IPV6 Transistion Tools Raise Security Concerns

Schtask

Limp Gawd
Joined
Nov 29, 2011
Messages
436
NATO's Cooperative Cyber Defence Centre of Excellence has published a research paper claiming that IPv4 to IPv6 transition tools have security holes that can be utilized to create undetectable communications channels across networks. Through these channels an attacker could exfiltrate data and gain remote control over target devices.
 
Last edited:

Rahh

[H]ard|Gawd
Joined
Jan 14, 2005
Messages
1,607
More doors to take care of with IPv6 so only makes sense one of those doors could be left not guarded through negligence.
 

Ehren8879

Supreme [H]ardness
Joined
Sep 24, 2004
Messages
4,455
Great, another reason for administrators to put off IPv6 deployments.
 

Dead Parrot

2[H]4U
Joined
Mar 4, 2013
Messages
2,831
IMO, a lot of the issues with IPv6 is that it was designed and approved around 1998. Most folks didn't have home networks and those that did were mostly tech aware types. Also the Internet was still mostly a friendly place were security measures were largely considered unneeded other then maybe running an antivirus package.

For most home networks, IPv4 is all you need. Even a well equipped IoT house is unlikely to use up a 192.168 range or a 10. range. And having only IPv4 on your side of the edge device means only one network stack to monitor. Yet as best I can research, there is no standard for setting that scenario up. You either stay with IPv4 local or implement a dual stack environment. Unlikely to be able to go pure IPv6 since most legacy devices have a poor IPv6 stack if they have one at all. And an IPv4 address is much easier to remember.

If the powers that be really want IPv6 to be widely adopted, they probably need to revise the standard to take into account the current Internet issues of security and large numbers of home networks operated by folks mostly ignorant of proper IT network and security issues.
 

Burticus

Supreme [H]ardness
Joined
Nov 7, 2005
Messages
4,706
For most home networks, IPv4 is all you need. Even a well equipped IoT house is unlikely to use up a 192.168 range or a 10. range. And having only IPv4 on your side of the edge device means only one network stack to monitor.

Agreed. There's no reason for homes or small biz to even bother with IPv6. Let the router handle the translation. Leave IPv6 for core/backbone networking or huge environments.
 

rezerekted

2[H]4U
Joined
Apr 6, 2015
Messages
3,043
I disabled IPv6 in my router so it can only use IPv4. I did that because OpenDNS does not work over IPv6.
 

Ehren8879

Supreme [H]ardness
Joined
Sep 24, 2004
Messages
4,455
Agreed. There's no reason for homes or small biz to even bother with IPv6. Let the router handle the translation. Leave IPv6 for core/backbone networking or huge environments.

IPv6 is as simple as NATd v4. Dont know why people think it's super complex.
 
Top