I saw that Neohapsis Labs unveiled an automated attack against the IPv6 protocol. Could you explain how this attack works? Is it likely to be the sort of proof-of-concept that attackers learn from and build on?
Ask the expert
SearchSecurity expert Nick Lewis is ready to answer your enterprise threat questions -- submit them now! (All questions are anonymous.)
Attacks on Internet Protocol version 6 are to be expected, especially since it is relatively new in comparison to IPv4 and is being newly implemented by many different vendors. It should come as no surprise that IPv6 introduces new security vulnerabilities for enterprise networks. Fortunately, the significant efforts that went into securing IPv4 and its implementations will soon be directed at IPv6.
The DEFCON21 presentation by Neohapsis Labs' Scott Behrens and Brent Bandelgar goes over security issues related to tunneling IPv6 over IPv4. (The risks from running a dual-stack IPv4 and IPv6 have also been discussed elsewhere). In short, IPv6 traffic is routed over IPv4 using a technique called encapsulation wherever native IPv6 is not supported on the network but is required by the host.
The attack demonstrated by Behrens and Bandelgar is an advancement of the "SLAAC Attack" -- or stateless address auto configuration attack -- which was first reported by Alec Waters, a security researcher for the InfoSec Institute, back in 2011.
In their automated and updated version of the attack, dubbed "Sudden Six," Behrens and Bandelgar wrote a script to install the necessary software, configure the end host for the attack and work with current operating systems. This advanced the SLAAC attack to work on current systems and automated many of the difficulties of getting the software and system configured.
This updated attack sets up a man-in-the-middle attack on non-SSL connections and could be leveraged to even attack SSL-protected sessions depending on how the SSL session is set up. If the attacks on SSL described by Moxie Marlinspike are used, any non-SSL connection is at risk of a man-in-the-middle attack, which could be used or incorporated into other attacks like Firesheep to attack a wider range of Internet traffic. As older systems are retired and newer IPv6-enabled systems are deployed, more systems will inevitably be vulnerable to this risk, especially if IPv6 is enabled by default.
Dig Deeper on IPv6 security and network protocols security
Related Q&A from Nick Lewis
Cloud penetration testing presents new challenges for information security teams. Here's how a playbook from the Cloud Security Alliance can help ... Continue Reading
Island hopping attacks create enterprise risk by threatening their business affiliates. Here's how to create an incident response plan to mitigate ... Continue Reading
Many cloud providers are tight-lipped about internal security control details. Learn how to evaluate cloud security providers with certifications and... Continue Reading