Skip navigation
Cisco Learning Home > Certifications > Security > Discussions

_Communities

8303 Views 9 Replies Latest reply: Aug 13, 2009 6:22 AM by Jared RSS

Currently Being Moderated

IPv6 security concerns

Jul 21, 2009 5:36 PM

Jared 5,498 posts since
Jul 27, 2008

Here is a very interesting article regarding security issues with IPv6.  http://www.networkworld.com/news/2009/071309-ipv6-network-threat.html

 

I would really like to hear from those who have some IPv6 insight on this.

  • ciscoskeemz 462 posts since
    Jul 10, 2008
    Currently Being Moderated
    1. Jul 21, 2009 8:32 PM (in response to Jared)
    Re: IPv6 security concerns

    very interesting article Jared....my company is still on ipv4 and I do not see that changing for quite a bit there

  • TX858 183 posts since
    Sep 29, 2008
    Currently Being Moderated
    2. Jul 21, 2009 9:31 PM (in response to Jared)
    Re: IPv6 security concerns

    I read this article today in my print copy of NW. My first thought after reading it was, "Did no one think about this before now?"

     

    Good eye Jared. Hope to see more discussion on this.

     

    John

  • Kenny Taylor 126 posts since
    Mar 19, 2009
    Currently Being Moderated
    3. Jul 22, 2009 8:38 AM (in response to Jared)
    Re: IPv6 security concerns

    There seems to be a lot of IPv6 scare stuff going around recently.  I've run it on my home network since mid-2007 using a free tunnel from Hurricane Electric.  It has worked great.  Just realize that an IPv6 subnet does not hide behind a NAT

     

    Having IPv6-enabled hosts on a network is not a big deal.  Those hosts get automatic IPv6 link local addresses (fe80:....).  Those are unroutable by definition.  Your routers, firewalls, and ISP connection won't magically start routing IPv6.  So you have an additional non-routed protocol running on your network.  Some of these writers are suggesting that provides a pathway for spyware or "hidden" traffic within your LAN.  But it's no different than running a different non-routed protocol like IPX or AppleTalk.

     

    One of these articles suggested that a rogue host could provide an IPv6 tunnel and send out router advertisements, causing the IPv6-enabled hosts generate automatic IPv6 addresses and route traffic through that host.  That's a concern, but if unknown tunnelling protocols are being allowed out the firewall, then you have a more fundamental problem to address first.  An attacker could probably pull off something very similar on IPv4 using an IPsec tunnel and spoofed DHCP.

  • Currently Being Moderated
    4. Jul 22, 2009 9:10 AM (in response to Jared)
    Re: IPv6 security concerns

    Hello!

     

    This is a nice article.  I was speaking with a friend of mine about this over lunch yesterday, and while I definitely think it brings up some interesting concerns about the protocol, I don't think it will raise many eyebrows in the U.S. since most IPv6 is being tunneled anyway.  This might catch more people overseas by surprise.  I know for a fact that my cable provider does not support DOCSIS 3.0 and there is no talk about it being implemented in the ner future.

     

    One thing I have learned early on in networking is that nothing is perfect and the same holds true with IPv6 and other protocols that will interoperate with it.

     

    Erick

  • Kenny Taylor 126 posts since
    Mar 19, 2009
    Currently Being Moderated
    5. Jul 22, 2009 9:31 AM (in response to Erick)
    Re: IPv6 security concerns

    The driving force behind DOCSIS 3.0 seems to be the channel bonding (more bandwidth).  We will probably only see it in markets where the cable company is competing with fiber to the home.  At least for a while.  I'm not expecting it anytime soon in my local market

  • Currently Being Moderated
    8. Aug 12, 2009 4:20 PM (in response to Jared)
    Re: IPv6 security concerns

    Hi Jared.

     

    Can you try posting this question in the CCNP R&S study group?  Keith is the group leader and he did the IPv6 presentation, so maybe he would have something about this.

     

    The only thing I can come up with is that you have two host running IPv6 and you wanted to configure an ISATAP tunnel between them.

     

    Erick

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)