Default security functions on an IPv6 CPE
Ted Mittelstaedt
tedm at ipinc.net
Fri May 13 15:46:18 CEST 2011
On 5/12/2011 11:11 PM, Mark Smith wrote:
>> Either way you setup the CPE the ISP will get called.
>>
>> But, the users who got an open IPv6 firewall and as a result got
>> their machine rooted, when their calls come in they will take a lot
>> more time and be much more costly.
>>
>
> Have you or Doug read
>
> RFC5157 - IPv6 Implications for Network Scanning
>
> ?
>
> " A typical IPv6 subnet will have 64 bits reserved for host addressing.
> In such a case, a remote attacker in principle needs to probe 2^64
> addresses to determine if a particular open service is running on a
> host in that subnet. At a very conservative one probe per second,
> such a scan may take some 5 billion years to complete. A more rapid
> probe will still be limited to (effectively) infinite time for the
> whole address space."
>
> Still think address scanning is going to be a useful technique under IPv6?
>
There are a number of ways to get a host address, here's just a couple:
1) Cracker breaks into a webserver, enters an invisible HTML link to
an attacker machine. Luser host on the Internet hits the site on the
webserver, sends a html get to attacker machine, attacker machine
initiates attack on source IPv6 number. Luser machine running unpatched
Windows 7, is pwned.
2) Cracker compromises mailserver account with weak password, sets up
a forward to attacker machine. Copy of incoming mail is forwarded to
attacker machine, which extracts initiating host IP from mail header,
attacks sending host.
Ted
>
>> Ted
>>
>>> RD
>>>
>>>
>>>
>>>
>>
>
More information about the ipv6-ops
mailing list