Events

The event will take place on June 6th World IPv6 Launch. This day will follow the World IPv6 Day In 2011, hundreds of companies (Google, Facebook, Yahoo!, Akamai, etc.) activated IPv6 for 24 hours as part of a large-scale test. The event having gone well, the 2012 edition aimed to activate IPv6 permanently.

Published articles

Fernando Gont published an article entitled "« First-hop security in IPv6 »Comparing the security mechanisms of a local network in IPv4 and IPv6, the author summarizes that in IPv4, there are effective tools to block attacks such as ARP spoofing or those exploiting the DHCP protocol. Examples include Arpwatch and DHCP snooping mechanisms. Address spoofing can also be easily detected since each host has a unique address. In IPv6, the Neighbor Discovery protocol, the equivalent of ARP, is IP-based, making it possible to bypass security mechanisms (fragmentation, Extension Headers, etc.). The same applies to Router Advertisement messages, the equivalent of DHCP. Regarding address spoofing, an IPv6 host can have multiple addresses and change them regularly; this is, among other things, the default behavior of Windows 7. The author concludes by stating that there is still work to be done to improve IPv6 security in local networks.

Following the announcement of the World IPv6 Launch, Patrick Lambert wrote an article questioning the impact the World IPv6 Launch will have on information systems security. Titled "« World IPv6 launch day set: Security pitfalls to look out for »The article reviews the potential security problems that IPv6 could introduce. First, implementing IPv6 can be complex because it requires managing two protocols (IPv4 and IPv6), and there are many different transition mechanisms (4to6, 6to4, ISATAP, Teredo, etc.). This complexity can lead to errors and therefore security issues. Second, the absence of NAT makes all hosts potentially accessible from the internet. Third, IPv6 stacks are not as mature as IPv4 stacks, and some may be affected by as-yet-unknown vulnerabilities. Finally, it is relatively easy to impersonate an IPv6 router and thus impact a large part of a network.

Arbor Networks has published its annual report "« Worldwide Infrastructure Security Report »The report is based on network data. ATLAS to identify trends regarding internet security. There is a chapter entitled "IPv6 Observations" which includes several graphs, one of which shows the IPv6 security problems encountered by businesses (Figure 64, page 42). Here is a summary:

• 65% of respondents (%) find that there is a lack of equivalent features between IPv4 and IPv6.
• 60 %s face a lack of visibility into IPv6 traffic
• 59 % are facing configuration problems
• 52 % are concerned about DDoS attacks
• 47 % are concerned about vulnerabilities in IPv6 stacks

Tools

Tenable Network Security has published an video This is a very simple example of using Nessus with IPv6. Note: Nessus, if installed on Windows, cannot scan for IPv6 hosts.

Vulnerabilities

Firefox has fixed a vulnerability, CVE-2011-3670, related to the interpretation of web addresses within square brackets (an IPv6 address must be specified within square brackets: http://[::1]). This vulnerability is fixed in version 3.6.26; version 10.0 is not affected. Thunderbird and SeaMonkey are also affected.