Beware of IPv6 security goblins, IETF warns

Discussion in 'other security issues & news' started by ronjor, Apr 27, 2012.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator
  2. Escalader

    Escalader Registered Member

  3. ronjor

    ronjor Global Moderator

  4. BrandiCandi

    BrandiCandi Guest

    With some firewalls, when you write a rule for IPv4 they will automatically write the identical rule for IPv6. So you may be covered without knowing it. I would imagine that the documentation for your particular firewall would say.

    I haven't started playing with NIDS yet so I don't know, but I wonder if some do the same.
  5. TheWindBringeth

    TheWindBringeth Registered Member

  6. chronomatic

    chronomatic Registered Member

    That's fine if your firewall actually recognizes IPv6. Many do not. For instance, I am using Tomato which is based on Linux kernel 2.4. Since the 2.4 kernel is now ancient, it does not recognize IPv6 at all. This is not really a security issue since if your router doesn't even recognize IPv6 it wont route it in the first place. However, if you need IPv6 support, you should upgrade Tomato to one of the experimental versions with kernel 2.6 or later.

    I think DD-WRT has been using kernel 2.6+ for a while now, so it should recognize Ipv6 by default.
  7. EncryptedBytes

    EncryptedBytes Registered Member

    We said the same thing about ipv4. :D

    There won't be an IPocalypse so to speak. Though the article is right in some regards companies/ISPs typically have a tight grip on the IPv4 side of the network, but less so on IPv6 interfaces, which can introduce dangerous misconfigurations, such as a firewall that has filters set up for IPv4 traffic but accepts all IPv6 traffic. That being said I feel there is a greater awareness of the protocol now in terms of business process owners.

    When ipv6 does become widely publically available at the ISP level, in my opinion most of the risk will be in dual-stack environments where you are hacking the network so to speak allowing ipv6 and ipv4 to run over the same architecture. That and malicious users grabbing blocks of addresses in order to circumvent block lists for spamming or malware exploitation.
Thread Status:
Not open for further replies.