Threat Level: green Handler on Duty: Russ McRee

SANS ISC: IPv6 Focus Month: Guest Diary: Matthew Newton - IPv6 Cat Feeder - Turning those extra bits into bytes, literally - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
IPv6 Focus Month: Guest Diary: Matthew Newton - IPv6 Cat Feeder - Turning those extra bits into bytes, literally

Today we're bringing you another guest diary, this one by Matthew Newton on some of his experiences when he first turned up a novel service on World IPv6 Day in 2011.

------------------------------------

The 8th June 2011 - World IPv6 Day - will always be a significant day in the history of the Internet when networks and content providers from all over the globe took part in a collective test of IPv6 to raise awareness, test what worked and what didn't, and of course tease out some of the issues facing future IPv6 adoption...

I was taking part in my ISP's (Plusnet) native-IPv6 trial and took the opportunity to release to the world my IPv6-enabled Internet Cat Feeder (http://www.newtonnet.co.uk/catfeeder). Okay, so it admittedly wasn't quite the IPv6 'killer app' that everyone has been waiting for but it did represent an example of the so-called 'Internet of Things' that IPv6 will inevitably underpin and enable.

Normally the cat feeder is secured through an authentication mechanism such that only I can view/control it however on World IPv6 Day I opened the doors to the proverbial 'world and his dog'... as long as they were connecting over IPv6 of course.

Doing something like this was always going to attract some unwanted attention and it was barely a few minutes after midnight when I started to see connections being made that weren't quite in the spirit of the day. I was using parameters specified in the URL to pass control variables to the underlying PHP script and so naturally some users started to handcraft their own to see what damage they could do. I'd anticipated this and made sure that the scripts wouldn't respond outside of their intended usage envelopes however what I hadn't anticipated was how futile my attempts would be to manually block persistent offenders.

In IPv4 - with a relatively static addressing model - it is very easy, and relative effective, to blacklist particular (ab)user's IP addresses and this can usually be done with minimal collateral damage. However, with IPv6 this wasn't quite so straightforward because no sooner would I blacklist an individual /128 address when the miscreant would hop over to another address to continue their attack. It became something of a game a 'Whack-A-Mole' and I was inevitably always one step behind. In an attempt to keep the feeder up and running I ended up resorting to a broadbrush strategy of widening the blacklisting scope up to the point of blocking entire /32's. That's a whole lot of potential users being tarred by the same brush.

Whilst in this scenario the collateral damage was likely minimal it did bring to the fore the fact that not all security strategies from IPv4 are equally applicable to IPv6. The 'one user, many addresses' principle of IPv6 is very much a double edged sword as whilst the benefits are plentiful there are also drawbacks.

Still, overall the day was a success for IPv6, and the cat feeder too. To help quantify this, prior to the day the cats were fed twice a day over IPv4. Over the 24hr period on the 8th June 2011 with IPv6 they received 168 meals so unless there's a fundamental flaw in my calculations that makes IPv6 84 times better than IPv4. Fact. ;-)

------------------------------------

Jim

402 Posts
ISC Handler
Cool project Matthew, and great write-up...Thanks!

2 questions:

1. Where did you come up with the names Mark1 and Mark2 for your connectivity? As I was reading, I kept forgetting that your name isn't Mark. :-)

2. Do you have any more info on your RFID cat flap. The pic is intriguing and I'm curious to know more about how you were able to do that.

Thanks again
K-Dee

65 Posts
Thanks K-Dee.

1. The use of the term 'Mark' was merey referring to 'version' i.e. my first and second versions of the cat feeder! :-) It is fairly common nonmenclature for different versions of a product, albeit perhaps somewhat old fashioned, e.g. http://en.wikipedia.org/wiki/Manchester_Mark_ , http://en.wikipedia.org/wiki/Ford_Escort_Mark_1 etc

2. There's some further info on the catflap at http://www.newtonnet.co.uk/house/catflap/ - it's a commercial product that I merely modified to fit in a wall without the usual external 'porch' to contain the coil.

Mathew
K-Dee
1 Posts

Sign Up for Free or Log In to start participating in the conversation!