I just added the Jeff Doyle on IP Routing blog to my feed reeder. A couple of IPv6 postings brought me there, and several posts convinced me of the value of keeping up with it.
I like his No Way to Slow Down article on IPv4 depletion. After having read several such pieces on the subject lately, I thought this was a better written and more concise posting than others.
It’s a good sign when a blog is well enough written that I find myself digging back and reading most of the past posts. I’m impressed.
CCNA, IPv6, Routing
In the last couple weeks I have taken an interest in learning more about IPv6. In talking with fellow ServerGuy Todd, I figure that IPv6 will probably be in a mainstream role at some point during my career. Given that thinking, I’d rather be ahead of the curve and start building a good understanding now.
Here is a listing of a few resources I have used so far:
- Wikipedia – Good info to start.
- FreeBSD Handbook – Because we’ve been moving our production systems from Linux to FreeBSD in many cases.
- Everything you need to know about IPv6 – A very good article by Iljitsch van Beijnum who also happens to be the author of Running IPv6.
- Running IPv6 – I am addicted to books, so I just had to fire up the Amazon Prime and get one here stat. I’ve only just started it, but the quick glance and first chapter are very promising.
- Agencies, start your protocols – An article about the upcoming ‘deadline’ for Federal implementation of IPv6, or at least first steps toward it.
- BSDTalk #119 – A nice 15 minute overview of spinning up a lab with IPv6, BSD, and Vista.
That’s it for now, but stay tuned.
IPv6, Networking
So, I turned off the default “allow all to anywhere” LAN rule on my office firewall this afternoon and then created individual rules for the required/applicable ports and protocols. So far, it works great.
This is a good test of the Outbound traffic restrictions mentioned in the PCI DSS. Once I get everything “nailed down”, I should be able to translate what I’ve done here to the “live” cardholder data environment.
Here’s what I have so far:
- 22 TCP
- 53 TCP/UDP
- 80 TCP
- 123 TCP/UDP
- 443 TCP
- GRE
- 1723 TCP
- 3389 TCP
- Block and Log everything else
With the last rule of Block and Log everything, it’s pretty cool to see what’s going on on my LAN segment!
Firewalls, PCI, pfSense
I got my laptop running with monitor mode support for my Intel 3945 under Gentoo. Now, I’d like to look into Kismet. Here’s how it went down:
- emerge kismet
- Edit /etc/kismet.conf
- suiduser=xxxxxx
- source=ipw3945,eth1,kismet
- gps=false
- Start kismet and it looks to run
Right now I don’t have any other wireless clients up and running, so I’ll have to wait till tomorrow to actually watch some running traffic. This looks like a good start so far though.
Gentoo, Kismet, Wifi
Took a first stab at Gentoo yesterday on my Dell Latitude D820. So far I’ve got everything working except the Intel 3945 wireless adapter. It’s up in KDE with nVidai support. Eth0 is working. Most things look pretty good. In the process though, I found several good links on Gentoo and the hardware in the D820:
Dell Latitude D820, Gentoo, Intel 3945, Linux