I saw that Neohapsis Labs unveiled an automated attack against the IPv6 protocol. Could you explain how this attack
works? Is it likely to be the sort of proof-of-concept that attackers learn from and build on?
Ask the expert
SearchSecurity expert Nick Lewis is ready to answer your enterprise threat questions -- submit them now! (All questions are anonymous.)
Attacks on Internet Protocol version 6 are to be expected, especially since it is relatively new in comparison to IPv4 and is being newly implemented by many different vendors. It should come as no surprise that IPv6 introduces new security vulnerabilities for enterprise networks. Fortunately, the significant efforts that went into securing IPv4 and its implementations will soon be directed at IPv6.
The DEFCON21 presentation by Neohapsis Labs' Scott Behrens and Brent Bandelgar goes over security issues related to tunneling IPv6 over IPv4. (The risks from running a dual-stack IPv4 and IPv6 have also been discussed elsewhere). In short, IPv6 traffic is routed over IPv4 using a technique called encapsulation wherever native IPv6 is not supported on the network but is required by the host.
The attack demonstrated by Behrens and Bandelgar is an advancement of the "SLAAC Attack" -- or stateless address auto configuration attack -- which was first reported by Alec Waters, a security researcher for the InfoSec Institute, back in 2011.
In their automated and updated version of the attack, dubbed "Sudden Six," Behrens and Bandelgar wrote a script to install the necessary software, configure the end host for the attack and work with current operating systems. This advanced the SLAAC attack to work on current systems and automated many of the difficulties of getting the software and system configured.
This updated attack sets up a man-in-the-middle attack on non-SSL connections and could be leveraged to even attack SSL-protected sessions depending on how the SSL session is set up. If the attacks on SSL described by Moxie Marlinspike are used, any non-SSL connection is at risk of a man-in-the-middle attack, which could be used or incorporated into other attacks like Firesheep to attack a wider range of Internet traffic. As older systems are retired and newer IPv6-enabled systems are deployed, more systems will inevitably be vulnerable to this risk, especially if IPv6 is enabled by default.
Dig deeper on Network Protocols and Security
Related Q&A from Nick Lewis, Enterprise Threats
Researchers reportedly succeeded in extracting decryption keys using sound-based attacks. Is this a threat enterprises should worry about?continue reading
The amount of malware using peer-to-peer communications has increased dramatically. Enterprise threats expert Nick Lewis explains how to detect P2P ...continue reading
Cloaked malware, like DGA.Changer, can reportedly evade sandbox detection. Nick Lewis explains how to handle the risk.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.