 This is video tape number three. So I wandered around trying to find great smart people who could impromptu entertain you and inform you until you could be located. Here's Swift. Obviously this is totally impromptu so I hope you have no expectations whatsoever because I will surely let you down. However, since Dia was kind enough to inform me that there was a spare spot for which I could kind of spew all my soapbox garbage, here going to be my victims until Simple Nomad shows up. I have several things I want to talk about. The first of which is quality of service and IP version six. Obviously Cisco and some of the other router manufacturers are scrambling and or have already had implementations. These are in place and so we're rapidly approaching an era where at least we are able to deploy IP version six. You've heard estimates anywhere from five to ten years down the road. I've heard next year everybody's got their own bullshit opinion on when it's going to actually be deployed. I want to take an opportunity just to express my dislike and concern over and I think there's a distinct lack of focus on some of the key features of IP version six. They're being called features but really if you break them down and if you really consider the implications of the features are bad. Let's just keep it at that. The first of which is of course, I'll cover the good stuff first for those of you who are not completely familiar with IP version six. Obviously IP version four is what we're using now. It was designed back in the 70s, late 70s by the government and it was not designed for the massive traffic that we have on the internet. The initial initiative to create a new addressing scheme and addressing space was, somebody correct me if I'm wrong here, but I believe it was an IEEE or IETF initiative. So it was your internet engineering task force and everybody knows the IEEE. The solution that they came up with was IP version six. I'm not exactly sure why they skipped version five but hey, maybe they just want to stick to even numbers or something. I've heard the spec, I've looked at the implementations that are out there, especially the Linux implementation. Okay, I'll just talk with you guys. I've also looked at some of the stuff that Cisco's got out there and discussing it and of course obviously the RFC. IP version six is, someone told me and I'm not sure if this is entirely correct but I'll use this anyway, that version six actually has more addresses available. The addressing scheme is larger or more numerous than there are grains of sand on the planet earth. So until they make computers about the size of grains of sand, which I don't know how long that'll be next year or so, then we won't run out of schemes. Did you have something to add to that? I thought I'd write this closely. Every proton can have an IP address. There you go. And it's something like, it's addressed in, I want to say the 32 sets of colon delimited, usually it's written in a colon delimited format and there's 32 sets of two with hex addressing. So somebody can do the math in their head, not me, but that's a lot. And anyway, it's 120 a bit correct, right? So the biggest problem that I have with IP version six is quality of service. Quality of service is built in to IP version six. There are a number of things that are built in, the large addressing scheme, the authentication. IPsec is actually a lot of it. The IPsec implementations are supposedly compliant with the implementation that's set forth in the RFCs covering version six. And so a lot of these things are already in place as far as, at least in theory. And most of them do work in the implementations that I've seen, especially in the line explosion. And quality of service for those of you who don't know is to keep, is to regulate traffic, not necessarily to shape traffic, but it is to regulate the traffic going through massive core routers or even on a small scale. But really the goal of quality of service was so that large providers could take traffic that was considered low priority like us. There you go. That's what I'm getting at. My biggest problem with IP version six is that IP version six, even though it's called quality of service, it is quality of service. It's quality of service for the corporate and the rich and the customers who can pay. Because what's happening in a lot of ISPs, and I'm sure half of you here probably will work for ISPs and you can probably be able to nod your head in agreement that when you go to the bean counters, they tend to want to know why is it that I'm routing traffic for other people who aren't paying me anything? Isn't that something wrong with that? Forget the fact that the internet was founded on that very idea and that they wouldn't even probably be there if it wasn't for that fact. But why is it that we're routing traffic for other people? And especially priority traffic because some old router implementations, especially if you only get technical and push with TCP flags set like urgent and push flags are given higher priority just based on the fact that they have flags set with TCP header. And so your router is actually pushing your traffic a little bit depending on where you're coming from and what kind of flags you have set can push traffic a little faster. And so it's interesting to these people, these what should we call them pony hares or bean counters that they're basically giving a free service. And they don't seem to understand that the fact that there's traffic coming in as well that other people are routing their traffic for free, that idea just doesn't seem to take hold very well. But IP version 6, see IP version 6 is the fix to all this. It's wonderful because you combine the fact that you can use quality of service and type of service routing which means that if a packet comes from this guy that pays me a lot of money, I want to route that at high priority. If the packet comes from Swift trying to tell that to his machine, I want to route that to the lowest