[CentOS] IPV4 is nearly depleted, are you ready for IPV6?
David G. Mackay
mackay_d at bellsouth.net
Fri Dec 10 00:15:46 UTC 2010
On Thu, 2010-12-09 at 08:32 -0500, Adam Tauno Williams wrote:
> On Wed, 2010-12-08 at 16:49 -0600, David G. Mackay wrote:
> > On Wed, 2010-12-08 at 10:41 -0500, Adam Tauno Williams wrote:
> > > On Wed, 2010-12-08 at 09:37 -0600, David G. Mackay wrote:
> > > > On Wed, 2010-12-08 at 10:01 +0100, David Sommerseth wrote:
> > > > > Nope, ARP is gone. But it gets a replacement as a part of IPv6, instead
> > > > > of ARP being an addition to IPv4.
> > > > > <http://itkia.com/how-to-arp-a-in-ipv6/>
> > > > > <http://www.tcpipguide.com/free/t_TCPIPIPv6NeighborDiscoveryProtocolND.htm>
> > > > I have a question about how IPV6 interacts with the switches in the
> > > > local network. Right now, my sub $50(US) gigabit switch from any of
> > > > several vendors keeps an arp table to determine which switch port a
> > > > message will use. With the huge address space available with IPV6, how
> > > > is that going to work, and when am I going to get a cheap soho switch
> > > > that can handle IPV6?
> > >
> > > The switch will continue to operate using the MAC# of the client
> > > interfaces. The switch doesn't care about IPv4, IPv6, or IPX for that
> > > matter [unless you enabled vLANs or managment features - which is a
> > > different issue].
> > Maybe that's the case for my little cheapo soho switch.
> > > The switch does not maintain an "arp table". It maintains a list of
> > > MAC#s it has seen on each port.
> > Sorry, but that's certainly incorrect for the higher end switches.
>
> Hence: "unless you enabled vLANs or managment features - which is a
> different issue".
Yes, or perhaps a layer 3 switching device.
> > I've accessed the arp table on several different brands of switches. Also,
> > look up ARP poisoning.
>
> If the switch has an IPv4 management interface then it has, by
> definition, an ARP table. ARP is how IPv4 works on Ethernet. This
> doesn't mean [necessarily] that the switching mechanism is using the ARP
> table to route packets. If 802.1x or some type of protection scheme is
> not in place all one has to do is forge the MAC address on any traffic
> to 'confuse' the switch. Specifically ARP cache poising is required to
> get an IPv4 host to misdirect its traffic to another host on the subnet.
>
> It is very fun to play with this, and Linux makes is pretty easy.
>
> ip link set address xx:xx:xx:xx:xx:xx dev eth0
Take a look at ettercap. The idea is to use arp poisoning to overflow
the switch's arp table so that the switch gives up and becomes a hub,
sending traffic out of every port, which allows your friendly local
hacker to view all of the traffic from every port on the switch. And
no, you don't have to use vlans for this to work.
Let me throw in a disclaimer that it's been over a decade since I played
network manager on a good-sized network that had this kind of gear, so
things have changed a bit since then. Hopefully, some of the cracks
have been sealed.
Dave
More information about the CentOS
mailing list