Five Security Flaws in IPv6

Sascha Lenz slz at baycix.de
Thu May 10 00:25:12 CEST 2007


Jeroen Massar schrieb:
> virendra rode // wrote:
>> http://www.darkreading.com/document.asp?doc_id=123506&WT.svl=news1_1
> 
> The word "FUD" comes to mind. Four of Five of these "security flaws" are
> all the same single RT0 problem. The 5th is, well obvious:
> 
> News at 11: There are packets which you don't expect being sent on the
> Internet.
> 
> Journalism at its finest. Always nice to reference NASDAQ to make your
> article 'trustworthy'.

...the problem about that article is, that it suggests something like 
"do not use IPv6, it's dangerous" instead of "learn about how to 
deploy&operate IPv6 the right way, there are some things you need to know".

There actually is
http://www.ietf.org/internet-drafts/draft-ietf-v6ops-security-overview-06.txt
and similar operational guides who make you aware of known problems and 
issues and how to deal with them, for ages.
(Thanks to Daniel to remind me on that one on IRC after discussing that 
article there.)

I don't expect any journalistic article to be perfect, i've given up on 
that, but this one is rather bad journalism since it does only show one 
side of IPv6. That may have a bad influence.

What i expect Network Operators to do is use&learn, not judge 
prematurely&ignore.
Unfortunately, for now it's so much easier to just ignore IPv6 (the 
no-killer-application-problem, no need to discuss that here), and if 
"this IPv6 thing" is "proven to be insecure by big ISP Managers and 
researchers"... just plays those people into their hands.

I can't understand that behaviour, at least for ISPs and similiar 
companies with huge networks.
Since we all run perfectly healthy(?) IPv6 networks here (i assume), 
there are no real show stoppers, but the article is full of "CTOs" and 
"senior engineering&security managers" basically warning about IPv6.

But the question remains - what can we do about that?
I don't usually have any mentionable luck with advocating IPv6 on 
customer projects or when consulting with ISPs (regardless of size).

Probably someone with good PR-capabilities should just spread some 
(better) articles about IPv6 once in a while to counteract such FUD?

P.S.: Is this off-topic for ipv6-ops now? hm.

-- 
========================================================================
= Sascha Lenz                  SLZ-RIPE          slz at baycix.de         =
= Network Operations                                                   =
= BayCIX GmbH, Landshut                  * PGP public Key on demand *  =
========================================================================



More information about the ipv6-ops mailing list