[ipv6hackers] Looking for feedback on subjective top list of IPv6 security issues
jim.small at cdw.com
Fri Mar 8 16:12:46 CET 2013
> > I'm working on a presentation for practical IPv6 security countermeasures.
> > I've reviewed the latest presos from Fernando, Marc, Antonios, and Éric
> > Vyncke to compile a list of security vulnerabilities. Here's a somewhat
> > subjective list of what I feel are "scary" attacks for those new to IPv6:
> > [snip]
> > So what do you think? Are these the most concerning security issues for
> > those looking to deploy IPv6? Any thoughts greatly appreciated either on
> > off list.
> Are you at all worried about whether or not you can detect IPv6 in your
> network (considering that most, if not all, the attacks using IPv6 require
> LAN access)?
Agreed - I like NfSen with NetFlow for this. I can at least mention it, but did I also mention that I only get 40 minutes? :-)
> I think one should be worried, or at least have some sort of plan, because
> there's likely no cheap or quick fix if the infrastructure has any
> complexity to it. New hardware is often required to know whether or not
> your datacentre is full of stray v6 traffic (e.g., the situation where a
> host compromised via v4 can communicate undetected east-west on v6
> the infrastructure can't give you the flows you need).
> Just a thought - it's not just about the shortcomings of IPv6 because it was
> designed in an age when the LAN was considered "safe". What controls can
> put in place today that will at least give you some sort of idea how v6 is
> being used in your network; because chances are, it's already there, even if
> you haven't "deployed" it yet (as has been discussed previously on the list
Agreed - this is especially relevant with tunnels. I have to pick what I can do in 40 minutes but the backup slides in the appendix can cover other issues. There is certainly lots to talk about.
More information about the Ipv6hackers