TaoSecurity Blog

Thanks to the generosity of a TaoSecurity Blog reader, I have been experimenting with a dual-stack IPv4 and IPv6 system at a university. I connect to the IPv4 address using OpenSSH. Once on the box, I can use IPv6. I've been looking for ways to connect my home network directly to IPv6. At the moment I'm using a common gateway/router to perform NAT for my cable network connection. I needed a way to provide IPv6 for systems behind the NAT. Enter Teredo and the Miredo project. Now, before you decide that I'm giving this protocol my "thumbs up," I'm going to explicitly tell you I just wanted to get the software working and use ping6. That's it for now. Teredo, which is now a draft RFC , is a Microsoft protocol. Basically you take IPv6 traffic, tunnel it in UDP, and send it to a relay server. The relay pulls off the UDP and sends the traffic using IPv6 to the destination. The process is reversed for return traffic. Obviously sending your traffic e...

After trying 60 Free Minutes with Ubuntu 10.10 in Amazon EC2 yesterday, I decided to take the next step and try the AWS Free Usage Tier . This blog post by Jay Andrew Allen titled Getting Started (for Free!) with Amazon Elastic Cloud Computing (EC2) helped me. One important caveat applies: this activity will not be completely free. The AMI chose uses a 15 GB filesystem, and the terms of the free usage stipulate no more than a 10 GB filesystem. I'll pay $0.50 per month for the privilege of using a prebuilt Ubuntu AMI. Since I'm an AMI n00b, I decided to pay the $0.50. At some point when I am comfortable creating or trusting 10 GB AMIs, maybe I'll switch. First I visited http://aws.amazon.com/ec2/ and signed up for Amazon EC2. At Amazon Web Services Sign In, I chose to "Identity Verification by Telephone." When I completed sign up I received three emails: 1) Amazon Virtual Private Cloud Sign-Up Confirmation; 2) Amazon Elastic Compute Cloud Sign-Up Confirm...

I'm waiting in another airport, so it's time to summarize my second day at Black Hat USA 2007 . (The first day is Black Hat USA 2007 Round-Up Part 1 .) I started the day in Bruce Schneier's keynote. Bruce's talk was interesting but plauged by audio problems (not his fault). Bruce reiterated his ideas of the "security consumer" who asks "is it worth it?" when deciding whether or not to wear a bullet-proof vest when walking out his front door. Bruce seems to have changed his mind about the evils of "security theater," because he said "security is a feeling and a reality," and sometimes security theater is needed to right imbalances between the feeling and the reality. This imbalance can come about when citizens watch television, which impairs their availability heuristic by making rare and catastrophic events seem common and personal. Bruce focused on psychology, stating people, on average, are risk-seeking when facing losses ...

Earlier this year I described running Miredo on FreeBSD to gain access to the IPv6 Internet. Today I decided I would try to accomplish two goals. First, I would connect my FreeBSD gateway to the IPv6 Internet using Hexago/Freenet6 through the net/tspc2 port (Tunnel Setup Protocol Client). Second, I would deploy an IPv6-only host behind my FreeBSD gateway, and have it speak only IPv6 to the outside world. I do not intend for this to be definitive by any means. Again, these are more or less personal notes. If someone else finds them useful, great. First I registered with Hexago. This is not strictly necessary since anonymous access is apparently allowed. After registering I received an email with a username (I specified) and a password (provided) that I would add to the Tsp client. (I decided to try Tspc instead of manually deploying a tunnel because I heard Tspc was just too easy.) After installing the net/tspc2 package, I literally added the information from the email to my...