I saw that Neohapsis Labs unveiled an automated attack against the IPv6 protocol. Could you explain how this attack...
works? Is it likely to be the sort of proof-of-concept that attackers learn from and build on?
Ask the expert
SearchSecurity expert Nick Lewis is ready to answer your enterprise threat questions -- submit them now! (All questions are anonymous.)
Attacks on Internet Protocol version 6 are to be expected, especially since it is relatively new in comparison to IPv4 and is being newly implemented by many different vendors. It should come as no surprise that IPv6 introduces new security vulnerabilities for enterprise networks. Fortunately, the significant efforts that went into securing IPv4 and its implementations will soon be directed at IPv6.
The DEFCON21 presentation by Neohapsis Labs' Scott Behrens and Brent Bandelgar goes over security issues related to tunneling IPv6 over IPv4. (The risks from running a dual-stack IPv4 and IPv6 have also been discussed elsewhere). In short, IPv6 traffic is routed over IPv4 using a technique called encapsulation wherever native IPv6 is not supported on the network but is required by the host.
The attack demonstrated by Behrens and Bandelgar is an advancement of the "SLAAC Attack" -- or stateless address auto configuration attack -- which was first reported by Alec Waters, a security researcher for the InfoSec Institute, back in 2011.
In their automated and updated version of the attack, dubbed "Sudden Six," Behrens and Bandelgar wrote a script to install the necessary software, configure the end host for the attack and work with current operating systems. This advanced the SLAAC attack to work on current systems and automated many of the difficulties of getting the software and system configured.
This updated attack sets up a man-in-the-middle attack on non-SSL connections and could be leveraged to even attack SSL-protected sessions depending on how the SSL session is set up. If the attacks on SSL described by Moxie Marlinspike are used, any non-SSL connection is at risk of a man-in-the-middle attack, which could be used or incorporated into other attacks like Firesheep to attack a wider range of Internet traffic. As older systems are retired and newer IPv6-enabled systems are deployed, more systems will inevitably be vulnerable to this risk, especially if IPv6 is enabled by default.
Related Q&A from Nick Lewis
As the Angler exploit kit evolves and adopts new functionality, it's becoming harder to detect and defend against. Enterprise threats expert Nick ...continue reading
A proof-of-concept attack on Apple's Siri allowed researchers to steal data from iOS. Learn more about the iStegSiri attack and how to defend against...continue reading
A new global email scam has cost enterprises millions. Expert Nick Lewis explains how to defend against man-in-the-email attacks with proper training...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.