I saw that Neohapsis Labs unveiled an automated attack against the IPv6 protocol. Could you explain how this attack...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
works? Is it likely to be the sort of proof-of-concept that attackers learn from and build on?
Ask the expert
SearchSecurity expert Nick Lewis is ready to answer your enterprise threat questions -- submit them now! (All questions are anonymous.)
Attacks on Internet Protocol version 6 are to be expected, especially since it is relatively new in comparison to IPv4 and is being newly implemented by many different vendors. It should come as no surprise that IPv6 introduces new security vulnerabilities for enterprise networks. Fortunately, the significant efforts that went into securing IPv4 and its implementations will soon be directed at IPv6.
The DEFCON21 presentation by Neohapsis Labs' Scott Behrens and Brent Bandelgar goes over security issues related to tunneling IPv6 over IPv4. (The risks from running a dual-stack IPv4 and IPv6 have also been discussed elsewhere). In short, IPv6 traffic is routed over IPv4 using a technique called encapsulation wherever native IPv6 is not supported on the network but is required by the host.
The attack demonstrated by Behrens and Bandelgar is an advancement of the "SLAAC Attack" -- or stateless address auto configuration attack -- which was first reported by Alec Waters, a security researcher for the InfoSec Institute, back in 2011.
In their automated and updated version of the attack, dubbed "Sudden Six," Behrens and Bandelgar wrote a script to install the necessary software, configure the end host for the attack and work with current operating systems. This advanced the SLAAC attack to work on current systems and automated many of the difficulties of getting the software and system configured.
This updated attack sets up a man-in-the-middle attack on non-SSL connections and could be leveraged to even attack SSL-protected sessions depending on how the SSL session is set up. If the attacks on SSL described by Moxie Marlinspike are used, any non-SSL connection is at risk of a man-in-the-middle attack, which could be used or incorporated into other attacks like Firesheep to attack a wider range of Internet traffic. As older systems are retired and newer IPv6-enabled systems are deployed, more systems will inevitably be vulnerable to this risk, especially if IPv6 is enabled by default.
Dig Deeper on Network Protocols and Security
Related Q&A from Nick Lewis
An HTTPS session with a reused nonce is vulnerable to the Forbidden attack. Expert Nick Lewis explains how the attack works, and how to properly ...continue reading
The Irongate malware has been discovered to have similar functionality to Stuxnet. Expert Nick Lewis explains how enterprises can protect their ICS ...continue reading
APT groups have been continuously exploiting a flaw in Microsoft Office, despite it having been patched. Expert Nick Lewis explains how these attacks...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.