Comments on: IPv6 Tunneling Protocols: Good for Adoption, Not So Hot for Security

By: IPv6 Tunneling Protocols: Good for Adoption, Not So Hot for Security – Security Threat Research News

Mon, 07 Dec 2009 04:38:53 +0000

[...] from: TrendLabs | Malware Blog – by Trend MicroIPv6 Tunneling Protocols: Good for Adoption, Not So Hot for Security Ben April (Advanced Threat Researcher) @ TrendLabs | Malware Blog – by Trend Micro [...]

By: Phocean.net » IPv6 tunneling and security

Phocean.net » IPv6 tunneling and security — Wed, 04 Nov 2009 10:11:07 +0000

[...] Follow this link. [...]

By: IPv6 Tunneling-Protokolle – Anwender sollten die Risiken kennen » markus-arlt.de

IPv6 Tunneling-Protokolle – Anwender sollten die Risiken kennen » markus-arlt.de — Wed, 28 Oct 2009 22:48:09 +0000

[...] diesem Hinweis auf Sicherheitsrisiken möchte Ben April allerdings niemanden davon abhalten, IPv6 auszuprobieren. Im Gegenteil, er rät jedem, das [...]

By: Sabahattin Gucukoglu

Sabahattin Gucukoglu — Tue, 27 Oct 2009 15:42:09 +0000

I'm not all scared. My server's public IPv4 address is already known; there is no egress on most ISPs; people can already do horrible things to me and my server. That is no different with assigned teredo and/or 6to4. But, yeah, 6in4 is the more "Secure" alternative since you can have trust rules leading from your end to the gateway's end work fine (no unsolicited traffic).

Remember, part of what makes Teredo and/or 6to4 so damn useful is that we can do direct host-to-host communication with routable blocks of IPv6. So we get IPv4's routing advantages without the 'orrible NAT/ALG/crap (minus a bit of efficiency for smaller payload sizes). I agree it's something to think about, but not too hard. Remember when we had ::/96 for compatible IPv4 addresses? Now that *would* have been anarchy (and there are still vestiges of that left in the various hideous translation proposals being pushed by all and sundry).

Cheers,
Sabahattin

By: Joe Klein

Joe Klein — Tue, 27 Oct 2009 14:52:12 +0000

Ben, IPv6 is a great protocol with many security features, not just IPSec, but until we have built end-to-end native IPv6 connections and rid ourselves of IPv4, the transition techniques you describe above will be a ongoing threat to the network integrity of all organizations. But your blog entry only touched on a very small surface of the threat.

In my speech at DOJOSec (http://blog.saecur.com/2009/07/saecur-dojosec-june-2009-joe-klein.html), I describe more tunnels and problems that need to be addresses today, prior to implementing IPv6. I also have a site which contains the last 5 years of my IPv6 security presentations ( http://sites.google.com/site/ipv6security/Joe Klein)

Lastly, DOJOCon (www.dojocon.org), a Security conference to benefit Hackers For Charity (http://www.hackersforcharity.org/), is scheduled to stream my presentation sometime after 3:50pm EST, Friday November 6th, 2009. Check out the website to learn more about the conference. And don’t forget to donate to “Hackers for Charity”!

And Ben, keep up the great work on the blog! It’s worth the read.

Joe Klein, CISSP…
North American IPv6 Task Force, Security SME

By: UnderForge of Lack » Blog Archive » 2009.10.27 火曜日（たぶん）縮刷版

UnderForge of Lack » Blog Archive » 2009.10.27 火曜日（たぶん）縮刷版 — Tue, 27 Oct 2009 00:14:36 +0000

[...] ———- IPv6 と 6to4プロトコル IPv6 Tunneling Protocols: Good for Adoption, Not So Hot for Security [...]