[ipv6hackers] Looking for feedback on subjective top list of IPv6 security issues

Jim Small jim.small at cdw.com
Fri Mar 8 16:17:42 CET 2013

Hi Merike,

> What I always looked at from security perspective in difference between v4
> and v6 are:
> - multiple addresses per interface so which one gets used as SRC of packet so
> that you can have effective access control at network layer (if you are trying
> to provide access control in various parts of network for this)

Agreed - you better know 3484 cold.  My thought though is that should be part of an IPv6 operations talk?

> - extension header parsing which is hard in hardware at line rates if you are
> late to the game and haven't paid attention

This is a major issue, but extension headers probably warrants an entire talk.

> Then there is the fact that no matter how proactive you are with rate limiting
> and filtering and effective cache management how are you observing
> anomolies and detecting malicious traffic utilizing native or tunneled v6?  This
> refers to effective auditing/logging which is hard enough in v4 environment
> but how do you deal with this in v6?

Agreed - I will at least briefly discuss or through something in the appendix/backup slides.

> There's also the email SPAM  black list issues which need to be rethought
> (and there is ongoing work on this since for v6 environment...just follow
> MAAWG work). For now it is expected that email servers will continue to use
> v4 for a long time still which hopefully will buy some time until the solution is
> solidified for how to handle v6 email SPAM.

Yes, E-mail is still a work in progress.  I'm trying to be encouraging with my talk though...is that wrong?  :-)

> There have been some BotNets using v6....can we detect them? Rhetorical
> question here.  Need to be much more vocal on that so vendors start
> creating tools that will be useful here.
> Being proactive with security countermeasures is one thing but being able to
> detect malicious behavior in v6 environment goes hand-in-hand.
> Logging/auditing exception behavior effectively is critical.

I hate to say this on a security list, but I question how many organizations even do a decent job of this with IPv4...


More information about the Ipv6hackers mailing list