IPv6 a Sweet Spot for Attacks

Tuesday, August 6, 2013 @ 04:08 PM gHale

With the IPv6 protocol out there and the newer technology adapting to it, but with network administrators still focusing in IPv4, it could mean attacker found a nice area to hit, researchers said.

The protocol, which has been undergoing a rollout over the last several years, could be subject to a unique attack that redirects users to unwanted potentially malicious pages, said researchers at security firm Neohapsis.

Insecure Web-Facing Devices
Google Code Developer Site Hacked
Mac Malware Hides File Extension
Win 8 CAPTCHA Malware

Dubbed an SLAAC attack, the operation takes advantage of the client-side rollout of IPv6 and the built-in preference such systems have for the new protocol.

“Modern operating systems, such as Windows 8 and Mac OS X, come out of the box ready and willing to use IPv6, but most networks still have only IPv4,” said Neohapsis researchers Brent Bandelgar and Scott Behrens.

“This is a problem because the administrators of those networks may not be expecting any IPv6 activity and only have IPv4 monitoring and defenses in place.”

In one scenario and attacker could find an IPv4 connection and set up a server or network impersonating an IPv6 alternative. When users attempt to load the intended site, their systems could, by default, select the imposter network instead, sending their traffic through the attacker’s systems.

“They could pretend to be an IPv6 router on your network and see all your web traffic, including data being sent to and from your machine,” the researchers said.

“Even more lethal, the attacker could modify web pages to launch client-side attacks, meaning they could create fake websites that look like the ones you are trying to access, but send all data you enter back to the attacker (such as your username and password or credit card number).”

While users could mitigate these attacks by disabling IPv6 on newer systems, Neohapsis researchers said the more practical and effective solution for the long term is to encourage companies and network operators to speed up their adoption of the IPv6 protocol.

Leave a Reply

You must be logged in to post a comment.