New release : CTI Report - Pharmaceutical and drug manufacturing 

                 Download now

IPv6 and security: news from the front – June

June 19, 2013

IPv6 and security: news from the front – June

Published articles

Johannes Ullrich published an article on the Internet Storm Center blog: SSL: Another reason not to ignore IPv6. The article details a potential consequence of IPv6 on the SSL configuration of certain web servers. The initial premise is that a web server has been made accessible via IPv6 by implementing a proxy, rather than directly assigning an IPv6 address to the web server. Such a configuration requires the use of two SSL certificates: one on the web server for IPv4 connections and the other on the proxy for IPv6 connections. Consequently, it is necessary to keep both certificates up to date, which is not always the case (the author mentions the website). www.socialsecurity.gov (for example, someone who has a valid IPv4 certificate, but not an IPv6 certificate).

David Braue published an article on the website www.cso.com.au: AusCERT 2013: Companies unaware of IPv6 security risk even if they're not using it. The article, without going into technical details, notably presents the risks introduced by IPv6: insertion of a default gateway and creation of a non-compliant network monitored, insertion of a fake DNS server, etc. These risks are present even when IPv6 has not been explicitly enabled.

Libor Polčák published an article on the website 6lab.cz: Behavior of various operating systems during SLAAC, DAD, and ND. This article contains the results of a study on the behavior of several operating systems during the implementation of SLAAC. Twenty operating systems were studied; a summary table is provided, and the pcap files from the study are available.

The Hong Kong CERT has published two guides on IPv6:

These guides are not exhaustive, but contain various links for the reader wishing to explore the topics covered in more depth.

Johannes Weber published his thesis: IPv6 Security Test Laboratory. The 189 pages provide a very comprehensive overview of IPv6 vulnerabilities. Here is the outline:

  • IPv6 Specification
  • IPv6 Security Vulnerabilities
  • Laboratory & Security Tests
  • Future Work

 

Conferences

Fernando Gont gave a presentation at the conference Confidence : IPv6 Network Reconnaissance: Theory & Practice. THE slides They present various techniques that can be used to scan IPv6 networks. slides are clear and notably address topics that have not been or only minimally addressed by the community until now: new statistics on the mechanisms used to create addresses are provided, the idea of using configuration files and log The possibility of obtaining information about IPv6 addresses is mentioned…

Fernando Gont and Marc Heuse gave a presentation at the conference IPv6 Congress : Security Assessments of IPv6 Networks and Firewalls. THE slides present the results of tests conducted on several firewalls: bypassing filtering rules on Fortinet, denial of service on Cisco… Several slides are also dedicated to IPv6 addresses: analysis tools, statistics, scanning techniques…

 

Vulnerabilities

A vulnerability (CVSS Base = 7.1) has been discovered in AIX (CVE-2013-3035A specially designed IPv6 packet can do crasher an AIX device. The patches have already been provided by IBM.

Contact