Networking with IPv6 Only annoyances

Currently i see a big sites reachable by DualStack but there are still some (for me)  websites that i thought they should be already support IPv6

download.mozilla.org

for  Downloading Firefox is using Amazon infrastructure

Name:    bouncer-bouncer-elb.prod.mozaws.net
Address:  52.86.71.202
Aliases:  download.mozilla.org

Location Ashburn,Virginia,United States,North America
ISP: Amazon Technologies

To see progress goto https://bugzilla.mozilla.org/show_bug.cgi?id=1244282

Ubuntu

https://launchpad.net Addresses:  91.189.89.222, 91.189.89.225 Canonical Ltd

https://answers.launchpad.net/launchpad Addresses:  91.189.89.224, 91.189.89.225

https://wiki.ubuntu.com/ 91.189.89.153

All Ipv6 only no reachable

IPv6 Support in Microsoft Products and Services

https://technet.microsoft.com/en-us/network/hh994905.aspx

Android

IT pros blast Google over Android’s refusal to play nice with IPv6

DHCPv6 is an outgrowth of the DHCP protocol used in the older IPv4 standard – it’s an acronym for “dynamic host configuration protocol,” and is a key building block of network management. Nevertheless, Google’s wildly popular Android devices – which accounted for 78% of all smartphones shipped worldwide in the first quarter of this year – don’t support DHCPv6 for address assignment.

Why the lack of DHCPv6 support is a problem

http://www.techrepublic.com/article/androids-lack-of-dhcpv6-support-poses-security-and-ipv6-deployment-issues/

Current Status of IPv6 Support for Networking Applications

see http://www a9tc97v.deepspace6.net/docs/ipv6_status_page_apps.html ( LINUX/BSD)

Apple Will Require IPv6 Support For All iOS 9 Apps ( but still pending , my comment?)

http://www.internetsociety.org/deploy360/blog/2015/06/apple-will-require-ipv6-support-for-all-ios-9-apps/

 

 

FOSDEM: IPv6-only wireless network again!

https://fosdem.org/2015/news/2015-01-31-ipv6-only-again/

IPv6-only wireless network again!

Last year we turned off IPv4 on our main FOSDEM wireless network. They idea is to confront developers with the IPv6-reality and encourage them to fix bugs. Progress has been made, but there is a lot of work left to do!

FOSDEM is a unique opportunity to confront thousands of developers with an IPv6-only reality. We are hopeful that making our default network IPv6-only will encourage people to fix bugs in applications and devices.

The FOSDEM network has NAT64 and DNS64 transition measures in place for communicating with the legacy internet. For those who need it, the FOSDEM-legacy wireless network provides the same dual stack connectivity we offered on FOSDEM prior to 2014.

While last year we had “seatbelts” in place for flipping FOSDEM back to dual stack, we decided not to implement those this year. If the main network catches fire, we will just have to fix our bugs!

  • FOSDEM: IPv6-only, provides NAT64 and DNS64. Recursive DNS resolvers announced with RA and DHCPv6. If you need to configure DNS manually, use 2001:67c:1810:f056::2 and 2001:41d0:2:1959:21c:c0ff:fe88:6f58
  • FOSDEM-legacy: provides native IPv6 and legacy IP connectivity. No DNS64.

But still Android has issues
https://code.google.com/p/android/issues/detail?id=32629https://code.google.com/p/android/issues/detail?id=32621

viagra cialis levitra discount Moving to IPv6 in the enterprise

We heard for years that IPv6 is comming. But it did not happen.

I was monitoring the progress and started to improve my  own knowledge. I was browsing how  i could get IPv6 access for me. I identified https:// www.sixxs.net and Gogonet  as tunnel Broker. Coupon for Levitra 20 mg

Start geting your IPV6 Range and Tunnel from free tunnelbrokers: SixXS, Hurricane ElectricMake your IPv6 Basic Certification !

