1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

IPv6 Protection by OSes Inadequate, Potential Vulnerabilities Surface

Discussion in 'News' started by btarunr, Jul 22, 2008.

  1. btarunr

    btarunr Editor & Senior Moderator Staff Member

    Joined:
    Oct 9, 2007
    Messages:
    28,708 (11.16/day)
    Thanks Received:
    13,669
    Location:
    Hyderabad, India
    Rudimentary software-level protection for IPv6 (Internet Protocol Version 6), a network protocol which comes pre-installed with several operating systems (OS) but poorly implemented in the real-world makes it a protocol ignored by security providers, and effectively a soft-target for hackers to compromise a system.

    Several OSes including Linux 2.6 upwards, Windows Vista, Solaris, Mac OS X and mobile OSes such as Windows Mobile 5 and 6 come with IPv6 enabled by default, though the user would probably not use the protocol in a year 2008 setting where the networks haven't embraced the protocol to level that makes it an explicit requirement for all internet-enabled computers the way IPv4 is. Keeping this in mind, software level protection for IPv6 is close to non-existent, having strong intrusion detection-enabled protection might keep you safe at an IPv4 level that's still standard, but with IPv6 enabled and with protection that doesn't cover IPv6, the PC is as vulnerable as one without any firewall at all. With IPv6 'listeners' (programs that open ports and allow incoming connections) in place the PC becomes vulnerable to intrusions. All it takes is for a hacker to create an IPv6 listener program (malware) and plant it on a PC.

    Security Reasercher Joe Klein of Command Information says that the internet has no dearth for computers with IPv6 enabled without users' knowledge. Administrators who don’t keep tabs of their systems face a huge risk, said Klein. Operational dangers aside, administrators who work for organizations that have to comply with regulations like HIPAA or Sarbanes-Oxley risk non-compliance if they don’t secure their IPv6 implementations – whether they realize they have one or not. Perhaps the biggest threat is that of hackers tunneling IPv6 traffic through an IPv4 system. Tunneling often circumvents firewalls, even over IPv4.

    Command Information predicts that we will run out of IPv4 addresses in about two and a half years' time. The continuity of the internet's expansion depends on how quickly IPv6 is implemented globally. Apparently security isn't able to catch up with the pace of network technologies' advancements.

    Source: DailyTech
     
  2. PrudentPrincess

    PrudentPrincess New Member

    Joined:
    Jun 28, 2007
    Messages:
    669 (0.25/day)
    Thanks Received:
    53
    Location:
    Eugene
    lol another reason not to upgrade to Vista. :D
     
  3. btarunr

    btarunr Editor & Senior Moderator Staff Member

    Joined:
    Oct 9, 2007
    Messages:
    28,708 (11.16/day)
    Thanks Received:
    13,669
    Location:
    Hyderabad, India
    Windows XP SP2+ included. It just wasn't mentioned in the source article, so didn't mention it. WinXP SP2 and above does come with IPv6.
     
  4. tigger

    tigger I'm the only one

    Joined:
    Mar 20, 2006
    Messages:
    10,183 (3.24/day)
    Thanks Received:
    1,399
    Better uninstall xp sp2 then too eh :p

    Is it a problem then bta?
     
  5. Kreij

    Kreij Senior Monkey Moderator Staff Member

    Joined:
    Feb 6, 2007
    Messages:
    13,881 (4.93/day)
    Thanks Received:
    5,616
    Location:
    Cheeseland (Wisconsin, USA)
    Just shut it off if you don't use it. Not to terribly difficult.
     
  6. xfire

    xfire New Member

    Joined:
    Nov 22, 2007
    Messages:
    1,395 (0.55/day)
    Thanks Received:
    193
    Location:
    Hyderabad,India
    Reading the heading of the article I thought it was another one of Kaspersky antics.
    From what I understand of the article a firewall software hasn't been designed for IPv6 and this researcher is lamenting about it. One can't expect companies to come out with a software which no one uses. Companies need to make money and they will wait till IPv6 is started to be used or a few days before the switch is made.
     
  7. btarunr

    btarunr Editor & Senior Moderator Staff Member

    Joined:
    Oct 9, 2007
    Messages:
    28,708 (11.16/day)
    Thanks Received:
    13,669
    Location:
    Hyderabad, India
    Unchek this box, save settings, reboot:
    [​IMG]

    See if your internet/local network/NAS work properly. If so, keep it that way.
     
  8. tkpenalty New Member

    Joined:
    Sep 26, 2006
    Messages:
    6,958 (2.36/day)
    Thanks Received:
    345
    Location:
    Australia, Sydney
    not upgrading to IPV6 is just like ignoring global warming... :shadedshu
     
  9. Darkrealms

    Joined:
    Feb 26, 2007
    Messages:
    852 (0.30/day)
    Thanks Received:
    23
    Location:
    USA
    Odd, I just checked several of my work computers. A couple of them even have SP3 installed. Not one has IPv6 installed. I go to install a new protocal and it is available but not one machine has it installed. Did XP Pro not auto install it?
     
  10. Wshlist New Member

    Joined:
    Jul 13, 2008
    Messages:
    218 (0.10/day)
    Thanks Received:
    14
    Location:
    EU
    The original XP already had ipv6 support if I recall correctly, and certainly XP-SP1 did.

    I'd like to point out also that at some point with SP2 I started to notice my computer contacted microsoft a lot, even while I have automatic updates disabled, and I traced it to the IPv6 service that was running, so in privacy respect, and in wasted resources until IPv6 comes to the masses respect, I'd advise to disable the IPv6 service if it's running on your system.
    Right now AFAIK IPv6 is only used on backbones and by fervent enthusiast as an experiment in cooperation with their ISP, which is actually a pretty weird thing because one ISP for instance had that option and if you did they assigned you 32000 IP's!!! instead of the normal one or two.
    Once they roll it out it'll be hard to block unwanted people I guess.
     
    Last edited by a moderator: Aug 6, 2008

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)

Share This Page