IPv6 Security: Audit Security
Fasilitas / tool untuk melakukan security audit pada jaringan IPv6 masih terus di kembangkan. Tool yang ada memang belum sebaik yang tersedia di IPv4.
Masalah Hukum / Legal
PERHATIAN: berhati-hati saay melakukan scan ke sistem yang kita gunakan, jika tidak mungkin kita akan terkena masalah hukum. CEK tujuan IPv6 address DUA KALI sebelum melakukan scan.
Audit Security Menggunakan netcat yang IPv6
With the IPv6-enabled netcat (see IPv6+Linux-status-apps/security-auditing for more) you can run a portscan by wrapping a script around which run through a port range, grab banners and so on. Usage example:
# apt-get install netcat6
# nc6 ::1 daytime 13 JUL 2002 11:22:22 CEST
Security auditing menggunakan nmap IPv6-enabled
NMap, salah satu portscaner terbaik di dunia, mendukung IPv6 sejak versi 3.10ALPHA1. Contoh penggunaan:
# nmap -6 -sT ::1
Starting Nmap 6.00 ( http://nmap.org ) at 2013-07-11 07:54 WIT Nmap scan report for ip6-localhost (::1) Host is up (0.00049s latency). Not shown: 993 closed ports PORT STATE SERVICE 22/tcp open ssh 25/tcp open smtp 80/tcp open http 139/tcp open netbios-ssn 445/tcp open microsoft-ds 631/tcp open ipp 873/tcp open rsync Nmap done: 1 IP address (1 host up) scanned in 0.15 seconds
19.3.4. Security auditing using IPv6-enabled strobe
Strobe is a (compared to NMap) more a low budget portscanner, but there is an IPv6-enabling patch available (see IPv6+Linux-status-apps/security-auditing for more). Usage example:
# ./strobe ::1 strobe 1.05 (c) 1995-1999 Julian Assange <proff@iq.org>. ::1 2401 unassigned unknown ::1 22 ssh Secure Shell - RSA encrypted rsh ::1 515 printer spooler (lpd) ::1 6010 unassigned unknown ::1 53 domain Domain Name Server
Note: strobe isn't really developed further on, the shown version number isn't the right one.
19.3.5. Audit results
If the result of an audit mismatch your IPv6 security policy, use IPv6 firewalling to close the holes, e.g. using netfilter6 (see Firewalling/Netfilter6 for more).
Info: More detailed information concerning IPv6 Security can be found here:
- IETF drafts - IPv6 Operations (v6ops)
- RFC 3964 / Security Considerations for 6to4