macbroadcast´s blog

sixxs tunnel re-established
February 17, 2013, 7:56 pm
Filed under: DNS, Hacking, ipv6, linux | Tags:

After i had some trouble with miredo i reestablished my old sixxs tunnel with aiccu on ubuntu.


sudo tcpdump -i sixxs -vv ip6


19:54:38.347003 IP6 (hlim 64, next-header UDP (17) payload length: 22) > [udp sum ok] UDP, length 14
19:54:38.347568 IP6 (hlim 64, next-header TCP (6) payload length: 117) > Flags [P.], cksum 0x4c4c (correct), seq 10965:11050, ack 6838, win 291, options [nop,nop,TS val 2697522 ecr 942344354], length 85
19:54:38.395652 IP6 (hlim 55, next-header UDP (17) payload length: 22) > [udp sum ok] UDP, length 14
19:54:38.397338 IP6 (hlim 55, next-header TCP (6) payload length: 85) > Flags [P.], cksum 0x2090 (correct), seq 6838:6891, ack 11050, win 91, options [nop,nop,TS val 942349357 ecr 2697522], length 53


World IPv6 Launch: this time it’s for real

via the interwebs 😉

As happened during last year’s World IPv6 Day, the Internet Society is taking the lead in organizing World IPv6 Launch on June 6, 2012. (Yes, right on the heels of the Venus transit across the disk of the sun.) But unlike last year, after turning on the new version of the Internet Protocol on some of the largest Web properties—and many smaller ones—this year, IPv6 will not be turned off again 24 hours later. So “this time it’s for real,” and the new protocol will be here to stay at Google, Yahoo, Bing, Facebook, and Cisco, as well as many Akamai and Limelight customers.

Also new this year is that several Internet service providers will be participating by enabling IPv6 for at least one percent of their customers—with more to follow. These ISPs include not only those that have already put a toe in the IPv6 waters before, such as Comcast, Free Telecom in France, and XS4ALL in the Netherlands; but also Time Warner Cable and AT&T. Last but not least, Cisco/Linksys and D-Link will be enabling IPv6 support in the default configurations of their home routers.

Regular readers of Ars already know everything they need to know about IPv6, but the highlights are simple enough: the currently used IPv4 can only handle 3.7 billion addresses, and we’re running out of address space: first in Asia, with Europe to follow soon. The new IPv6 has, for all practical purposes, an unlimited number of addresses.

Although there is no plan B for the IPv4 well running dry, IPv6 deployment has been lackluster at best. The Internet Society tried to get some momentum going and flush out unnoticed broken IPv6 setups with last year’s World IPv6 Day. The effort was mostly successful, with only a few surprises here and there.

With the exception of the 24 hours during WIPv6D, Google has been using a DNS whitelisting system so only users with known IPv6-friendly ISPs get to see Google’s IPv6 addresses, in an effort to avoid issues with those broken IPv6 setups. As of World IPv6 Launch, this will no longer be the case. “Our participation in World IPv6 Launch means that the whitelist will be removed and AAAA records will be generally available,” said Google’s Lorenzo Colitti. “We may still choose not to return AAAA records to specific networks if our measurements indicate that returning them would cause significant user impact. However, this will be the exception rather than the rule.”

Also, the number of home users with IPv6 connectivity will increase as ISPs start rolling out IPv6 to their customers. XS4ALL in the Netherlands has been a pioneer in this area. (Full disclosure: I got started in the Internet business as an intern with XS4ALL in 1995.) “We’re going to supply an IPv6 prefix to all newly enabled connections” System administrator Timo Hilbrink told Ars. “This means that as of that moment, every new XS4ALL customer will have a working dual stack (both IPv4 and IPv6) Internet connection out of the box, without having to change any further settings on the CPE (home router) or in the customer portal.

“There used to be issues with the lawful interception capabilities required in the Netherlands regarding the mail servers, but those have been eliminated,” Hilbrink added. “Another obstacle for both mail and Web hosting was the lack of high end load balancer platforms that handle IPv6 properly. Late last year we’ve finally been able to acquire a system that conforms to our requirements, so that hurdle is gone, too.”

Until now, XS4ALL had to rely on a partnership with German electronics company AVM to supply so-called FRITZ!box home gateways with an IPv6 configuration profile that works with XS4ALL’s service. But with last year’s IETF specification and the IPv6 forum’s IPv6 Ready CPE (customer premises equipment) test specification, it’s now possible to build home routers that will automatically get an IPv6 address block from an ISP that they will then further distribute to computers in the home. “DHCP Prefix delegation, as well as other mechanisms such as 6RD will be supported and activated out of the box,” said Cisco director Alain Fiocco. “IPv6 service will be plug and play.”

