Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tunnelled IPv6 Attacks Bypass Network Intrusion Detection Systems (itnews.com.au)

Posted by EditorDavid on from the under-the-hedge dept.

"The transition to internet protocol version 6 has opened up a whole new range of threat vectors that allow attackers to set up undetectable communications channels across networks, researchers have found." Slashdot reader Bismillah summarizes a report from IT News. Researchers at NATO's Cooperative Cyber Defence Centre of Excellence and Estonia's University of Tallinn have worked out how to set up communications channels using IPv6 transition mechanisms, to exfiltrate data and for systems control over IPv4-only and dual-stack networks -- without being spotted by network intrusion detection systems.
The article argues that "Since IPv6 implementations and security solutions are relatively new and untested, and systems engineers aren't fully aware of them, the new protocol can become a network backdoor attackers can exploit undetected." The researchers' paper is titled "Hedgehog In The Fog."

5 of 113 comments (clear)

  1. this is not an ipv6 specific issue by Anonymous Coward · · Score: 5, Informative

    IPv6 is called out unfairly here. Any kind of tunnel is potentially not handled by an IDS.

    There's better ways to exfiltrate data. VPN anyone?

    1. Re:this is not an ipv6 specific issue by phayes · · Score: 4, Interesting

      VPNs aren't setup and enabled by default on windows machines the way teredo, 6to4 and isatap are.

      --
      Democracy is a sheep and two wolves deciding what to have for lunch. Freedom is a well armed sheep contesting the issue
  2. First thing I change on Win devices I use by phayes · · Score: 4, Informative

    netsh interface teredo set state disabled
    netsh interface isatap set state disabled
    netsh interface 6to4 set state disabled

    These IPV6 tunnels are use than useless in my experience.

    Windows Homegroup depends on IPV6 being present & some other users of the machines I use find it useful so it can't be disabled as well all the time but at least it's not trying to tunnel out. When (though it's still rare), the network has IPV6 connectivity it also has IPV6 firewalls so it's less of an issue as well.

    --
    Democracy is a sheep and two wolves deciding what to have for lunch. Freedom is a well armed sheep contesting the issue
    1. Re: First thing I change on Win devices I use by phayes · · Score: 4, Informative

      Turning off IPV6 in your router will turn off native IPV6 routing but that's not the issue here. The problem is that Windows in particular sets up three different means of tunnelling IPV6 in IPV4. Turning off IPV6 in your router will do nothing for these and you need to turn off Teredo, 6to4 and Isatap on every windows machine.

      --
      Democracy is a sheep and two wolves deciding what to have for lunch. Freedom is a well armed sheep contesting the issue
  3. Re:give me a break. by sjames · · Score: 4, Interesting

    It goes well beyond the boomers. v6 has been around for TWENTY years and TFA is calling it "new". The kids coming out of school now seem to think of it as "new" as well. Even XP supports v6, just how new could it be? Before you cast too many stones at the boomers, remember you seem to have been asleep for 10 years yourself. By the time you noticed this v6 thing, I was running dual stack at home so I could get familiar with it.

    This from the same industry that gushes over every new application framework that offers no tangible benefits over the old framework and will probably be yesterday's news by the time an actual project can be completed. Where are all those much younger network guys pushing for a v6 initiative? For God's sake, Comcast beat them to v6!