New York security researcher Joe Klein of Command Information told people attending the the annual HOPE (Hackers on Planet Earth) conference that weak, or nonexistent, implementations in security software can leave otherwise-secure systems so open that in some cases, “it’s as if there’s no firewall running at all”.

The internet is s full of computers surreptitiously running IPv6, “unbeknownst to their owners,” he said, according to Daily Tech, which goes on:

Compounding the problem is the number of operating systems shipped with IPv6 enabled by default, which includes Windows Vista, Linux’s 2.6 kernel, Sun’s Solaris, Mac OS X, and a variety of cell phones operating systems, including Windows Mobile 5 and 6.

Computers with a lackluster IPv6 setup – even if they have a strong IPv4 firewall or Intrusion Detection System (IDS) in place – are just as naked in IPv6 space as they would be in IPv4-space without a firewall, with any program that listens for connections allowed to accept them. Most operating systems, by default, use a handful of “listeners” used for networking and internal processes – and it is these listeners that are frequently the first to be targeted in an attack.

Network administrators who don’t keep tabs of their systems face a huge risk, said Klein in the story.

“Essentially, we have systems that are wide open to a network,” it has him saying. “It’s like having wireless on your network without knowing it.”

Adds Daily Tech:

Security researchers have for some time found hackers exploiting IPv6. A 2002 post from Lance Spitzer of the Honeynet project observed a hacker that broke in to a Solaris-based honeypot through normal means, enabled IPv6 connectivity in the OS, and then set up a tunnel out of the network that went into another country. The break-in was only discovered due to network packet-sniffing, and even then Spitzer says he was unable to decode the data being sent out.

One of the biggest threats is the variety of backwards-compatibility schemes designed to tunnel IPv6 traffic through an IPv4 system, like Teredo or the 6to4 system: the very act of tunneling often circumvents firewalls by nature.

“Teredo/ISATAP is currently and will continue to be a major red flag for networks that have both IP versions enabled, because tunneling confuses the heck out of a lot of firewalls and IDS deployments,” said an unnamed DoD security specialist,” the story quotes Wired’s Threat Level as saying.

.Add to Technorati Favorites .

See more here:
Naked in IPv6 space

Share/Save/Bookmark