Experts have reported a sharp increase in the number of network attacks that use known vulnerabilities protocol IPv6, addressing the new generation model, which is now introduced around the Internet space. IPv6 is the replacement of the main communications of the Internet Protocol, known as IPv4.
Salient Federal Solutions Company announces the actual cases of network attacks using the protocol IPv6, which are conducted with the use of tunneling capabilities, routing and broadcast, DNS-queries.The company claims that these threats can be eliminated by using packet analysis technology (Deep Packet Inspection, DPI).
“We’re really seeing these attacks, but we unfortunately can not say exactly where we find them next time”, – said Lisa Donnan, director of the Center for the Improvement of computer security company Salient. Salient Federal Solutions firm bought the company Command Information, which specializes in IPv6, in March.
The first attack, which secrete the experts, is the result of the fact that most of the IPv6 traffic is tunneled through the network protocol IPv4, in particular with the use of Teredo, which is present in Windows Vista and Windows 7. Vulnerability associated with the tunneling of traffic, was discovered five years ago, but it’s still in operation.
“Tunneling IPv6 protocol provides the opportunity for hackers to penetrate the various networks” – says Jeremy Duncan, a director and one of the architects of the network Salient Federal Systems.
Duncan, for example, is concerned about the popular client uTorrent, which uses P2P BitTorrent protocol to share large files (music and video). uTorrent is well able to work with Teredo, which allows users to hide Bittorrent-traffic from the ISP that the monitor IPv4 network for this traffic. He also mentions that users Vuze, another peering applications can easily switch to IPv6 instead of IPv4.
“BitTorrent users understand that when working on IPv6 is not faced with the limitations of Internet traffic. This becomes a problem for network operators. They can not lower the rate of traffic because they do not track it,” – said in a statement.
Salient Federal also reports of attacks in IPv6 Type 0 Routing Header, which allows a network operator to choose a route for sending data. Company Internet Engineering Task Force in 2007, offered to give up this feature for IPv6 because of the potential use of this functional to attack denial of service.
Nevertheless, the company Salient Federal reports about network attacks with Routing Header Type 0 in IPv6 networks, which it monitors. For example, Command Information tracked the attack of this type in one of its own border routers, which no longer functioned. The attack came from a research network in China. If the attack was successful, Chinese hackers have been able to send malicious traffic from compromised router company Command Information to other online resources.
“System administrators need to disable the self-selection of a route for sending data in their routers,” – says a company representative Salient Federal. “This feature has been enabled by default on all Cisco routers several years ago. The new routers, this feature is turned off, so there is a problem only for older versions of the router.”
Another threat relates to a method of processing broadcast DNS-records requests Quad A, which are used in IPv6. Duncan said that the Quad A queries present in each network, which oversees the company, although many of these networks do not support IPv6.
The presence of a network of Quad A request provides support for IPv6 by some network nodes, which are a result of attacks directed at the protocol itself may also become victims of criminals. If the network is using IPv6, it is likely that the system administrator does not monitor IPv6 traffic properly, depth, manner.
Duncan describes the IPv4 network that sends Quad-A record like “gun, which is bound to shoot.”
“If the company has installed a router with the protocol IPv6, but does not use the network protocol itself, the hackers will know that the system administration has shortcomings,” – says Duncan. “They can easily attack the company’s mail servers flow of spam containing viruses. All they need to one user who has elevated privileges, open the spam message with malicious software. A malware can already open a tunnel through the firewall.”
A company representative Salient Federal claims that have not yet been detected attacks using the vulnerability of Quad-A, but the possibility of such network-based attacks can not be completely excluded that the servers are at significant risk for various companies.
The company also said the threat associated with the advertisement of false IPv6 routes. In the “wild”, such attacks have not yet seen, but the IETF also notes that this vulnerability could be exploited for DoS attacks or MitM.
Workstations with IPv6 support has always followed the announcements of routes in connection with features automatic configuration of IPv6. These workstations can get incorrect information due to errors by the administrator or hacker attack.This threat poses a risk for users of both wired and wireless networks.
“Companies need to deploy the patches such as Cisco RA Guard on their routers and switches, but then have to start thinking at the level of IPv6”, – says Duncan. “We need to think about deep packet inspection.”
Salient Federal Company encourages system administrators to install IPv6 in their networks to ensure adequate protection of traffic using the technology Deep Packet Inspection, to be able to monitor the vulnerability of IPv6.
Company representatives say that it is necessary to teach system administrators and developers to work with IPv6, and improve the security of each individual company, working with the protocol. Duncan said that network managers are getting more information about IPv6, but they are not focused on the relevant security issues. “There is so much attention to security issues IPv6, as is the case with IPv4”.
Donna noted that her concern is due to the possible attacks of U.S. companies over IPv6 in China. “There’s a hacker activity supported by the state and they are developing a theme IPv6”.
The transition to IPv6 from IPv4 old version dictated primarily an acute shortage of Internet addresses under IPv4. Without the ability to obtain new addresses, small ISPs, for example, can not give them to their subscribers. Also, the absence of free address space will prevent the creation of new domain zones.
IPv4 uses 32-bit addressing and can support 4.3 billion devices connected to the Internet, while IPv6 is working with 128-bit addressing and can theoretically support the work of the network significantly larger number of devices. IPv6 also offers an alternative to a more rapid and less expensive Internet access.