Leading websites that enable IPv6 now at 2.68%

the admin — Fri, 05 Oct 2012 11:23:19 +0000

There is a need for web site owners and business to enable IPv6 on networks and public facing Internet services. HackerTarget.com has completed a second survey of the websites in the Alexa Top 1 Million to review the latest progress. The survey tested each host for the presence of an AAAA DNS record. This is the record type that points to an IPv6 address.

In March 2012 we conducted a similar survey, that was presented in an info-graphic. Since March 2012 there has been an awareness campaign and much press around World IPv6 day on June 6th 2012. These latest results are a good indication of how much progress has been made.

Total IPv6 Enabled Sites in the Top 1 Million

In August 2012 there were 26776 IPv6 enabled websites in the Alexa Top 1 million. This compares with 11237 in March 2012.

Websites that enable IPv6 by Netblock owner

In this chart we start to get a picture of where the increase in IPv6 enabled websites has come from. Google has played a major part in this increase. In fact digging deeper into the results reveals that apart from some relatively small increases the only major change since March has been due to the adoption of IPv6 by Google based properties.

Top Hosting Providers and Netblock Owners of IPv6 enabled websites in Top 1 million

Websites that enable IPv6 by Country

Earlier in the year, we saw Germany, Russia and other European nations were well ahead of the USA in the adoption of IPv6 as a percentage of the sites in the country. Now it is clear that the move by Google to enable IPv6 across its web sites has given the United States a given a major boost.

Dark blue are the numbers from March, with the lighter blue the latest August 2012 numbers.

IPv6 enabled web servers

Finally we see again the huge difference that Google has made in the statistics. The GSE server is Blogger / Blogspot powered web sites. Google Front End and GWS are the servers of other sites within the Google web site property base.

In the event that you have not caught on yet, the primary reason why the move by Google to enable IPv6 has caused such an impact on the results is that Blogger and Blogspot make up around 15'000 sites in the Alexa top 1 million. In fact a simple search shows 14914 sites with .blogspot. or .blogger. in the web site host name. Hence when these Google owned properties enabled IPv6, the number of sites in the Alexa top million with IPv6 addressing more than doubled overnight.

Did you know that your IPv4 firewall may not be protecting against IPv6 traffic?

Online Port Scanning
IPv4 and IPv6 Join HackerTarget.com
Immediate Access

The post Leading websites that enable IPv6 now at 2.68% appeared first on HackerTarget.com.

Firewalling Ubuntu with UFW for IPv4 + IPv6

the admin — Thu, 20 Sep 2012 10:14:53 +0000

Under Ubuntu, you can quickly build an iptables based firewall using the handy built-in firewall configuration tool UFW - Uncomplicated Firewall.

Network architectures will vary, but if you are deploying Internet facing Servers you generally should be configuring a host-based firewall. It can protect listening services that don't need to be Internet accessible. In addition, a firewall can make life more difficult for an attacker who does gain a foothold. For example, making it tougher to create a backdoor listener.

When deploying an Ubuntu host-based firewall, consider using the excellent open source HIDS (Host-based Intrusion Detection System) software OSSEC.

The Ubuntu documentation portal has a good rundown on implementing UFW.

A summary of UFW and Ubuntu Firewalls

Set the default rule, in case you are wondering this should be default DENY.

sudo ufw default deny

Logging is generally another good idea, lets enable it.

sudo ufw logging on

If you are connected over SSH then set your SSH allow rule now.

sudo ufw allow 22/tcp

HackerTarget.com runs SSH on 2222 to avoid brute forcing SSH bots. The command is:

sudo ufw allow 2222/tcp

Turn the firewall on (this applies the iptables commands).

sudo ufw enable

Turn the firewall off.

sudo ufw disable

Allow port 80 (for your webserver to server HTTP).

sudo ufw allow 80/tcp

Allow port 443 (as we have SSL enabled for our clients security).

sudo ufw allow 443/tcp

Allow port 25 (for your Email SMTP)

sudo ufw allow 25/tcp

You get the idea. It is also possible to enable rules that allow and block from specific IP addresses. After all, it is just a script for iptables. See the Ubuntu Docs for details on this.

This command shows the firewall running and configured. Now do a port scan and test it for real.

sudo ufw status

Since we run VPS servers on Linode and have configured dual stack IPv4 and IPv6 addresses, our web server is happily serving on both protocols. iptables and ip6tables are two separate commands for the configuration of IPv4 and IPv6 firewalls. The excellent thing about UFW is the above commands enable the firewall on both IP stacks.

Note When configuring firewalls remotely,i.e. your remotely hosted webserver, it is a good idea to take care and have an out of band access method as a backup in case you break your connection. Many a firewall administrator encounters a period of elevated heartbeats while connected remotely to a device... You push the new firewall configuration and suddenly your RDP or SSH session pauses...... of course you don't make mistakes and it was just a temporary hiccup with the session now restored. Right?

The post Firewalling Ubuntu with UFW for IPv4 + IPv6 appeared first on HackerTarget.com.