When Apple introduced IPv6 support in their Airport Extreme base stations in 2007, the protocol was enabled by default, which surprised some. We asked whether Apple will be enabling IPv6 on their Airport Extreme base stations and/or on the the main Apple website ( has been operational since WIPv6D), but we didn’t receive any comment by press time.

So what does all of this mean?

One big problem with IPv6 so far has been the “set and forget” issue, where someone sets up IPv6, has a look at the dancing KAME and clicks on an IPv6-only URL or two, and then completely forgets about IPv6. The inevitable result is that, at some point that IPv6 setup breaks and subsequent visits to IPv6-enabled locations incur delays or worse. With the likes of Bing, Yahoo, Facebook, and Google having IPv6 addresses in the DNS, broken IPv6 setups are going to be much more visible, and will be repaired much quicker than they have been until now.

However, even with 5, 25, or as much as 75 percent of the Web being reachable over IPv6, it’s still not possible to turn off IPv4 and stop all the workarounds necessary to keep the address-starved protocol running. And one of last year’s lessons was that even Web destinations that have their main domain name reachable over IPv6 typically load page elements such as images and scripts from secondary (sub-) domains that are IPv4-only, making the experience for users who only have IPv6 and no IPv4 pretty miserable.

And the Web is actually one of the applications that needs IPv6 the least: the HTTP protocol can withstand NAT as well as translation from IPv4 to IPv6 and proxying without much trouble. The opposite is true of applications like Skype, which have to work very hard to function even in today’s firewalled and NATed IPv4 Internet, because in principle, every Skype user must be able to communicate with every other Skype user. So having some of them on IPv4 and some on IPv6 is a challenge, to say the least. And it’s a challenge that Skype hasn’t taken up so far, despite being on top of the list of applications that users would like to see support IPv6. We asked Skype, now owned by all-around IPv6-friendly (and World IPv6 Launch participant) Microsoft, about its World IPv6 Launch participation, but we didn’t get a response by press time.

But despite all the work that still remains to be done, World IPv6 Launch will probably be the biggest step in the right direction so far. The days that “you’re the only one asking for it” or “it has no priority” are acceptable answers when asked about IPv6 support are drawing to an end. And hopefully “World IPv4 Decommission” will come around while we’re still young enough to enjoy it.

Photo illustration by Aurich Lawson

Baut ein neues Internet –


Die wichtigste Infrastruktur unserer Zeit wird zur Gefahr für Wohlstand und Sicherheit.


Es begann, als Konzerne wie MasterCard und Amazon im Dezember 2010 bei der erdumspannenden Jagd auf den WikiLeaks-Gründer Julian Assangehalfen. Kurz darauf traf sie ein spektakulärer Großangriff aus dem Internet: Von einer Sekunde auf die andere standen ihre Netze und Computer unter Datenbeschuss, und viele Dienste fielen tagelang aus. Aktivisten vom losen Zusammenschluss Anonymous bekannten sich zu dieser »Operation Payback«, und bald suchten sie sich neue Ziele. Eines war der Unterhaltungskonzern Sony. Sein beliebtes Playstation-Spielenetzwerk wurde im April von Hackern unterwandert, und Daten seiner Benutzer wurden offengelegt, sodass der Konzern das vernetzte Spielen mehrere Wochen lang abschalten musste.

Dann zerstörten Staatshacker mithilfe eines Computerwurms Tausende Zentrifugen im iranischen Atomprogramm, und die Frankfurter Allgemeine Zeitung titelte: Der digitale Erstschlag ist erfolgt.

Kurze Zeit später wurde im Frühjahr 2011 die New Yorker Technologiebörse Nasdaq zum Ziel eines Cyberangriffs. Gleichzeitig klauten Hacker in mehreren europäischen Ländern Zertifikate zur Klimagasemission und verkauften sie für nahezu 50 Millionen Euro blitzschnell an der einschlägigen Spezialbörse weiter.

NETZ-SICHERHEITBaut ein neues Internet!

Seite 2/4:

Das Netz versagt im großen Stil

Dann zerstörten Staatshacker mithilfe eines Computerwurms Tausende Zentrifugen im iranischen Atomprogramm, und die Frankfurter Allgemeine Zeitung titelte: Der digitale Erstschlag ist erfolgt.

Kurze Zeit später wurde im Frühjahr 2011 die New Yorker Technologiebörse Nasdaq zum Ziel eines Cyberangriffs. Gleichzeitig klauten Hacker in mehreren europäischen Ländern Zertifikate zur Klimagasemission und verkauften sie für nahezu 50 Millionen Euro blitzschnell an der einschlägigen Spezialbörse weiter.

