New release : CTI Report - Pharmaceutical and drug manufacturing 

                 Download now

IPv6 and security: news from the front – February

March 4, 2013

IPv6 and security: news from the front – February

Published articles

Arbors Networks has published its annual report Worldwide Infrastructure Security Report. One chapter is dedicated to IPv6: "IPv6 Observations." Among the numerous graphs, we can note that the main security concern related to IPv6 is DDoS attacks, and no longer the differences between IPv4 and IPv6 as was the case last year. The second concern remains configuration errors.

The report includes some figures and graphs concerning SPAM and IPv6. 2013 Cisco Annual Security Report from Cisco. We learn that, while emails sent with IPv6 are increasing sharply (+862 % between June and December), the amount of SPAM sent with IPv6 is experiencing a much smaller increase (+171 %).

Scott Hogg published an article entitled Using Dual Protocol for SIEMs Evasion. After addressing topics such as the doubling of the attack surface with IPv6 and the compatibility of security tools with IPv6, the author raises an interesting question: is a SIEM compatible with networks dual-stack If a hacker compromises a server by attacking its IPv4 address, and then compromises a second server by attacking its IPv6 address, will the attack be identified by the SIEM?

 

Videos

A video in which Eric Vyncke talks about SEND has been published: Secure Neighbor Discovery << IPv6 Security << ipSpace Webinars – demo site. In a few minutes, he presents SEND, its complexity, deployment difficulties, possible attacks, current support, and ends by talking about an alternative, SAVI.

 

Tools

A new version of the tool suite IPv6 Toolkit has been published. Significant improvements have been made, notably to the scan6 tool, which is now the "most comprehensive" IPv6 mapping tool. It offers "advanced IPv6 scanning techniques." The release of this version was also followed by various discussions and articles on the subject online: Scanning for IPv6 addresses embedding TCP/UDP service ports, IPv6 Toolkit 1.3 fun – scan6.

 

Vulnerabilities

George Kargiotakis published an article on his blog detailing the results of his recent research: Linux kernel handling of IPv6 temporary addresses – CVE-2013-0343 | Into.the.Void.. He identified two vulnerabilities affecting the Linux kernel:

  • The first allows, under certain conditions, forcing a node using the "temporary address" mechanism to use the "Modified EUI-64" mechanism, the latter being known to cause problems with privacy ;
  • The second allows, under certain conditions, the creation of a denial of service at the IPv6 stack level, forcing a restart of the operating system to regain IPv6 connectivity.

No updates or workaround is not available at the moment.

Contact