possible priority. And not only when I say priority, I don't just mean dropping packets, I mean latency as well. Cisco's implementation actually changes, you can actually cue your latency, what's the way to describe it. It'll actually lower your latency if you are at a lower priority and your type of service flags are set as a lower priority than someone that they have set at a higher priority. Well, obviously this opens up a whole range of things for hackers to try to screw around with. But the biggest problem, one of the big things that face the hacker that tries to hack IP version 6 is it is quite secure. The implementation, I won't say quite secure, but it's much better than IP version 4 because it has built-in crypto. You have built-in ND5 authentication headers. That's just one way you can do it. I mean, you can just plug in your own, if you want to break the spec a little bit, you can plug in whatever you want. Shower, whatever kind of hashing that you want to use or checksums that you want to use to make sure that the packet came from the guy who's, you know, Simon checks to you at the end of the month. And so my biggest problem with it is that. Another problem is that I've been, I've kind of, this is where I'm going to go off the deep end here, but I have a lot of conspiracy theories about IP version 6 because some of the big encounters love it because they're quality of service. Those who understand it, and I'm sure that that idea is really going to catch on soon. It is catching on, but I think it's going to catch on like wildfire when it actually shows up in business journal or something. But I think that the other big problem is that people fear it because of the IP security implementations that are already, have already been established and being put into practice even in version 4. We've sort of torn out that little module because everybody was screaming for it and stuck it. And most, I think any IRS version of past 11.2 for Cisco routers has got some level of IPsec implementation into it. Some of the routers have actual crypto wicks in the column that you plug into them. That is basically a facility for you to tunnel from one end to the other with a crypto tunnel. And some of it, some of the other routers have the AGS routers. Paul, you can probably correct me on this. You have worked with AGS stuff. I'm sure you have. Look at the stick on his face here. Have you worked with the crypto stuff for the AGS? No, because I've killed all the AGS. Well, they have the crypto modules, the black box modules, the VMe cards that you plug right into the sides. Have you ever seen one of those? AGS. Well, I guess it's AGS pluses that I'm thinking of, but they're still AGS models. They're rare, but they do it. They're pre-IPsec and they do exist. There does implementations. And so you have one side who causes the crypto, you inflame the crypto mass hysteria. And then quietly, while we're pushing Steamyhead trying to get crypto pushed through every orifice that we can possibly get it into, you end up with, you end up, we're actually trying to help IPv6 alone because we're facing the same problems that all the businesses are facing, lack of address space, lack of authentication, that type of thing. But to sort of wrap up and to keep from being redundant, my theory about version six is this. The internet, we'll see if my prediction comes true, but the internet's going to turn into something akin to television, if IPv6 takes hold and takes off. Because those, the teaming unwashed hordes are not the ones, as I said before, signing the checks to Sprint and MCI and Quicks and everybody else who's got Sonic Networks stretched across the world. And sharing traffic and another factor is the fact that all these links now are sharing traffic with voice over IP. And there are a number of implementations and a number where obviously Cisco's got to be pursuing the market or more. That's the last figure I heard. And so WERS is the most popular. But not everyone, not all networks, especially when we talk about great big MAEs with Sonic running through them, not everybody has separate links for voice over IP. So they would really love to be able to push their traffic over yours. And I'm not completely against having video conferencing and that kind of multicast traffic with higher priority. But the problem is that priorities and type of service keys are not, the point is that they are not based on the service. And that's the illusion. They're not based on what you're doing. They're based on who you are paying. And so the people that have the money right now, obviously the corporations have went, I'll go off on a tangent here until a simple sentence shows up. Has the sentence showed up already? Okay. Let me just interrupt him midstream. So he loses complete stream of thought there. First of all, if anybody is looking for area A, the newbie area, you get to it through by going through the hotel. Access it that way. Number two, this is obviously not the newbie area. So if you have no idea what he's talking about, you probably shouldn't be here. Because it would make a lot of sense to you. Number two, you can hear earlier the whole thing about putting cigarettes out on the carpet. Bad notice. I've gone through some sensitivity training. So last year I would have said, thank you. Last year I would have said, what in the hell are you thinking? I'm going to say help me understand. What the hell are you thinking? Did mommy not let you put the big boy pants on? Don't put the cigarettes on the carpet. Put all your friends back. Put it out in a cup of coffee. Put it out on the ashtray. That's what belongs. Put it out on the ceiling. Put it on the ceiling. If you're wearing a staff shirt, don't say that. So I'm going to let him hop back on. After this we're going to Mr. Belchow. I believe I'm giving you a quick speech. And I'm going to turn back over to you. And I have a special announcement on the AGS. Cool. All right. Well, I'll wrap this up if someone