Lifehacker Australia discusses yet another attack vector cyber security professionals need to consider, and one not many are all that familiar with at the moment:
However, the recent attack detected by Neustar was different. While the types attacks, like DNS reflection attacks aren’t new, the targeting is changing.
George said some early IPv6 implementations were more vulnerable to certain threat vectors because of scale. While companies were in the early stages of IPv6 deployment, they would only deploy the protocol on limited segments of their LANs. As a result, there was limited network capacity and this created a point of weakness that was susceptible to a DDoS attack.
The attraction in using IPv6 for attacks is a lack of awareness and skills, said George.
“A lot of people don’t know it’s there or realise it’s even turned on or have it in their threat profile. They don’t have the same level of protections in place or, if they have a set of plans or run-books for attacks, they don’t have a plan for IPv6,” said George.
Often, this is there result of a focus on deployment leading to a lower prioritisation on security. This is simply because the perceived threat of IPv6-specific attacks is still low.
“They’re deploying it but not focusing on the security side of things. People are working on the assumption that it’s not much of an attack vector”.
In theory and practice, for the most part, defending against IPv6 attacks is no different than IPv4 attacks. If IPv6 is enabled on a networks infrastructure, then the security devices need to be aware of this traffic type and be properly configured to inspect the traffic and act appropriately. If the routers are allowing IPv6 traffic to flow through the network, then the firewalls, intrusion prevention devices, endpoints security suites, and other security tools need to be aware of this and ready to act.