IPv6 and security: news from the front – January

This article is a summary of the latest news related to IPv6 and security, in the same spirit as the one published last month.

Published articles

Rafa Sanchez publishes a series of articles entitled "« IPv6 Hacking »"Dealing with attacks that can be carried out on the IPv6 protocol. Three of the six articles in the series have been published so far. The articles do not present new attack methods, but the examples are detailed and clear.".
Xavier Mertens has developed a tool to detect rogue routers: rrhunter. He published an article entitled "« rhunter: Detecting Rogue IPv6 Routers » on his blog detailing the benefits of a «rogue router» attack and how to detect such an attack.

Conferences

Fernando Gont published the slides from his presentation titled "Hacking IPv6 Networks," used at the DEEPSEC conference last November. In it, he provides a quick overview of IPv6 and a fairly comprehensive look at IPv6-related vulnerabilities and attacks (there are 214 slides). The presentation materials are very helpful.

RFC

There RFC 6434, The "IPv6 Node Requirements" document was published in December and updates the RFC 4294 which dated from 2006. This RFC defines the elements necessary to implement in an IPv6 stack. Regarding security, an IPv6 stack no longer necessarily has to support IPsec to be compliant with the RFCs:
• RFC 4294: «Security Architecture for the Internet Protocol [RFC-4301] MUST be supported. »
• RFC 6434: «Security Architecture for the Internet Protocol» [RFC4301] SHOULD be supported by all IPv6 nodes. »

Vulnerabilities

A vulnerability, CVE-2011-4868,A vulnerability in the ISC BIND dhcpd server has been fixed. This vulnerability, which caused a denial-of-service condition by crashing the process, was due to improper handling of Dynamic DNS with IPv6 addresses in the logging mechanism.