else is going to hop on. But let me get... How about this? All right. Back in about...in the 1900s, in small towns, there were about, say, a town of 30,000. You would usually find about... sometimes around three, as many as nine newspapers in a small city. And what happened was, towards the 1950s... Well, let me take this back one more step. All the people that owned these newspapers, they were family-owned. The media, there wasn't this big corporate media state. All the newspapers were family-owned. And what happened was, they... they managed to... because they weren't public and because they didn't have to report what they made to the SEC, only to the IRS, which is obviously not available to all of us, maybe some of us. But anyway, what happened was that they went quite a while with the illusion that they weren't making any money. And so no one was really that interested in newspapers because no newspaper was a losing business. And newspapers were really crying a lot about how they had to... how they had this great operating cost. And they really did. There wasn't a lot of margin around the turn of the century, but that all changed. Towards the 1950s, people got the notion that they could actually really give away newspapers. And they could... And at the time, the only way to do that was to sell advertising. And so they... that's... I mean, if you pick up a newspaper now, it's, you know, two-thirds ad, one-third content, and most of the content is syndicated. It's not local content anyway, or at least a proportion of it. So what happened was in the 1950s, all these people who had owned newspapers for generations, like there was a... there was this law, and I don't know if it's still in the books, but at the time, the third generation that gets passed down on inheritance from a large estate, there's a great big inheritance tax that they get hit with. And because they were... because these newspapers were privately owned, the inheritance tax just killed these people, and they didn't want to pay it, obviously. And so what they did instead was they incorporated before dad died. And so when you incorporate, you shelter it a little bit from taxes, and you all know about, you know, how the government favors corporations as far as the tax laws and just about anything else. But at the time, they incorporated as small, you know, corporations. And then in the 60s and 70s, as things marched on, they started to merge. All these newspapers, where what happened is, you had communications companies, number one, that were buying up newspapers. Then you had these mega-rich people like Rupert Murdoch, who would go out and buy a newspaper in one city, and then they would go to the other mega-rich newspaper bearing and say, this is actually relating to computers. I'm going somewhere with this. They would go out and buy another newspaper, and then they would kind of get together and they would do something called collusion. And they would say, I'll tell you what, if you closed down your newspaper in San Francisco, I'll close down my newspaper in Dallas. Sounds good to me. Okay, boom, and they did it. That's the fact that, like, maybe you have things like syndicated columns where one guy can write and 80 papers get it. What happened was, you had a focused conglomeration of all the media entities, and we're all familiar with that. I'm sure that's common knowledge. But with IP version six coming into existence, and with the internet just exploding all around us, I think it seems like it's glaring me in the face that it is the next logical step. And I think we've all seen how... I used to work in an ISP about two years ago, two and a half years ago. It was a small ISP, and we had about 500 customers. And I ended up... I wanted to move out of the city. I got tired of living there. So what I did was I ended up selling a lot of my customer base to another ISP, and just kind of switching everybody over. And so I guess you could call that a merger in a way. We were incorporated. But then I came back, right before I came to DEF CON, they had been bought out by Morris Communications, the ISP. And then I asked a guy that worked for the Globe News that was also owned by Morris Communications, why are you buying up ISPs? And he said, well, I talked to the vice president about that, and he said, it just sounded like the thing to do. It sounded like the thing to do. Okay. The internet is the next big thing. And I wasn't around, but I have a feeling that television was sort of along the same lines because I have seen some of the old commercials back in the 1950s when people started actually going out and buying TVs. And it did occur to me, and it also occurred to a guy named Benjamin Bagadiki who wrote a book called The Media Monopoly. You should definitely check out that book if you haven't read it. It's an excellent book. It's not a conspiracy theory book. The guy goes through and documents everything he says. But it seemed apparent to him that back in the 1950s, commercials were so silly that they were a joke because you had a lot of programming that was very serious. And so what ended up happening was the commercials would come on in the middle of the serious, you know, ipsin or something, some drama, and they would just be like, you know, happy, happy, beer, beer, you know, and so you'd have a... it seemed completely ignorant. But nowadays, commercial programming is so brainless that when it does come on, it just basically, it just flows right along with the programming. And marketing people have a term that they're using. It's called the buying mood. And the buying mood means that you're not thinking. So when you're not thinking, it's easy to sell your product by just showing you a lot of boobs or showing you, you know, whatever you want to see and a fantasy, essentially. And it just goes right along with the fantasy that you've been watching, the brainless fantasy that you've been watching on television. Obviously, I'm not pro TV here. However, when I'm