Automation

Just some small updates to the scripts that generate the lists of IETF Drafts and RFCs. A few bug fixes mean that especially with the RFCs they should cross-link better when it comes to updates and obsoletes.

Introducing Bad Dockerfile

After a chat with Ian Miell who was having issues testing out various Docker image scanners I’ve created the Bad Dockerfile project. This is a simple utility which is made of vulnerable software with known CVEs.  The idea is you can run it against various Docker image scanners and see which CVEs it catches and which ones it doesn’t.  Give it a go and let me know.

Updated RFCs

Added some new RFCs today including:

  •  rfc7739: Security Implications of Predictable Fragment Identification Values

  •  rfc7721: Security and Privacy Considerations for IPv6 Address Generation Mechanisms

  •  rfc7610: DHCPv6-Shield: Protecting against Rogue DHCPv6 Servers

  •  rfc7381: Enterprise IPv6 Deployment Guidelines 

  •  rfc7219: SEcure Neighbor Discovery (SEND) Source Address Validation Improvement (SAVI) 

Ping

The site is still kicking (despite the lack of updates from me).  I think it’s becoming more of a historical artefact its self than reporting on on-going events.  The RFC and Draft RFC list updates are kept up to date as that happens automatically but I probably need to do a scan for anything new.  I’ve been going though and removing all the dead links which unfortunately are adding up !  I do have a local copy of everything on the site but just need to figure out if me hosting the content is the best way forward.

Still Alive

I know it’s been a little while since the last update but I’m still trying to keep the site alive with some relevant content.  I’ve just removed some dead links and also included RFC7113 on RA-Guard. In addition to this added a bunch of more recent whitepapers from the 2011-13 North American IPv6 Summit meetings as well as DEFCON.

Tools update

The security tools section has now been updated to separate out the more attack specific tools and this list has also been updated.  In addition to this there are some minor RFC and IETF-Drafts updates.

Draft Updates

Some more draft updates including:

  • draft-gont-6man-predictable-fragment-id-03.txt
  • draft-gont-opsec-ipv6-host-scanning-02.txt
  • draft-gont-opsec-ipv6-implications-on-ipv4-nets-02.txt
  • draft-ietf-6man-oversized-header-chain-02.txt
  • draft-ietf-v6ops-ra-guard-implementation-07.txt
  • draft-macaulay-6man-packet-stain-01.txt

Housekeeping and Updates

Quite a few updates today including some housekeeping and removal of some dead links.  The general round of updates on RFCs and IETF drafts was also done to make sure they are all the latest versions.  Added some whitepapers from 2011 and a new toolkit for security assessments of IPv6.