Report: Some IPv4 networks may be vulnerable to IPv6 attacks
According to a recent InformationWeek report, IPv4 networks may be vulnerable to a new kind of attack.
By Donna DonowitzApril 18, 2011
As the internet runs out of IP addresses, the existing IPv4 protocol is being replaced with the new IPv6 standard, which will enable the expansion of the number of available addresses.
While the advent of IPv6 is widely viewed as an important development designed to maintain internet functionality, a recent InformationWeek report suggested IPv4 networks may now be vulnerable to attacks that utilize the new protocol.
According to the report, there are certain capabilities built into IPv6 that may enable the next-generation standard to be used for "man-in-the-middle" attacks on users of IPv4 networks.
Alec Waters, a security researcher, told InformationWeek that a knowledgeable person with intent to cause harm could potentially "impose a parasitic IPv6 overlay network on top of an IPv4-only network, so that an attacker can carry out man-in-the-middle attacks on IPv4 traffic."
Waters demonstrated the possibility of such an attack using a proof-of-concept scenario involving Windows 7. Nevertheless, such an attack would theoretically be possible against systems using "any operating system that ships with IPv6 installed and operational by default," he said.
According to the report, an attack would be perpetrated by connecting an IPv6 network router to an existing IPv4 network. At the same time, the router would be connected only to the IPv4 internet. The attacker could then utilize a process called stateless address auto-configuration, or SLAAC, to create addresses through router advertising, or RA.
Having done that, an attacker would then be able to control the direction of internet traffic.
Johannes Ullrich, chief research officer for the SANS institute, told InformationWeek the attacker could then deploy an experimental protocol called NAT-PT. "By combining the fake RA advertisements with NAT-PT, the attacker has the ability to intercept traffic that would normally use IPv4," he said.
While some view this seeming vulnerability as a cause for potential concern, other experts have said that the supposed "bug" is in fact a feature. Jack Koziol, a senior instructor and security program manager at InfoSec Institute, said the severity of a potential attack is "disputed, because this is the default configuration of Windows Vista/7/2008 operating systems."
However, Koziol noted that, regardless whether it is a "bug," the new protocol does leave some IPv4 systems vulnerable.
In order to avoid this vulnerability, then, it would seem that companies may do well to adopt the advice that many IT professionals have suggested all along and increase their adoption of IPv6 networks.
While the advent of IPv6 is widely viewed as an important development designed to maintain internet functionality, a recent InformationWeek report suggested IPv4 networks may now be vulnerable to attacks that utilize the new protocol.
According to the report, there are certain capabilities built into IPv6 that may enable the next-generation standard to be used for "man-in-the-middle" attacks on users of IPv4 networks.
Alec Waters, a security researcher, told InformationWeek that a knowledgeable person with intent to cause harm could potentially "impose a parasitic IPv6 overlay network on top of an IPv4-only network, so that an attacker can carry out man-in-the-middle attacks on IPv4 traffic."
Waters demonstrated the possibility of such an attack using a proof-of-concept scenario involving Windows 7. Nevertheless, such an attack would theoretically be possible against systems using "any operating system that ships with IPv6 installed and operational by default," he said.
According to the report, an attack would be perpetrated by connecting an IPv6 network router to an existing IPv4 network. At the same time, the router would be connected only to the IPv4 internet. The attacker could then utilize a process called stateless address auto-configuration, or SLAAC, to create addresses through router advertising, or RA.
Having done that, an attacker would then be able to control the direction of internet traffic.
Johannes Ullrich, chief research officer for the SANS institute, told InformationWeek the attacker could then deploy an experimental protocol called NAT-PT. "By combining the fake RA advertisements with NAT-PT, the attacker has the ability to intercept traffic that would normally use IPv4," he said.
While some view this seeming vulnerability as a cause for potential concern, other experts have said that the supposed "bug" is in fact a feature. Jack Koziol, a senior instructor and security program manager at InfoSec Institute, said the severity of a potential attack is "disputed, because this is the default configuration of Windows Vista/7/2008 operating systems."
However, Koziol noted that, regardless whether it is a "bug," the new protocol does leave some IPv4 systems vulnerable.
In order to avoid this vulnerability, then, it would seem that companies may do well to adopt the advice that many IT professionals have suggested all along and increase their adoption of IPv6 networks.
