Jumaat, 11 September 2009

Beginning with the release of Windows Vista, Microsoft has enable by default IPV6 protocol, and the policy will continue on the new baby-born windows 7. Among those reasons behind is that one of the Microsoft service requires IPV6, called Windows Meeting Space, which is peer-to-peer networks. What we are wondering now is that whether around 300 million users are aware on the IPV6 enable by default on their operating system? Is it really a threats if we just lets IPV6 running on our laptop? Lets see what network attackers can do ….

Considering the most serious issues of running a dual stack comprised of IPv6 and IPv4. Here’s what they said:

  • Rogue IPv6 traffic: Attackers realize that most network administrators aren’t monitoring IPv6 traffic or they can’t. Because existing firewalls, IDS, or network management tools aren’t IPv6-aware. Therefore, an attacker can send malicious traffic to any computer running IPv6 and it will get through.
  • IPv6 tunneling: Protocols such as Teredo and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) encapsulate IPv6 packets inside IPv4 packets. The morphed packets can easily pass through IPv4 firewalls and network address translation (NAT) equipment, defeating perimeter defenses purposed to sense and drop IPv6 packets.
  • Rogue IPv6 equipment: Because IPv6 uses auto-configuration, an attacker can gain considerable control over computers running IPv6, simply by placing a rogue device capable of issuing IPv6 IP addresses on the network under attack. To make matters worse the device could have router attributes. Forcing all traffic to transit through it, allowing attackers to snoop, modify, or drop traffic at their whim.
  • Built-in ICMP and multicast: Unlike IPv4, IPv6 requires ICMP and multicast traffic. That fact will significantly change how administrators approach network security. Right now, blocking ICMP and multicast traffic on IPv4 networks is the accepted practice. That will no longer work and complicated filtering of ICMP and multicast packets will be required to maintain some semblance of security.

Whether to leave IPV6 enable or not, we got both different camp of opinions. Some says need and some says no. But the most secured is that and for me, if I got laptop with IPV6 enable, I just turn it off. If you dont know how to turn it off, just follow the below link:

Disable IPv6 in Linux

Disable IPv6 in Windows Vista

Disable IPv6 in Mac OS X