It being near the end of the year, I am doing a 'purge' of all of my computers and setting them up again. This will involve me uninstalling the OS and wiping everything old (after backing up data I want to keep of course) and doing the configs over from scratch (with the help of a few scripts and guides for configs I wish to keep).
I decided that whilst I was at this task, I might have a go at something that I used to be scared of and have altogether been avoiding for a while - IPv6. My usual approach to IPv6 has been just to turn the c*nt off and use IPv4. This is because I didn't really understand it and I do not like using things that I do not understand. I was also a little bit hesitant about using a protocol that, when enabled, always seemed to make my network do things like forced automatic updates (i.e. automatic updates where I had disabled or otherwise not agreed to the same), lots of additional traffic for which I did not understand the need and random wake-on-LANs that I did not authorise or approve of. However, lately I've become a bit more adventurous and I know enough now about IPv4 that I find it fairly dull. As such, I've decided to use Purge 2016 as an opportunity to try something new and throw myself into the deep end of IPv6.
Now, I have Googled, Wikipedia'ed and DuckDuckGo'ed the topic to the shithouse, so I have a reasonable understanding of how IPv6 addressing works and the principles behind it. However, there are still a few things that bug me about the protocol, which I'd like some Good Samaritan(s) to assist me with:
- How the f*ck does one get used to reading and intuitively understanding these insane 128-bit hex addresses, especially after a lifetime of looking at this sh*t in decimal, 32-bit form? I've found tutorials and exercises that have helped somewhat in this regard, but it still takes me a while to decipher these addresses when I see them. I was wondering if anybody knows of any mnemonics or other aids that can help one to remember all the different address types and what they mean.
- Are there any good practices, conventions, etc. that one should use when assigning IPv6 addresses? (E.g. with IPv4, Cisco recommends not having wasted address space as this reduces performance - does this sort of thing also apply with IPv6?)
- From your experience, is there much benefit in assigning globally unique addresses to all your computers and fucking off NAT/masquerading, or is it more secure to leave NAT/masquerading on and use a private address range? (Can Aussie ISPs even handle IPv6 to this extent yet?)
- One of my main concerns about IPv6 is that the IP addresses are based on MAC addresses, which to me takes away some of the anonymity that one gets from sitting behind a NAT gateway and having an IP that has no link whatsoever to your adapter address. The analogy I like to use is having a mobile phone number that is generated from, or based on, your IMEI number - would you like to happily give your IMEI number to all the scammers and telemarketers that happen to chance upon your mobile number? Didn't think so. However, a NAT gateway presents its own inconveniences when running servers that you actually want to be able to access from the greater Interwebz, so I'd happily stick at least a couple of machines into the DMZ and give them globally unique addresses, if only they weren't tied to their MACs. Is there any problem with spoofing one's MAC address when getting a globally unique address, provided that the address obviously isn't one which would result in two identical addresses being given out?
- I have had a brief look through some of the Kali tools regarding IPv6, just to get an idea of what I'm getting myself into and how best I can make my IPv6 network do as it's damn well told. I noticed a few interesting features which don't seem to get much mention in the documentation I've seen on IPv6. These features completely explain the extra traffic, 'forced' automatic updates, random wake-on-LANs or phone WiFi activation by stealth and other really weird and 'magical' things that seem to happen around some IPv6 networks. However, unfortunately, the Linux man pages just don't cut it (I might need some man videos instead lololololol) and I want to learn how to use these tools. My purposes:
- Making sure that MY network does what I tell it to do, not what some pr!ck at M$ or Google tells it to do. It is partly a business network and I believe I have the right to control automatic updates and refuse the installation of software that I do not want. Likewise, since my mate and I pay the power bills, the way I see it, we should be able to control wake-on-LANs without M$ (or anyone else) sticking their fingers into that warm pie.
- As such, I plan on setting up my own update servers (for Windows, Linux and Android) - I want to make use of IPv6 to make these work.
- Better intrusion detection and incident response.
- Otherwise improving the integrity of, and my control over, the network and its traffic. This way, Cortana can stay in her box until I call her and my Linuxes will only change after I say 'sudo apt-get update'.
- I can set up a magical playground for PXEs where computers magically spring back to life even if they're shut down and launch OSes when I tell them to.
- Research and development into various things related to the above.
- More generally, are there any important security holes, capabilities that I should disable or monitor or other such things with IPv6 that aren't really well covered in the documentation around the Interwebz?
Feel free to link me if you think there's an article, tutorial or other thing that I really must read - chances are if it's on the first-to-about-fifth page of the abovementioned search engines, I've already read it, but if it's a bit more obscure, some assistance with my digging would be appreciated. Having said that, I am mostly posting this because I know that more than a few people on this forum would have had some personal experience with IPv6 and can probably explain it in a way I'll be able to understand. :P