[ipv6hackers] Looking for feedback on subjective top list of IPv6 security issues

Jim Small jim.small at cdw.com
Fri Mar 8 04:49:03 CET 2013 

Hi Cameron,

> > 1)      Remotely triggered neighbor cache exhaustion attacks (from subnet
> scanning)

Unique to IPv6 because of large subnet side and encapsulation of L2 address resolution within IPv6 (ICMP)


> > 2)      RA floods (autoconfig prefixes, routes, etc...) which crash all
> L2 adjacent hosts with IPv6 enabled stacks

Unique?  Well, I agree with Fernando/Marc - a result of immature IPv6 stacks...


> > 3)      RA spoofing

Unique (sort of) - IPv4 does have ICMP router discovery, but I don't believe this was ever widely implemented


> > 4)      DHCPv6 spoofing
> > 5)      NDP (NS/NA) spoofing

Analogous to DHCP/ARP spoofing in IPv4


> > 6)      NS floods - DoS

Again, IMHO because of immature IPv6 stacks.


> > 7)      Fragmentation attacks

Not unique, see Antonios' preso but worse in IPv6 because of complexity of extension headers and stack immaturity.


> > 8)      ICMPv6 redirect spoofing

Analogous to IPv4


> > 9)      MLD/MLDv2 attacks - I'm not very clear on dangerous attacks for
> this one...

Somewhat analogous to IPv4 but interested to hear from Fernando/Marc as my impression is they think it's worse.  Code immaturity again or additional IETF work needed?  Not sure...


> > 10)   "Discoverability" or the idea that you should use randomized
> addressing so as not to be discoverable from a "semi-intelligent" brute
> force scan (assuming you're not in DNS or some other registry)

New to IPv6 because of subnet size.


> > 11)   Extension header attacks - this one is especially tough, probably
> lots more to find...  I especially like Marc's warp packets with the router
> alert "high speed tag" which also double as ACL bypass agents.

New to IPv6.


> > 12)   Tunnel attacks - I think the only interesting ones would be those
> against 6in4, ISATAP, and 6rd as IMHO those are the only ones that are in
> use.  I have read about tunnel attacks but haven't played with this very
> much.  Do you think this is a serious threat worth covering?  Any
> suggestions on tools?

New to IPv6/transition issue.


> Just a question. Are any these unique or do they all have an approximate
> equivalent in Ipv4?

I feel like a padawan explaining something to a master.  Did I answer your question or are you poking fun at me and I missed the bus?  :-)

--Jim

More information about the Ipv6hackers mailing list