sitting in front of my computer, I'm interacting with it, right? Personally, I'm a Unix nut, you know, I don't know anything against anybody else, but I'm sitting in front of it, you know, I'm sitting at a show prompt and I have to type in, I do, I am screwed. That's it. I mean, that's as simple as that. So I'm thinking. And it occurs to me that when you can control who gets the high bandwidth and the broadband access, or the broadband access, server access, where they can actually, where they can set up servers on T3s and Sonnet Nets, like Sprint, MCI and all the others, and MSNBC, these types. It occurs to me that at some point, they're going to realize that I'm not in a buying mood. And that's bad because when I'm not in a buying mood, they can't sell me stuff. And so the solution to that is to make it so hard for me to use the services that I want to use and make it so easy for me to just get on and watch, you know, Baywatch or some dribble on my, you know, internet at will every episode, marathon with just, you know, a tad of commercial programming. It seems like a much more profitable enterprise. And I don't think I'm the first person to think that to dream this up. Call me a conspiracy nut. But anyway, I am about to talk that and I don't want to get redundant on you people. I'm sure most of you have probably had the same exact thought, but I wanted to just kind of lay it out on the table and, you know, if anybody wants to talk to me about it over beer or something like that, I'd be happy to do it. So I'm sure, oh, we've got questions. Cool. Discussion. I think quality of service is, I think type of service flags in the IP version 6 headers and quality of service shouldn't have been engineered. See, it was engineered for these people. IETL, I mean, it was engineered by engineers, smart guys, people who are much smarter than me, I'm sure, but it was engineered by people who somebody was signing a check for them. This wasn't a free standard. Nobody came up, nobody wrote this and submitted it. This was a task force that actually came up with this. So my, this is the whole OSI versus TCP thing or TCP IP. The OSI approach has always been get a whole bunch of people, pay them a lot, put them in a room, come up with a really cool standard and see if we can get anybody to implement it. And the TCP IP model has been well, whatever happens when you put a whole buttload of people in the same room together, in the same network together, whatever they seem to sort of converge on, that's what would make the standard. Once you've converged on it long enough, then do it. And that's what I think should happen to IP version 6, personally, if I could have my way over everything, I would like to see the type of service flags in IP version 6 be directed towards service. You know, not, and the services be somewhat logical and not keys like, well, urgent flags in IP version 6 are set by originators and originators are authenticated. So, meaning if you're, let's say you're CNN and you're paying Sprintnet, well, you automatically get priority. And that's kind of weird. I mean, it may seem like a great marketing idea and it probably is. It'll probably make a handful of people a whole lot of money, but it's not going to help me. And so I would like to see things be a little more practical, directed towards the actual type of traffic that's being passed. And I think, and yes, I think version 6 should be re-engineered. I think that it should be more practical as well because the addressing scheme is, right now, the implementations are, because of the cryptography that's involved, are shaky and untested. And I just think that it should have been one of the things that were sort of thrown to the masses and then regurgitated in some usable form. Anybody else got anything to say? This guy. You think that with your access to that network, when you go on, I mean, you start that, you go to the cable, and it's down to the ESL, and I mean, it's got to hold it on completely like that. You form it from 8. Right on. Downstream. Broadband access is everywhere, sure. It's really sweet, you think there's really going to make any difference. Like, I know that with your network, small ISPs are having a problem getting... Sure, you run a bunch of people into your mucks and you've got, even though they've got 10 megabit on a super cable mode, and you're still plugged into a T1 kind of thing. Do you think there's going to make any difference? Do you think technology is going to advance for the next years and years where people at home are going to be able to get in a band that's going to make any difference? Ooh. Like, what for grace is that to pay? Well, that... I see things blue, I mean, like... I think I know what your question is, because I've had this discussion, again, like over beers and let me paraphrase for you. You've got so much bandwidth out there. You've got so much... There's so much available to the average user like he says, you know, you pay 40 bucks a month and you get broadband access, you know? And there are some of the problems. I think the problems that we were just kind of discussing like, you know, your upstream is saturated or you've got, you know, some kind of routing problem or there's a technology problem like some... I know that with some DSL loops you end up having a shared collision domain once you get out under the fiber and then you get saturated there. But I think, you know, technology's going by loops and downs and I'm sure... I don't know whether everybody would share this with me, but I think that those... the bandwidth problems will be resolved as far as being able to pass a lot of traffic. The problem is that when you get down to the core of the net it really... I mean, you're getting into the 2 gigabit stuff nowadays and even bigger, you know, with the dual and triple and quadruple distributed fiber EMAEs and this kind of thing. But I still think that as our needs grow, let me give you an example. Take cable TV. This was the same deal