Scariest IPv6 attack scenarios
As IPv6 picks up, so too is the number of attacks that target known vulnerabilities in the protocol
Experts are reporting a rise in the number of attacks that take advantage of known vulnerabilities of IPv6, a next-generation addressing scheme that is being adopted across the Internet. IPv6 replaces the Internet's main communications protocol, which is known as IPv4.
Salient Federal Solutions, a Fairfax, Va., IT engineering firm, is reporting real-world incidents of IPv6 attacks based on the emerging protocol's tunneling capabilities, routing headers, DNS broadcasting and rogue routing announcements. The company asserts that all of these threats can be eliminated with the use of IPv6-enabled deep packet inspection tools, which it and other network vendors sell.
[ Find out how to block the viruses, worms, and other malware that threaten your business, with hands-on advice from InfoWorld's expert contributors in InfoWorld's "Malware Deep Dive" PDF guide. ]
"We definitely see these attacks, we just can't say where we are seeing them," says Lisa Donnan, who leads Salient's Cyber Security Center of Excellence. Salient Federal Solutions purchased IPv6 consulting and training firm Command Information in March.
The No. 1 attack that Salient Federal is seeing is the result of so much IPv6 traffic being tunneled across IPv4 networks, particularly using the Teredo mechanism that is built into both Microsoft Windows Vista and Windows 7. This vulnerability with IPv6-over-IPv4 tunneling has been known for at least five years, but it is still being exploited.
"IPv6 tunneling gives attackers a green light to penetrate networks," says Jeremy Duncan, senior director and IPv6 network architect for Salient Federal Systems.
BACKGROUND: Invisible IPv6 traffic poses serious network threat
Duncan is concerned about uTorrent, which is an IPv6-capable freeware client for the BitTorrent peer-to-peer protocol that's used to share large files such as music and movies. Duncan says uTorrent runs very well over Teredo, and that the BitTorrent community is discovering IPv6 as a way of avoiding network congestion controls that are used by ISPs to manage BitTorrent traffic on IPv4 networks.
Duncan says it is also easy for users of Vuze, another BitTorrent application, to prefer IPv6 over IPv4.
"BitTorrent users are discovering that they won't have throttled traffic with IPv6," Duncan says. "This is an issue for the carriers. They won't be able to throttle back the IPv6 traffic because they're not inspecting it."
Salient Federal says it is also seeing attacks with IPv6's Type 0 Routing Header, which is a feature of IPv6 that allows a network operator to identify routers along the path that it wants packets to take. The Internet Engineering Task Force recommended in 2007 that this feature of IPv6 be disabled due to the potential for its use in denial-of-service attacks, calling the threat "particularly serious."
