[ipv6hackers] Looking for feedback on subjective top list of IPv6 security issues
Jim Small
jim.small at cdw.com
Fri Mar 8 16:17:42 CET 2013
Hi Merike,
> What I always looked at from security perspective in difference between v4
> and v6 are:
> - multiple addresses per interface so which one gets used as SRC of packet so
> that you can have effective access control at network layer (if you are trying
> to provide access control in various parts of network for this)
Agreed - you better know 3484 cold. My thought though is that should be part of an IPv6 operations talk?
> - extension header parsing which is hard in hardware at line rates if you are
> late to the game and haven't paid attention
This is a major issue, but extension headers probably warrants an entire talk.
> Then there is the fact that no matter how proactive you are with rate limiting
> and filtering and effective cache management how are you observing
> anomolies and detecting malicious traffic utilizing native or tunneled v6? This
> refers to effective auditing/logging which is hard enough in v4 environment
> but how do you deal with this in v6?
Agreed - I will at least briefly discuss or through something in the appendix/backup slides.
> There's also the email SPAM black list issues which need to be rethought
> (and there is ongoing work on this since for v6 environment...just follow
> MAAWG work). For now it is expected that email servers will continue to use
> v4 for a long time still which hopefully will buy some time until the solution is
> solidified for how to handle v6 email SPAM.
Yes, E-mail is still a work in progress. I'm trying to be encouraging with my talk though...is that wrong? :-)
> There have been some BotNets using v6....can we detect them? Rhetorical
> question here. Need to be much more vocal on that so vendors start
> creating tools that will be useful here.
>
> Being proactive with security countermeasures is one thing but being able to
> detect malicious behavior in v6 environment goes hand-in-hand.
> Logging/auditing exception behavior effectively is critical.
I hate to say this on a security list, but I question how many organizations even do a decent job of this with IPv4...
--Jim
More information about the Ipv6hackers
mailing list