Although designed to provide better security via IPSec, IPv6 also includes many enhancements, some of which can be exploited by attackers. For example, the address autoconfiguration feature be used by attackers to announce rogue routers. In addition, some of the transitioning mechanisms designed to allow for easier interaction between IPv6 and IPv4 networks can be misused by attackers. Transitioning tools create a way for IPv4 applications to connect to IPv6 services, and IPv6 apps to connect to v4 services.
Because of the standardized transitioning methods, such as 6to4, Simple Internet Transition (SIT) tunnels and IPv6 over UDP (such as Teredo and Shipworm), IPv6 traffic may be coming into networks without their administrators being aware of the fact (and thus, without them being aware that they are vulnerable to IPv6 exploits). For example, since many firewalls allow UDP traffic, IPv6 over UDP can get through those firewalls without administrators realizing whats happening. Attackers can use 6 over 4 tunnels to evade Intrusion Detection software.
Its also important to note that the Internet Connection Firewall (ICF) that is included with Server 2003 is only capable of filtering IPv4 traffic; it cannot block IPv6 traffic. Attackers can exploit this and get into your network with IPv6 packets if you dont implement other firewall software that has this capability.
by ironwalker edited by Optimized
last modified: 2004-03-05 20:06:40