There is news that because the final IPv4 blocks have been allocated, that IPv6 is supposely “here” now. The news came from APNIC:
APNIC received the following IPv4 address blocks from IANA in February 2011 and will be making allocations from these ranges in the near future:
* 39/8
* 106/8APNIC reiterates that IPv6 is the only means available for the sustained ongoing growth of the Internet, and urges all Members of the Internet industry to move quickly towards its deployment.
Yes, the final /8 blocks have been allocated. And I agree that with the limited number of IPv4’s, we will need to figure out something to do very soon (everyone migrate to IPv6, use more NAT, etc). However, that doesn’t mean that IPv6 is here already…
In fact, I checked the TOP 1 million sites from Alexa and only 1,981 of them have IPv6 enabled in their main domain. It means that only 0.19% of them have it already. Very far from mainstream usage.
From the top 10k domains, only 57 have IPv6 enabled (a mere 0.57% of sites):
171,bit.ly
363,commentcamarche.net
581,heise.de
655,softlayer.com
696,atdhe.net
840,sify.com
1045,jpmp3.com
1051,vg.no
1233,eztv.it
1429,theweathernetwork.com
1460,chicagotribune.com
1690,wikileaks.org
1711,leaseweb.com
2287,dumpert.nl
2390,booksky.org
2550,geenstijl.nl
2685,startribune.com
3021,cyberciti.biz
3033,top100.cn
3182,tokyotosho.info
3345,jumptags.com
3398,filezilla-project.org
3680,xomba.com
3863,jlforums.com
4587,ucla.edu
4624,powned.tv
4706,tribune.com
4782,koreus.com
5624,preissuchmaschine.de
5989,python.org
6050,simplyrecipes.com
6103,gamershell.com
6268,rawtube.com
6412,internic.net
6499,go2jump.org
6517,truetwit.com
6878,photography-on-the.net
7033,spitsnieuws.nl
7096,seslisozluk.com
7149,ripe.net
7395,kino.de
7412,beyondtherack.com
7423,servage.net
7792,open.ac.uk
8039,bahnhof.se
8063,freebsd.org
8172,tribune.com.ng
8185,fedoraproject.org
8312,registro.br
8387,arin.net
8699,italiansubs.net
8876,example.com
8918,weeronline.nl
9253,hemnet.se
9581,tribune.com.pk
9618,burst.net
9780,monash.edu.au
We still have a lot to go until IPv6 is here … My biggest concern is not with the adoption itself, but with the very limited number of people that really understand IPv6 well to make the migration smoothly (ask around, who is familiar with it?).
It’s been almost 5 years since this post. From what Sucuri has told me, they are completing IPv6 roll-out soon. They have internal support, but not external (yet). So, if you have an IPv4 and IPv6 enabled site, you will end up with only an A (IPv4) firewall IP, *or* direct IPv6 traffic directly to the origin server, somewhat defeating the purpose of the firewall. I am hoping they do complete the roll-out soon, because this partial support is definitely insufficient. IPv6 is here. No more stop-gaps.
My overall experience with Sucuri has been positive so far. With any CMS you run the risk of a 0-day exploit hitting you. Using a firewall that is actively monitoring for these is the only effective way to mitigate this sort of attack, and Sucuri is affordable. They have some good post-hack recovery options too, though I’d hope to never have to use them.
I do especially like their WordPress plug-in that can send email alerts on literally every change. Put them in a special folder (filter them) and it creates a nice remote auditing log.