Tuesday, April 11, 2006

The (today) need for IPv6

Every day more potential customers are asking for IPv6 support in security products. It's a raising trend that vendors are not ignoring.
But it's a trend we should try to interpret.

Just few corporates today decided to allow time for testing or pilot implementations and it's unlikely the large majority of them will seriously start implement IPv6 networks for another couple of years at least. So there is no pressure but it's still a feature many are requiring. Why?
Because it helps reducing choices drastically. It helps to recognize vendors more oriented to R&D. It helps to recognize which vendor will have stronger experience tomorrow.
In a word: it's strategy.

It's pretty evident looking at some vendors like Check Point and Cisco, pioneers in IPv6 support but offering something seriously limited and far from being useful.

And while vendors are starting a ride to appear as much forefronted as possible the underground community is already ahead, as usual.
An IPv6 Attack Toolkit from the famous The Hacker's Choice (THC) group is out and includes:

  • parasite6 - icmp neighbor solitication/advertisement spoofer, puts you as man-in-the-middle, same as ARP mitm (and parasite)

  • alive6 - an effective alive scanng, which will detect all systems listening to this address

  • fake_router6 - announce yourself as a router on the network, with the highest priority

  • redir6 - redirect traffic to you intelligently (man-in-the-middle) with a clever icmp6 redirect spoofer

  • toobig6 - mtu decreaser with the same intelligence as redir6

  • detect-new-ip6 - detect new ip6 devices which join the network, you can run a script to automatically scan these systems etc.

  • dos-new-ip6 - detect new ip6 devices and tell them that their chosen IP collides on the network (DOS).

  • fake_mld6 - announce yourself in a multicast group of your choice on the net

  • fake_mipv6 - steal a mobile IP to yours if IPSEC is not needed for authentication

  • ake_advertiser6 - announce yourself on the network

  • smurf6 - local smurfer

  • rsmurf6 - remote smurfer, known to work only against linux at the moment

One more reason for customers to ask for IPv6 support but wait for stronger kernels before real implementation.
Posted by Alessandro Perilli at Tuesday, April 11, 2006

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)