Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tunnelled IPv6 Attacks Bypass Network Intrusion Detection Systems (itnews.com.au)

Posted by EditorDavid on from the under-the-hedge dept.

"The transition to internet protocol version 6 has opened up a whole new range of threat vectors that allow attackers to set up undetectable communications channels across networks, researchers have found." Slashdot reader Bismillah summarizes a report from IT News. Researchers at NATO's Cooperative Cyber Defence Centre of Excellence and Estonia's University of Tallinn have worked out how to set up communications channels using IPv6 transition mechanisms, to exfiltrate data and for systems control over IPv4-only and dual-stack networks -- without being spotted by network intrusion detection systems.
The article argues that "Since IPv6 implementations and security solutions are relatively new and untested, and systems engineers aren't fully aware of them, the new protocol can become a network backdoor attackers can exploit undetected." The researchers' paper is titled "Hedgehog In The Fog."

4 of 113 comments (clear)

  1. this is not an ipv6 specific issue by Anonymous Coward · · Score: 5, Informative

    IPv6 is called out unfairly here. Any kind of tunnel is potentially not handled by an IDS.

    There's better ways to exfiltrate data. VPN anyone?

  2. First thing I change on Win devices I use by phayes · · Score: 4, Informative

    netsh interface teredo set state disabled
    netsh interface isatap set state disabled
    netsh interface 6to4 set state disabled

    These IPV6 tunnels are use than useless in my experience.

    Windows Homegroup depends on IPV6 being present & some other users of the machines I use find it useful so it can't be disabled as well all the time but at least it's not trying to tunnel out. When (though it's still rare), the network has IPV6 connectivity it also has IPV6 firewalls so it's less of an issue as well.

    --
    Democracy is a sheep and two wolves deciding what to have for lunch. Freedom is a well armed sheep contesting the issue
    1. Re: First thing I change on Win devices I use by phayes · · Score: 4, Informative

      Turning off IPV6 in your router will turn off native IPV6 routing but that's not the issue here. The problem is that Windows in particular sets up three different means of tunnelling IPV6 in IPV4. Turning off IPV6 in your router will do nothing for these and you need to turn off Teredo, 6to4 and Isatap on every windows machine.

      --
      Democracy is a sheep and two wolves deciding what to have for lunch. Freedom is a well armed sheep contesting the issue
  3. Re:give me a break. by myowntrueself · · Score: 3, Informative

    IPv6 transition mechanisms

    ipv6 has been around nearly a decade. any company that doesnt have a competent dual-stack implementation deserves what they get. that having been said the number of vendors that recoil in shock and horror when you ask if they can route, or even support ipv6 is amazing.

    The truly terrifying thing is the amount of otherwise competent and knowledgeable IT professionals who are utterly terrified of IPv6 and get elevated blood pressure whenever its mentioned.

    Theres a whole generation of IT pros who have come to believe that NAT is the solution to almost all of their security issues, have no use for port blocking firewalls or defense in depth. It wasn't that long ago that desktop workstations often had Internet routeable IP addresses and you had to have actual firewalls on the front end and inside as well.

    Nowadays they run their webserver in an RFC1918 range and use DNAT to send the traffic into it, thinking this is more secure than having a firewall and, when they look at IPv6, they see this security blanket as being taken away from them and they retreat into their shells.

    --
    In the free world the media isn't government run; the government is media run.