Seven Web Server HTTP Headers that Improve Web Application Security for Free

http://recxltd.blogspot.ch/2012/03/seven-web-server-http-headers-that.html cialis tablets sildenafil online overnight Levitra Vardenafil

X-Content-Type-Options
The ‘X-Content-Type-Options’ HTTP header if set to ‘nosniff’ stops the browser from guessing the MIME type of a file via content sniffing. Without this option set there is a potential increased risk of cross-site scripting. how much are viagra per pill generic viagra

Secure configuration: Server returns the ‘X-Content-Type-Options’ HTTP header set to ‘nosniff’.

X-XSS-Protection
The ‘X-XSS-Protection’ HTTP header is used by Internet Explorer version 8 and higher. Setting this HTTP header will instruct Internet Explorer to enable its inbuilt anti-cross-site scripting filter. If enabled, but without ‘mode=block’ then there is an increased risk that otherwise non exploitable cross-site scripting vulnerabilities may potentially become exploitable.

Secure configuration: Server returns the ‘X-XSS-Protection’ HTTP header set to ‘1; mode=block’.

X-Frame-Options
The ‘X-Frame-Options’ HTTP header can be used to indicate whether or not a browser should be allowed to render a page within a >frame< or >iframe<. The valid options are DENY, to deny allowing the page to exist in a frame or SAMEORIGIN to allow framing but only from the originating host. Without this option set the site is at a higher risk of click-jacking unless application level mitigations exist.

Secure configuration: Server returns the ‘X-Frame-Options’ HTTP header set to ‘DENY’ or ‘SAMEORIGIN’. buy viagra online without prescriptions where can i buy cialis online

Cache-Control
The ‘Cache-Control’ response header controls how pages can be cached either by proxies or the user’s browser. Using this response header can provide enhanced privacy by not caching sensitive pages in the users local cache at the potential cost of performance. To stop pages from being cached the server sets a cache control by returning the ‘Cache-Control’ HTTP header set to ‘no-store’.

Secure configuration: Either the server sets a cache control by returning the ‘Cache-Control’ HTTP header set to ‘no-store, no-cache’ or each page sets their own via the ‘meta’ tag for secure connections.

Updated: The above was updated after our friend Mark got in-touch. Originally we had said no-store was sufficient. But as with all things web related it appears Internet Explorer and Firefox work slightly differently (so everyone ensure you thank Mark!).

http://blog.httpwatch.com/2008/10/15/two-important-differences-between-firefox-and-ie-caching/
http://palpapers.plynt.com/issues/2008Jul/cache-control-attributes/

X-Content-Security-Policy
The ‘X-Content-Security-Policy’ response header is a powerful mechanism for controlling which sites certain content types can be loaded from. Using this response header can provide defence in depth from content injection attacks. However it’s not for the faint hearted in our opinion.

Secure configuration: Either the server sets a content security policy by returning the ‘X-Content-Security-Policy’ HTTP header or each page sets their own via the ‘meta’ tag

Strict-Transport-Security
The ‘HTTP Strict Transport Security’ (Strict-Transport-Security) HTTP header is used to control if the browser is allowed to only access a site over a secure connection and how long to remember the server response for thus forcing continued usage.

Note: This is a draft standard which only Firefox and Chrome support. But it is supported by sites such as PayPal. This header can only be set and honoured by web browsers over a trusted secure connection.

Secure configuration: Return the ‘Strict-Transport-Security’ header with an appropriate timeout over an secure connection.

Access-Control-Allow-Origin
The ‘Access Control Allow Origin’ HTTP header is used to control which sites are allowed to bypass same origin policies and send cross-origin requests. This allows cross origin access without web application developers having to write mini proxies into their apps.

Note: This is a draft standard which only Firefox and Chrome support, it is also advocarted by sites such as http://enable-cors.org/.

Secure configuration: Either do not set or return the ‘Access-Control-Allow-Origin’ header restrict