Seither vergeht praktisch keine Woche, in der nicht eine große Firma oder Behörde zugeben muss: Daten sind abhandengekommen, wir wurden gehackt, unsere Onlinedienste sind ausgefallen, unsere Kunden sollten sich zur Sicherheit neue Kreditkarten zulegen. Getroffen hat es: die Finanzgruppe Citigroup und die Hotelgruppe Hilton, Neckermann und Nintendo, die CIA und den Senat der USA. Auch die deutsche Bundespolizeiist unter den Opfern.

Für die heutige Nutzung ist das Netz gar nicht ausgelegt

»Ist da eigentlich eine Hackerepidemie ausgebrochen?«, fragte kürzlich Bruce Schneier, ein renommierter Sicherheitsexperte aus der amerikanischen Hauptstadt Washington.

Eine andere, viel wichtigere Frage lautet: Wie konnten diese Hacker überhaupt so erfolgreich sein?

Die unbequeme Antwort lautet: Die wichtigste Infrastruktur unseres Planeten ist zu schwach für das, was sie leisten soll. Die Computer, das Netz, ja die ganze Informationstechnik versagt nun im großen Stil. Nie war das Internet dafür vorgesehen, solche Massen hochgradig privater, wirtschaftlich unentbehrlicher und überlebenswichtiger Daten zu befördern und zu verwalten. Seine Protokolle und Programme sind nicht dafür ausgelegt. Seine Benutzer haben nicht gelernt, die Risiken zu beherrschen, weder Unternehmen noch Bürger, noch Staaten – und vielleicht werden sie es auch nie tun. Der Mensch ist nicht als Computerexperte geboren.

Dieses Internet-Spezial beruht auf dem neuen Buch Zeitbombe Internet. Warum unsere vernetzte Welt immer störanfälliger und gefährlicher wird von Thomas Fischermann und Götz Hamann (Gütersloher Verlagshaus; 255 S., 19,95 €).

Inzwischen benutzen schätzungsweise 2 der 6,7 Milliarden Menschen das Internet. Im Westen könnte niemand das Internet abschalten und dann erwarten, dass sein Leben einfach wie gewohnt weitergeht. Kabelstränge und Computer vernetzen Verkehrsleitsysteme, Handys, Stromzähler, Kriegsflugzeuge; sie verbinden Menschen im Büro, Soldaten im Kampfeinsatz und Teenager beim Flirt.

Wir verlassen uns darauf, dass die Rechenhirne immer da sind, immer antworten und wahlweise den freundlichen Helfer, die Inspirationsquelle, das Nachschlagewerk, den Nachrichtensprecher, den Botschafter oder das kollektive Gedächtnis geben. Selbst wer zu Hause noch ein altes Telefon mit Drehscheibe der Bundespost nutzt, dessen Telefonate gehen spätestens an der nächsten Straßenecke in den riesigen, unsichtbaren Datenstrom ein. Wer seine Bankfiliale aufsucht, schaut im Zweifelsfall einem Menschen dabei zu, wie dieser Daten aufnimmt, nickt und sie in einen Computer speist. Wer ein modernes Handy mit sich herumträgt, muss schon sehr gewieft damit umgehen können, damit das Ding nicht ständig im Internet surft. Wer Energie sparen will und sich vom Elektrizitätswerk einen »smarten Stromzähler« in den Keller hängen lässt, teilt unter Umständen bereits seine Verbrauchsdaten über das weltweite Computernetz mit.

Zusammenbruch in der Größenordnung von Fukushima ist denkbar

Tiefer, immer tiefer gräbt sich das Netz in unseren Alltag und in unser Leben hinein. Und schneller denn je verbreitet es sich um den Globus, wird zum Weltnetz, das seine Tentakel wahrhaft in alle Winkel ausstreckt. »Die heutigen Schwellenländer werden bis 2025 mehr als die Hälfte der Internetwirtschaft ausmachen«, sagt das kalifornische Unternehmen Cisco voraus, das den Großteil der Internetinfrastruktur gebaut hat. Cisco leitet daraus gigantische Wachstumsprognosen für sich selbst, für die Internet- und Elektronikwirtschaft und überhaupt für die Welt ab. Schon heute setze die digitale Wirtschaft zehn Billionen Dollar im Jahr um, schätzt die Washingtoner Denkfabrik Information Technology & Innovation Foundation. Damit trüge sie mehr zum zählbaren Wohlstand bei als der Verkauf von Arzneimitteln, die Investitionen in erneuerbare Energien und die staatlichen Forschungsausgaben zusammen.

