April 25, 2012 archive

Sitemap

Archives

T-Mobile Completes IPv6 Deployment on US Network

In an email message on Monday, T-Mobile’s Cameron Byrne let people interested in IPv6 know that IPv6 deployment was now complete on T-Mobile’s U.S. network:

Folks,

The IPv6 network deployment is now complete, with a few outstanding service caveats (MMS is still an issue, …) that we will continue to work on.

We will no longer be doing any white listing since all T-Mobile customers in all of T-Mobile’s coverage area can now access the APN epc.tmobile.com using IPv6 PDP on phones that work with IPv6.

Regarding phone that work with IPv6, we are continuing to push the
manufacturers to support IPv6, and we are seeing some positive signs as
Android 4.0 updates are now being tested with IPv6.

In the meantime, the Samsung Galaxy Nexus (UMTS) remains the best bet
for what is available now.

The news spread through the tech world yesterday in large part through an ExtremeTech article, “IPv6 now deployed across entire T-Mobile US network,” that received good traffic through social networks. The discussion on Hacker News raised the question of why the IPv6 was limited to certain phones, and a look in the T-Mobile IPv6 setup instructions and FAQ provided this answer:

4. My phone is not listed above, will it work with IPv6?

  • No, most phones do not have the Android radio firmware (RIL) that allows the phone to support IPv6 on the mobile interface.  T-Mobile USA is encouraging all handset phone manufacturers to support IPv6.  If more phones become available, we will update this site.

It’s interesting to note that it is a device limitation (of not having the correct firmware) and it is great to see that T-Mobile is working with handset vendors to encourage support of IPv6.  I’d note in the first email message I quoted the part about Android 4.0 updates being tested with IPv6.

The T-Mobile IPv6 site also references a number of known issues and provides some info about how they are making IPv4 content available over the IPv6 network.

All this is definitely great to see!  If you are a T-Mobile USA user with a Samsung Galaxy Nexus it’s definitely worth checking it out to see how the IPv6 network works.

P.S. I would love to do so myself but sadly T-Mobile’s coverage is still rather sparse in the woods of southwestern New Hampshire that I call home…

Digium Releases 3 Asterisk Security Advisories

Asterisk logoThis week Digium released three security advisories allowing remote authenticated sessions to either crash an Asterisk server or escalate user privileges.  The advisories are:

In all cases the solution is to upgrade to the latest releases of Asterisk Open Source (1.6.2.24, 1.8.11.1 or  10.3.1 ) or Asterisk Business Edition (C.3.7.4).

 

Microsoft Security TechCenter: DNSSEC and DNS Amplification Attacks

Security Tech Center LogoWhat are the security risks related to using DNSSEC with regard to “DNS amplification attacks”? In a recent article at Microsoft’s Security Tech Center, Greg Lindsay dives into exactly that question.

First, though, he explains how a DNS amplification attack is a form of a Distributed Denial of Service (DDoS) attack that uses DNS queries combined with source address spoofing to send a large volume of traffic at a target system. He provides some examples of exactly how such an attack could be carried out.

Nicely, we get to see some examples of how DNSSEC will be implemented in the forthcoming Windows 8, both at the command line and in the GUI.  (I will be curious as Windows 8 rolls out to learn more about the “DNSSEC zone signing wizard” apparently available in the DNS Manager.)

He ends with a note that:

Signing a DNS zone and adding DNSSEC records to a DNS response increases the total size of a response, but does not increase the risk for DNS amplification past the existing limit placed on the server for UDP response size. 

Since the TCP conversation cannot be easily spoofed, these additional records do not inherently increase the severity of DNS amplification attacks.

and concludes with useful advice about how to help prevent DNSSEC amplification attacks.

I found it a very useful article regardless of whether you use Microsoft DNS servers or not.  Good to get this kind of information out there so that IT security teams can understand how to address and mitigate potential risks.

 

Want To Make Your Web Content Available over IPv6? Check Out The Excellent RFC 6589

IETF Logo Are you a “content provider,” such as a website operator, seeking to understand how to ensure your content is available over IPv6? Would you like to know what challenges you can expect? What kind of migration strategies you can use?  What you should do for an implementation plan?

If so, the IETF recently published an excellent guide in RFC 6589, “Considerations for Transitioning Content to IPv6 available at:

http://tools.ietf.org/html/rfc6589

The primary author is Jason Livingood of Comcast but many others have contributed to creating an excellent document! It explains both the issues with moving content to IPv6 and offers suggestions for migration plans and implementation tactics. With World IPv6 Launch fast approaching on June 6, 2012, it is excellent to have this document available to help content providers understand what they need to do!

From the introduction to the RFC:

This document describes considerations for the transition of end-user content on the Internet to IPv6. While this is tailored to address end-user content, which is typically web-based, many aspects of this document may be more broadly applicable to the transition to IPv6 of other applications and services. The issues explored herein will be of particular interest to major web content sites (sometimes described hereinafter as “high-service-level domains”), which have specific and unique concerns related to maintaining a high-quality user experience for all of their users during their transition to IPv6. This document explores the challenges involved in the transition to IPv6, potential migration tactics, possible migration phases, and other considerations. Some sections of this document also include information about the potential implications of various migration tactics or phased approaches to the transition to IPv6.

You can see from the table of contents the range of topics covered in the document:

1. Introduction
2. Challenges When Transitioning Content to IPv6
3. IPv6 Adoption Implications
4. Potential Migration Tactics
5. Potential Implementation Phases
6. Other Considerations
6.1. Security Considerations
6.2. Privacy Considerations
6.3. Considerations with Poor IPv4 and Good IPv6 Transport

The document is an excellent guide for content providers and anyone seeking to understand how to make their content available over IPv6. We’ve now added RFC 6589 to our list of resources and look forward to learning how it may help many of you get your content ready for IPv6!