. In the top – middle – find your active Internet Connection. Click on the link for “Local Area Connection” (or Wireless Connection if you are wireless) and then click Properties. Open Internet Protocol Version 6 (TCP/IPv6) and your settings are right there.
Let’s say we take that:
and change the last 2 characters to “01” or “10” or “11” or something along those lines. That is perfectly valid.
So we set: 2001:DB8:bca9:9110:0000:0000:0000:0011 as our IPv6 address, 64 bits pops in that box automatically (I noticed) we just need to find the Link Level Address for our Router (The FE80 address.)
Once that’s set as the Default Router and the DNS Server …
Then 2001:DB8:bca9:9110:0000:0000:0000:0011 gets shortened to this cool thing:
(You could also do something like 2001:DB8:bca9:9110:0192:0168:0001:0011 – to emulate the old IPv4 RFC-1918 private addresses so common nowadays. Anything is valid from Zero to Nine and ‘A’ to ‘F’ in the 4 character sets. And you can modify all 4 characters in all 4 (16 total) ‘:’ seperated sets past the First 4 sets. The first 4 sets of 4 characters must remain the same. You could have “ffff:ffff:ffff:ffff” in the right hand 4 sets of 4. But the coolest is what I’ve already described because 3 sets of 4 zeros and any leading zeroes in the last 4 characters can all be shortened to “::”. That’s pretty sweet!)
* You can also do this on Linux – in particular I just set a manual “0010” (like the “0011” above) on Ubuntu 10.04 giving me:
2001:DB8:bca9:9110::10 on Ubuntu Linux. Ubuntu had a graphical “Network Connections” application (okay an “app”) that had both the Ipv4 and Ipv6 settings in it, this being somewhat similar to MS Windows in that you can have Automatic or Manual settings for both Ipv4 and Ipv6 in there.
* On Mac – Mac OS X – http://support.apple.com/kb/HT4667 tells you how to do this.
* On Android Phones – I’m having more trouble finding how to manually configure IPv6. If anyone has suggestions – let me know. I don’t have an Android device to test on. There are some Ipv6 related apps for Android.
* On iOS 5 (ipod Touch, iPhone, iPad) – There does not seem to be a way graphically to set IPv6 Settings. If you have the “Terminal” app or SSH access to your device – you can no doubt do it in there.
… and this person is fun to read (see: Wake Up and Smell the Coffee)
Knock, knock, Neo…
The (not so) new IP address scheme is coming at us at increasing speed. It’s called IPv6 and is as big as the sun whereas the old scheme is called IPv4 and as small as our moon. If our sun would be made of sand then it would of course consist of much more individual grains of sand than, say, the moon. Let each grain of sand here have one unique IP address. The moon’s IP addresses are depleted far quicker than the sun. So now we’re moving slowly from “moon IPs” (IPv4) to “sun IPs” (IPv6). For a while we’ll carry them both. Until everyone has the Sun’s IPs, that’s when we don’t need to carry one of each. And we don’t need to disguise them any longer ’cause there are enough unique addresses available to give every person, animal, tree and flower a million of them. Seriously.
So. What this means is that the guard’s job is now redundant He’s been fired and all devices can have their own, globally unique, globally reachable address. All things that use the Internet are technically able to reach each other, unmodified.
In the old scheme someone would knock on the door, the guard would open, the person would say who he comes to visit and the guard would say yes or no. So your device would only be receiving traffic it either initiated, or the guard would pass on. You had some form of easy protection. With the new model you do not have that kind of protection, at least not enough, mainly due to unfortunate ignorance I believe is due to the intimidating size of it.
Sure, there are firewalls and protecting yourself will be just as easy depending on who you ask of course. The problem is not “can I be protected”, the problem is “how do I learn so I can protect myself?” We did it before, we can do it again. In fact, I believe we must.
* P.S. My iPhone 4S tells me …
Alan-S-iPhone:~ root# ip6fw show
ip6fw: getsockopt(IPV6_FW_GET): Protocol not available
Alan-S-iPhone:~ root# ip6conf
Start up IPv6 on ALL interfaces: -a
Shut down IPv6 on ALL interfaces: -x
Start up IPv6 on given interface: -u [interface]
Shut down IPv6 on given interface: -d [interface].
* Ifconfig only shows IPv4 addressing, not IPv6. In Linux it shows “inet6 addr” IPv6 addressing as well.
Alan-S-iPhone:~ root# ifconfig
(snip snip for unnecessary info.)
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 192.168.1.68 netmask 0xffffff00 broadcast 192.168.1.255
* Of course as one final note I should warn you that when you set a Manual / Static IP (either IPv4 or IPv6) on a portable device or laptop type of computer – you should remember that. IP Addressing is set per Interface not per Computer. That means that if you set manual on WiFi and you move to another Access point – it probably will not work. In fact it may break things so bad that YOU cannot get work done. But all you have to do is to set that connection (Interface) back to “Automatic” and you are back in business. I can’t tell you how many times that has happened to me while working on networks – and then moving to a different location – and having to take the extra time to realize the mistake. It can be realized pretty quickly though (e.g. in Windows with CMD prompt and typing “ipconfig”) by checking the current IP Addresses – that will usually jog your memory. Have a habit, if you are portable, of checking the Networking Settings when you think something should be working but it is not.
Alan Spicer Marine Telecom
+1 954 683 3426
communications @ marinetelecom.net