IPV6
Basics
Address are split into:
Unicast
Global - similar to IPv4 public IP addresses. They have a prefix of 2000::/3
Unique local - similar to IPv4 private addresses. There addresses have a prefix of FD00::/8 or FC00::/7
Link local - there addresses are used for sending packet over the local subnet. There addresses have a prefix of FE80::/10.
Anycast
Multicast - prefix with ff00::/8
Packets sent to ::1 are sent to localhost
Packets sent to ::0 are sent on all interfaces.
Designated multicast address (just a few for example):
From <https://github.com/0xbharath/talks/blob/master/pentesting_ipv6/pentesting_IPv6.md>
IPv6 Address Types
IPv6 Command Line Tools:
ping6- IPv6 ping tool
traceroute6- IPv6 tracing tool
tracepath6 – IPv6 tracing tool
ip -6 – For configuring/viewing IPv6 interfaces and routes
ipv6calc – IPv6 subnet calculator
tcpdump ip6 – packet sniffing on IPv6
snoop inet6 – packet sniffing on IPv6
IPv6 Subnet Size Reference Table
IPv6 Subnet Reference Prefix Lengths
Note: The IP address above is an IP address allocated to Crucial Paradigm.
Example of /64 Allocations:
/64 IPv6 allocations are usually given to end users, who do not require any VLANs. It allows auto configuration, or SLAAC so makes life a lot easier when configuring.
It is fairly easy to calculate /64 allocations, and a subnet calculator is not required. In fact this is the case with assigning IPv6 allocations, it can be done fairly easily without any calculator (I’ll demonstrate this later in the reference sheet):
Example of /48 Allocations:
/48 allocations are usually provided to business, who require additional VLANs or may require the range to be split up. Using a /48 allocation would allow them to do so.
IPv6 Subnet Calculator NOT REQUIRED!
In most cases a subnet calculator will not be required, since IPv6 using hex (hexadecimal) – and so long as the prefix length is a multiple of 4, it makes it quite easy. For example (this is also where the table “IPv6 Subnet Reference IP Address” comes in a lot of handy above):
IPv6 Address Scopes
::/128 unspecified address
::1/128 localhost
fe80::/10 link local
fc00::/7 unique local unicast (RFC 4193)
fc00::/8 centrally assigned by unkown, routed within a site (RFC 4193)
fd00::/8 free for all, global ID must be generated randomly with pseudo-random algorithm, routed within a site (RFC 4193)
ff00::/8 multicast, following after the prefix ff there are 4 bits for flags and 4 bits for the scope
::ffff:0:0/96 IPv4 to IPv6 Address, eg: ::ffff:10.10.10.10 (RFC 4038)
2000::/3 global unicast
2001::/16 /32 subnets assigned to providers, they assign /48, /56 or /64 to the customer
2001:db8::/32 reserved for use in documentation
2001:678::/29 Provider Independent (PI) adresses and anycasting TLD nameservers
2002::/16 6to4 scope, 2002:c058:6301:: is the 6to4 public router anycast (RFC 3068)
Interface Configuration Linux:
#ifconfig eth0 inet6 add 2402:9400:1234:1234::1/64
Configuring SLAAC (auto configuration) on Redhat/CentOS flavours of Linux: You can do this by enabling IPv6 on an interface which is already configured automatically on boot.
Last updated