Loading...

Stupid Little IPv6 Tricks

With the IPv6 Summit on Friday, various IPv6 related topics are of course on my mind. So I figured to put together a quick laundry list of "stupid little IPv6 tricks/topics". Let me know what issues you are running into as well:

1 - Proxies
Right now, many web sites use proxies to provide IPv6 access. The result is some "interesting" behaviour that you may experience:
  • The IPv6 version of the site may be out of date because the proxy cached it.
  • The IPv6 version may use a different certificate (see an earlier story about this).
  • A site may be down via IPv6 (because of a proxy problem) but up via IPv4.
  • The actual web application isn't coded to look at the Forward-For or similar header, so it has no idea where you are comming from and you run into rate limits.
2 - Extension Headers
Security devices still have issues with extension headers. They may miss attacks, or just misinterpret packets.
  • IDSs will not reassemble sessions correctly as they do not know if a packet will be dropped or not.
  • Firewalls may block packets (or let them pass) as they can't figure out the protocol.
  • Packet analysis tools will give you the wrong interpretation of a packet.
3 - Log Analysis / Address Interpreation
I still see log analysis tools that at first sight seem to work fine with IPv6, but they don't "normalize" the addresses, meaning that 2001:db8::1 is not considered equal to 2001:0db8::1 or 2001:0db8:0000:0000:0000:0000:0000:0001.
4 - Spam
Probably the most common IPv6 "attack" I see is spam, probably by accident (both ends happen to support IPv6) but it works quite well as there are still no real block list for IPv6.
5 - Portscans
So far, we see pretty much no port scans on IPv6 (which is kind of good ;-) ). It is still a decent idea to "hide" an SSH server in IPv6 space.
BTW: Don't forget that we are now able to accept IPv6 firewall logs, not just IPv4!

Source:Sans
Reactions: 
tips and tricks 6798435038373991134

Post a Comment

  1. Thanks for the informative post & for providing us this great write up, Keep it up.
    Do Visit www.adaalo.com Adaalo™ Free Online Classified Marketplace In India, Offer's Fastest Posting Ever, Find Nearby Ads With Registered Users Only. Free / Secure / Easy.

    ReplyDelete
  2. BlueHost is ultimately one of the best hosting company with plans for all of your hosting requirements.

    ReplyDelete
  3. I am so blessed to have known Cyberhackpros@gmail.com you are god sent.i really appreciate working with you after you helped me discover my husband was cheating on me and all he asked for was his email and phone number, that way I was able to access all the information I needed .i am not ashame to tell because i know alot of people need this too. call/text +1 512 605 1256 INSTAGRAM:Cyberhackprofessionals

    ReplyDelete

emo-but-icon

Home item

Follow by Email

Recommend on Google

Advertisements

Advertisements

Popular Posts

Random Posts

Recent Posts

ADS

eXTReMe Tracker