New release : CTI Report - Pharmaceutical and drug manufacturing 

                 Download now

IPv6 and security: news from the front – September

September 25, 2012

IPv6 and security: news from the front – September

Published articles

Olle E. Johansson publishes an article about IPv6 every Friday on the website IPv6 Friday. The one from August 17th concerns security: Summer of IPv6: Update yourself on IPv6 security. Olle presents RFC 6092 there: Recommended Simple Security Capabilities in Customer Premises Equipment (CPE) for Providing Residential IPv6 Internet Service. This document lists 50 recommendations to implement on gateways to the Internet to ensure the security of an IPv6 network without disrupting its operation. Olle notably provides a presentation consisting of 60 slides reiterating these recommendations.

Stéphane Bortzmeyer published an article entitled Does Network Address Translation (NAT) really provide security?. The first part of the article is a critique of NAT, or rather NAPT, and a presentation of its shortcomings. The second part discusses the current relevance of NAT and the consequences of its disappearance with IPv6.

 

Conferences

János Mohácsi gave a presentation at the conference EuroNOG : IPv6 Security – problems and mitigations. THE slides They address a wide range of security issues related to IPv6. There is no particularly new content, but the way the subject is presented is slightly different from other conferences.

 

Tools

The IPv6 Toolkit suite has been updated and is now available in version 1.2.3. This version contains various improvements and now also works under Mac OS.

 

Vulnerabilities

Tomas Podermanski wanted to check if the vulnerability affecting Windows 7, which allowed a denial-of-service condition by sending numerous Router Advertisement messages, had been fixed in Windows 8. The answer is no; Windows 8 is still vulnerable to this attack. IPv6 RA flood DoS attack in Windows 8.

A vulnerability (CVSS Base = 7.8) affecting Cisco products, running IOS version 12.2, has been published: CVE-2012-3079. This vulnerability allows for a denial of service by establishing a large number of IPv6 neighbors.

The ISC DHCP software is affected by a vulnerability (CVSS Base = 7.1) that allows a denial of service to occur (crash of the process): CVE-2012-3955, AA-00779. THE crash This can occur when the lease expiration period is reduced. Versions 4.1.x prior to 4.1-ESV-R7 and 4.2.x prior to 4.2.4-P2 are affected.

Contact