[Novalug] [ncaug] Vast Chinese "Ghostnet" spying operation discovered

Stephen Cicirelli scicirelli@gmail.com
Mon Apr 6 10:34:35 EDT 2009


The requirement was to have the core of the network running IPv6, for
various definitions of core.  Each Department (or agency depending on what
the Department did) was left to make their own definition of Core.  Running
was also a little bit open and there was no requirement to keep it running
after successful testing was completed.

Where I was at the time didn't keep v6 running after testing and verifying
capability due to security issues.  Not so much issues with IPv6 security as
much as the lack of tools and skill sets to monitor and evaluate those
systems to ensure a proper level of comfort with the security.

The real fun part was trying to explain why unmanaged switches were v6
complaint, although the may not understand the subtleties.

Stephen

2009/4/5 John Franklin <franklin@elfie.org>

> ISTR the mandate you're speaking of was that all devices purchased after a
> certain date about three years ago had to be IPv6 *capable*.  There was no
> mandate inside or outside the government (so far as I know) to implement an
> IPv6 network, but they wanted ti to be possible and wanted vendors to start
> seriously figuring out IPv6 issues.
> Cookies to donuts, most of the devices that didn't already have IPv6
> support dropped in the KAME IPv6 stack, some with better results than
> others.
> jf
>
> On Apr 5, 2009, at 7:30 AM, Anthony Soucek wrote:
>
> I heard that there was a federal mandate, or at least suggestion to move to
> IPv6, and I think it has come and gone.  The Feds use IPv6 internally, but
> they have to nat to v4 to communicate with the ISPs.  working for a local
> government, I know we sure cant afford to replace our entire network
> infrastructure to go to IPv6.  There would have to be a huge lump of
> stimulus for that to happen, and I doubt it will.  Also, what would stop
> hackers from developing an IPv6 ghostnet?  No, I think it's just a classic
> arms race, but what the world needs is a monolithic platform (like windows)
> that is open source.  It needs to be monolithic so that has all the features
> and a huge patch and security crew, and open source so everyone can
> contribute to the security review and afford it.  But that probably wont
> happen in this wicked world.  Linux is probably the best bet.
>
> which begs the question, what are you runing for anti-spyware in linux if
> you think:
> "then that also means that Linux is probably in the mix, although the
> article is OS agnostic, given the Chinese rate of adoption of Linux  in lieu
> of {mostly pirated) instances of Microsoft OS's."?
>
> 2009/4/2 John B. Holmblad <jholmblad@aol.com>
>
>>  All,
>>
>> fyi. As a followup to my earlier message on this thread, Today's WAMU
>> Dianne Rehm segment has a good panel discussion on US Cybersecurity. Here is
>> the url to the www page for the radio show:
>>
>>     http://wamu.org/programs/dr/09/04/02.php#24621
>>
>> I assume that a podcast of it will become available. Interestingly the
>> question of migrating to IPV6 was not discussed/proposed as a mitigant for
>> the problems we all face today. It occurs to me that our US Gov could give
>> IPV6 a needed shot in the arm by requiring that SmartGrid projects that
>> receive US funding and which will in any depend upon Internet based
>> communications must utilize IPV6 and not IPV4. IPv6 is by no means a panacea
>> but it is a step in the right direction for national cybersecurity.
>>
>>
>>  Best Regards,
>>
>>
>> John Holmblad
>>
>>
>> Televerage International
>>
>> GSEC Gold,   GCWN Gold,   GAWN,  GGSC-0100,   NSA-IAM,  NSA-IEM
>>
>> Information security, telecommunications, and information technology
>> consulting
>>
>>
>> (M) 703 407 2278
>>
>> (F)  703 620 5388
>>
>> primary email address:  jholmblad@aol.com
>>
>> backup email address:  jholmblad@verizon.net
>>
>>
>>
>> Bonnie Dalzell wrote:
>>
>> heard about this Ghostnet?
>> http://www.nytimes.com/2009/03/29/technology/29spy.html?_r=1
>>
>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>                         Bonnie Dalzell, MA
>> mail:5100 Hydes Rd PO Box 60, Hydes,MD,USA 21082-0060|EMAIL:bdalzell@qis.net
>>
>> freelance anatomist, vertebrate paleontologist, writer, illustrator, dog
>> breeder, computer nerd & iconoclast... Borzoi info at www.borzois.com.
>> Editor Net.Pet Online Animal Magazine  - http://www.netpetmagazine.com
>> HOME http://www.qis.net/~borzoi/ <http://www.qis.net/%7Eborzoi/>          BUSINESS http://www.batw.com
>>
>>
>>
>>
>> _______________________________________________
>> Novalug mailing listNovalug@calypso.tux.orghttp://calypso.tux.org/cgi-bin/mailman/listinfo/novalug
>>
>>
>> _______________________________________________
>> Novalug mailing list
>> Novalug@calypso.tux.org
>> http://calypso.tux.org/cgi-bin/mailman/listinfo/novalug
>>
>>
>
>
> --
> Anthony Soucek
> _______________________________________________
> Novalug mailing list
> Novalug@calypso.tux.org
> http://calypso.tux.org/cgi-bin/mailman/listinfo/novalug
>
>
>
> _______________________________________________
> Novalug mailing list
> Novalug@calypso.tux.org
> http://calypso.tux.org/cgi-bin/mailman/listinfo/novalug
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.firemountain.net/pipermail/novalug/attachments/20090406/f9b9e9cb/attachment.htm>


More information about the Novalug mailing list