with cable TV. Everybody out there's got a video camera. I mean, you know, what's the percentage of people with video cameras? Lots of people. Lots of common Joe's have video cameras. There are laws in most states and I don't know if they're federal statute, but I know that when cable was sort of being tariffed and people were just trying to figure out what to do with cable when it was a nice new thing, they said, we need to make sure that the common man has to have access to cable. We need to make sure that the common guy has got a public access cable channel and that he can get to it, you know. I still use that in Colorado Springs where I live. There's a very public access cable channel. It's crap. I turn it on and I see, like, well, crap, basically, you know. Various types of crap, but it's all crap. And the reason it's crap is because like, the few times when I do watch TV, like, I gotta admit, you know, I like Star Trek, okay. So I turn over to Star Trek. Now, there's probably some guy who's got a video camera and he's going around taping, you know, animals at the zoo I saw one time and, you know, how to speak Spanish, this kind of thing. I mean, useful stuff, valid stuff, but he's, you know, it's grainy and gosh, you know. There's so many more. There's, there's cool, there's seven of nine for Christ's sakes, you know. I mean, how is she gonna, how are you gonna compete with that, you know. And I see the same thing happening with broadband access. I think, I mean, with my website and my limited time, I mean, hell, I have to earn, you know, I have to go to work and I am a normal person. I don't have a production studio and broadband access, here we go. We're streaming video now. We're streaming audio now. And so, I mean, I see it going the same direction. I see me being the public access cable guy screaming, I'd be between sixes bad, you know, or bad is good, baby, go with government, you know. I mean, for something, you know. And, you know, and then you flip it over or get in your channel bar and go into, you know, Baywatch or seven of nine, in my case. So, and really, I feel like that completely drains, that completely puts stress on people, new users of the internet who are never gonna experience what I experienced. They're never gonna experience at least 56K line to the university and thinking, God, I am God, you know. You know, I mean, you know, just things like that, you know. So, I agree with you, but I don't think it'll make a difference. Anybody else? Actually, the internet too is like a buzzword. That's what, is there anybody from CNN here? From CNN, guys. Yeah, that's what people like CNN and other clueless individuals use for, for, for Virgin Sick. Not saying you're clueless, it's a valid question and I had to ask the same question. But... Internet too. Internet too, actually the internet too encompasses a few other things. It encompasses some of the larger backbones that they're trying to build like with the universities and that type of thing, but they are deploying IP version 6 on those networks. So they're kind of synonymous, not exactly, but usually when you talk about internet version 2 you're talking about a whole spectrum of things and it's really, it depends on who you're talking to, whether it's CNN or NBC or whoever, you know, time. Anybody else? I'll vacate. The author's name is Bing Bagadikian. That is an awesome book. It's awesome. It's not for people who enjoy reading fiction because it's like fact, fact, fact, fact, fact, fact, fact, fact. But it's really good. Bagadikian, we can find it. It's published funny enough. It's published by some kind of independent publisher because he couldn't get it published by any of the corporate publishing houses. They didn't like him standing there. Anyone else? Anyone else want to question? Back here. I'll end it here. There have been too many assumptions that I wanted to say. I'll start with the assumption that IP version 4 did not, you know, IP version 4 was a D-O-D-Y. Well, IP version 4 did not, you know, IP version 4 was a D-O-D-Y. Is there an assumption that people like you and I, I mean, I would never trust the D-O-D-Y because it's not about anything else, you know? Yeah, for sure. So, I think it came evolving because you came up with a new stuff. And the protocol is true. The protocol is a tool of infrastructure like that. Right? I'm not sure if you can get it. You may not, but it'll be first on you if you run out of addresses. Especially when people get out class C's like they were free. You! No, Paul has done us a big favor about hooking us up and we could probably use it out more than that. But just to address that, I think there is a critical difference and the critical difference is that IP version 6 has sort of been thrust upon us by the industry. IP version 4 was adopted in lieu of OSI, SNA, and all the other standards that were available. You know, we could have done all these other things, but we sort of said oh, this is cool, let's do that. The guy back here, you had a question. This is true, you have a valid point of view. This is just a difference of opinion. My opinion is that the model works fine. The deal is that there's not an immediate there's not an immediate I'm reaching here there's not an immediate gain for passing someone else's traffic. So we have a very short-sighted corporate media state. And if your bottom line and your shareholders are not happy and I think that that's the attitude that was spawned in version 6. Version 4 can still be profitable and it can create an atmosphere that's very conducive to learning and advancement. But I think that version 6 could be the same. I just think that there's a critical difference in that you know, this was not again, this was not designed by someone else and we just kind of adopted it. based on us. Looks like we've got another speaker coming in. THANK GOD! So I'll quit struggling and get out of your face and you can enjoy someone who knows what you're talking about. Thank you very much.