The sys admin's daily grind: Miredo
Exploring the Tunnel
The move from IPv4 to IPv6 must be gradual rather than abrupt. After just two minutes of configuration work, Charly leans back and watches his first IPv6 packets pass through a Miredo tunnel.
Network component manufacturers are still spreading the dread tidings: IP addresses are becoming scarce. Stories spread of large access providers buying out smaller ones to get their hands on their IPv4 address pools. If you prefer not to be a victim of the digital famine, you need to switch quickly, says the industry that offers IPv6-capable switches and gateways.
But really, not many access providers can give you native IPv6. In fact, in the context of discussions on IPv6, the word "move" doesn't seem to be all that appropriate. "Co-location" sounds more like it but does tend to remind one of grammar lessons at school. "Dual-tracking" is maybe the best option, because a peaceful coexistence of IPv4 and IPv6 is likely to become the rule, rather than the exception, in the near future.
If you are a customer with an IPv4 provider and would like to add IPv6 to your home network, many tunneling solutions are around that you can try. Configuring them will typically require admin-level skills and is probably beyond the ability of less experienced users, who simply want to explore the field. Teredo solves this problem. The technology, which was developed by Microsoft, sets up an IPv6 tunnel behind a NAT router and automatically distributes the required addresses. Teredo encapsulates the IPv6 payload in v4 UDP datagrams. The Teredo RFC 4380 points out that this is simply an interim solution – other people have been known to refer to it as a "dirty hack."
This Is Not What Problems Look Like
Whatever your opinion, however, Teredo isn't a bad choice for some cautious, initial steps toward IPv6. Setting up Teredo requires virtually no configuration work, and clients are available for any recent operating system. For example, the Linux Miredo  client is included with practically any popular distribution. On my Ubuntu lab machine, all I needed to do was type:
apt-get install miredo
to both install the client and start the service. In less than a minute, I had a working IPv6 connection with a prefix of 2001::/32, as defined by the RFC (Figure 1), even though my client resides behind no fewer than two NAT gateways.
Miredo doesn't need a modified kernel; instead, it runs completely in userspace. Although you need to launch Miredo as root to define the required interface parameters, it de-escalates its privileges to nobody after launch. The -u username option lets you specify a user other than nobody. Some distros create a miredo account during the installation.
Finally, a word about security: Whereas NAT routers, which just about every DSL user in the IPv4 world has, put up some kind of protection against undesirable access, IPv6 tears down these barriers. If you are worried about delving into ip6tables, you should at least bind all services suitable for this purpose to localhost (::1).
- Miredo: http://www.remlab.net/miredo/
Buy this article as PDF
HP's annual Cyber Risk report offers a bleak look at the state of IT.
But what do the big numbers really mean?
.NET Core execution engine is the basis for cross-platform .NET implementations.
The Xnote trojan hides itself on the target system and will launch a variety of attacks on command.
Spammers go low-volume, and 90% of IE browsers are unpatched.
Adobe scrambles to release patches for vulnerable Flash Player.
Four-inch-long computer on a stick lets you boot a full Linux system from any HDMI display device.
New statute would require companies to report break-ins to consumers.
Weird data transfer technique avoids all standard security measures.
FIDO alliance declares the beginning of the end for old-style login authentication.