I saw that Neohapsis Labs unveiled an automated attack against the IPv6 protocol. Could you explain how this attack...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
works? Is it likely to be the sort of proof-of-concept that attackers learn from and build on?
Ask the expert
SearchSecurity expert Nick Lewis is ready to answer your enterprise threat questions -- submit them now! (All questions are anonymous.)
Attacks on Internet Protocol version 6 are to be expected, especially since it is relatively new in comparison to IPv4 and is being newly implemented by many different vendors. It should come as no surprise that IPv6 introduces new security vulnerabilities for enterprise networks. Fortunately, the significant efforts that went into securing IPv4 and its implementations will soon be directed at IPv6.
The DEFCON21 presentation by Neohapsis Labs' Scott Behrens and Brent Bandelgar goes over security issues related to tunneling IPv6 over IPv4. (The risks from running a dual-stack IPv4 and IPv6 have also been discussed elsewhere). In short, IPv6 traffic is routed over IPv4 using a technique called encapsulation wherever native IPv6 is not supported on the network but is required by the host.
The attack demonstrated by Behrens and Bandelgar is an advancement of the "SLAAC Attack" -- or stateless address auto configuration attack -- which was first reported by Alec Waters, a security researcher for the InfoSec Institute, back in 2011.
In their automated and updated version of the attack, dubbed "Sudden Six," Behrens and Bandelgar wrote a script to install the necessary software, configure the end host for the attack and work with current operating systems. This advanced the SLAAC attack to work on current systems and automated many of the difficulties of getting the software and system configured.
This updated attack sets up a man-in-the-middle attack on non-SSL connections and could be leveraged to even attack SSL-protected sessions depending on how the SSL session is set up. If the attacks on SSL described by Moxie Marlinspike are used, any non-SSL connection is at risk of a man-in-the-middle attack, which could be used or incorporated into other attacks like Firesheep to attack a wider range of Internet traffic. As older systems are retired and newer IPv6-enabled systems are deployed, more systems will inevitably be vulnerable to this risk, especially if IPv6 is enabled by default.
Dig Deeper on Network Protocols and Security
Related Q&A from Nick Lewis
The new Trochilus RAT can avoid detection in cyberespionage attacks. Expert Nick Lewis explains how it works, and if enterprises need to adapt their ...continue reading
The Asacub Trojan has new banking malware features. Expert Nick Lewis explains how it made this transition and what enterprises should be watching ...continue reading
BlackEnergy malware may have been part of the attacks on Ukrainian utility and media companies. Expert Nick Lewis explains how this malware works and...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.