Discussion in 'other security issues & news' started by ronjor, Apr 27, 2012.
So Ron, where do we look for action steps on this one?
Do I need some work in the Firewall? Router?
There is some info from the link in the article. https://tools.ietf.org/html/draft-gont-opsec-ipv6-implications-on-ipv4-nets-00
With some firewalls, when you write a rule for IPv4 they will automatically write the identical rule for IPv6. So you may be covered without knowing it. I would imagine that the documentation for your particular firewall would say.
I haven't started playing with NIDS yet so I don't know, but I wonder if some do the same.
This has reminded me there is a pertinent seven-short-parts series on IPv6 multicast/discovery/P2P on my to read list (Windows focus, also touches upon Apple Bonjour). Thought I'd share:
That's fine if your firewall actually recognizes IPv6. Many do not. For instance, I am using Tomato which is based on Linux kernel 2.4. Since the 2.4 kernel is now ancient, it does not recognize IPv6 at all. This is not really a security issue since if your router doesn't even recognize IPv6 it wont route it in the first place. However, if you need IPv6 support, you should upgrade Tomato to one of the experimental versions with kernel 2.6 or later.
I think DD-WRT has been using kernel 2.6+ for a while now, so it should recognize Ipv6 by default.
We said the same thing about ipv4.
There won't be an IPocalypse so to speak. Though the article is right in some regards companies/ISPs typically have a tight grip on the IPv4 side of the network, but less so on IPv6 interfaces, which can introduce dangerous misconfigurations, such as a firewall that has filters set up for IPv4 traffic but accepts all IPv6 traffic. That being said I feel there is a greater awareness of the protocol now in terms of business process owners.
When ipv6 does become widely publically available at the ISP level, in my opinion most of the risk will be in dual-stack environments where you are hacking the network so to speak allowing ipv6 and ipv4 to run over the same architecture. That and malicious users grabbing blocks of addresses in order to circumvent block lists for spamming or malware exploitation.