Akamai Diversity

The Akamai Blog

Q1 2015 SOTI Preview: IPv6 Security Challenges

The Q1 2015 State of the Internet - Security Report is due out next month, and we think the week of RSA Conference 2015 is a good time to start previewing sections.

Let's begin with the potential security risks of widespread IPv6 adoption.

Widespread expansion of the Internet has nearly exhausted the supply of available Internet Protocol version 4 (IPv4) addresses. This sparked the creation of IPv6, which has several benefits. Besides the extra address space, IPv6 includes some fundamental changes that could have larger security implications.

Akamai's Prolexic Security Engineering & Research Team (PLXsert) gathered a collection of tools and attack vectors developed and used by researchers and malicious actors and found the following elements driving potential attacks:

- Abuse of transitional technologies to bypass security controls
- Use of IPv6 protocol against applications and services that are IPv6 enabled, bypassing IPv4 security controls
- Modification of IPv6 protocol structure, aiming to bypass IPv6 IPS, IDS and firewall technologies
- Application layer attacks have been adapted to work over IPv6
- Adaptation of exploitation frameworks to work with the IPv6 protocol
- Denial of service tools and techniques based solely on the IPv6 protocol architecture

As IPv6 adoption progresses, several researchers have found possible weak points and vulnerabilities in its various implementations. Most of these have been addressed by either deprecating features of the protocol itself -- which was the action taken to address the Type 0 Routing Header extension (RH0) -- or by introducing preventive measures such as IPv6 Router Advertisement Guard (RA Guard).

To read the full story, pre-register for your copy of the Q1 2015 State of the Internet - Security Report.

1 Comment

Published compromises using the above items have been track back to 2001. Glad Akamai and others has been listening, as I have been publishing the details on these IPv6 problems for almost 15 years.