Google and IPv6
Eric Vyncke
evyncke at cisco.com
Mon Mar 17 13:47:29 CET 2008
The use of IPv6 as a covert channel (mainly for command and control of botnet & other hackers' activities) is well known. Even, if I don't have any data to back up this point. On the other hand, there are multiple covert channels beside protocol 41 (remember the use of ICMP ?)...
6to4 can be really evil when a RFC 1918 host starts sending RA for 2002:<RFC1918>::/48 (like at last week IETF)...
-éric
At 22:30 17/03/2008 +1000, Terry Manderson wrote:
>On 17/03/2008, at 10:10 PM, Remi Denis-Courmont wrote:
>>>
>>>Speaking personally, I have seen analysis of neither client behaviour
>>>nor connectivity in the IPv6 Internet today. Are things really as
>>>bad
>>>as folks say or is it partly a kind of "urban legend of horribleness"
>>>that persists from earlier tests with less-mature operating systems
>>>and less reliable connectivity? I just have 6to4 at home and my
>>>Mac,
>>>Linux, and XP boxes all seem to work just fine.
>>
>>6to4 at home is one thing...
>>
>>I have seen my 6to4 setup fail. For instance, some hotels do assign
>>public
>>IPv4 addresses through DHCP, but yet they blackhole proto-41. Stateful
>>firewalls also customarily drop proto-41 toward the native IPv6
>>Internet,
>>because packets from the downstream 6to4 relay come from an
>>"unsolicited"
>>IPv4 address.
>
>
>Probably a little askew from topic..
>
>In the past few IETFs and some security related meetings I have run
>into a few security folk who are rather concerned about 6to4, (proto
>41). Their concerns relate to the existence of command and control
>channels to and from botnets using 6to4 and completely bypassing IDS
>and firewall packet inspection.
>
>Has anyone else heard or seen this?
>
>Terry
>--
>Terry Manderson email: terry at apnic.net
>Network Operations Manager, APNIC sip: info at voip.apnic.net
>http://www.apnic.net phone: +61 7 3858 3100
>
More information about the ipv6-ops
mailing list