It´s the bufferbloat stupid
August 25, 2011, 8:54 pm
Filed under: Decentralization, globalchange, Hacking, howto, ipv6 | Tags: , , , , ,

CeroWrt – Debloating

I don´t know if you heard about Bufferbloat yet, i posted a google tech talk a few weeks ago regarding this issue.

I would recomment watching it, to get a brief overview of what it is about. A few days before i mentioned that there is a interesting project called  CeroWrt , whitch claims to work on this network buffer issues.


Bufferbloat is a widespread problem present throughout the Internet, “end-to-end.” Debloating is a “work in progress” industry wide and will take years. Ultimately, all buffering/queuing in operating systems needs to be carefully managed and be automatically adaptive to the data transfer rates. All network routers (and operating systems!) should be running with AQM (e.g. algorithms such as RED) including home routers: unfortunately, existing algorithms such as RED are unlikely to work correctly in today’s home network environment.

CeroWrt is the test platform for improved AQM algorithms. To achieve ultimate latencies under load across the high bandwidth variation of 802.11 and broadband, new AQM algorithms need testing in addition to more complex changes in internal buffering; these will take time and therefore debloating will be a work in progress for an extended period.

In the upstream direction, the bottleneck link may be adjacent to your home devices (e.g. your laptop on wireless), and in your operating system, outside of our control; you may see problems therefore copying from your home device upstream to the Internet and/or your home file server. Unfortunately, TCP acks can be stalled behind packets queued in a particular direction, so bufferbloat in one direction can result in bad performance (poor latency) in the other direction. If you run Linux, you can help with debloating by working with those working on the debloat-testing work going on on On other operating systems, you should contact your operating system vendor and complain. Be gentle (but insistent), however: before 2011, bufferbloat was not understood to be a general problem, and it will take time to overcome.

Note that bufferbloat only occurs in the device just before the bottleneck in a path. A common strategy when fixes for bufferbloat are not available for the devices either side of a bottleneck, therefore, is to try to arrange to move the bottleneck from a device which is badly bloated to one which is not: e.g. you might arrange to ensure that your wireless bandwidth is always bigger than your broadband bandwidth (and using bandwidth shaping and QoS to avoid the consequences of bufferbloat in that hop as best you can).


Check out daves blog


Bufferbloat: Dark Buffers in the Internet Download PDF version of this article

by Jim Gettys, Kathleen Nichols | November 29, 2011

Topic: Networks



IPv6 2011: The Time Is Now! – World IPv6 Day follow-up panel
August 13, 2011, 12:52 am
Filed under: globalchange, Hacking, ipv6, socialweb, society | Tags: , ,

They mentioned 🙂

World IPv6 Day – 8 June, 2011
April 30, 2011, 12:32 pm
Filed under: globalchange, Hacking, howto, ipv6, linux, socialweb, society | Tags: , ,

About World IPv6 Day by isoc

On 8 June, 2011, Google, Facebook, Yahoo!, Akamai and Limelight Networks will be amongst some of the major organisations that will offer their content over IPv6 for a 24-hour “test flight”. The goal of the Test Flight Day is to motivate organizations across the industry – Internet service providers, hardware makers, operating system vendors and web companies – to prepare their services for IPv6 to ensure a successful transition as IPv4 addresses run out.

Please join us for this test drive and help accelerate the momentum of IPv6 deployment.

How To Take Part

Interested in joining the other organisations that are taking part in this initiative? Select your type of organisation below and you’ll find everything you need to participate in World IPv6 Day:

Please contact us to indicate your interest in participating in World IPv6 Day and to have your company added to the list of participating organisations.

Test your IPv6 Connectivity

Want to find out your IPv6 readiness? Use this test.

more at

Other IPv6 Day Events held a similar event on 16 September 2010.  As a result of their prior tests and experiences they now operate dual stack IPv6 and IPv4 on their website.  You can read about their experiences in the following links:

On Oct 26, 2010, two of the top-5 websites in Norway, A-pressen Digitale Medier and VG Multimedia, both made their websites available over IPv6 for 24 hours. Thanks to the positive results that day, the change was made permanent shortly after.

Automatic Multicast without explicit Tunnels (AMT)
February 26, 2011, 5:38 pm
Filed under: Decentralization, ipv6, Uncategorized | Tags: , ,

About AMT
The primary goal of Automatic Multicast without explicit Tunnels (AMT) is to foster the deployment of native IP multicast by enabling a potentially large number of nodes to connect to the already present multicast infrastructure. The protocol specification can be deployed in a few strategically-placed network nodes and in user-installable software modules (pseudo device drivers and/or user-mode daemons) that reside underneath the socket API of end-nodes’ operating systems.