Honeypots mailing list archives
Re: IPv6
From: "mb_lima" <mb_lima () uol com br>
Date: Fri, 20 Dec 2002 14:44:10 -0200
Hi Valdis,
There's probably not a lot out there. This is probably beca
use most people
think that for the most part, securing an IPv6 network is re
ally almost
the same thing as securing an IPv4 network. There's only a
few real classes
of attacks:
IPv6 provides more resources to protect itself. IPSec mandatory is one of them.
1) Attacks that exploit some brokenness of the protocol itse
lf (for instance,
Smurf using what was a bad choice of default for pings to a
broadcast address).
´Ping packets can be authenticated in IPv6. Against smurf, IPv6 has protection. I don´t remember what, but it has... :-)
2) Attacks that exploit a bug in a broken stack (for instanc
e, the original
'ping-of-death').
It is a problem in Implementations. It is not a protocol problem.
3) Attacks that happen to use a given protocol stack to deli
ver malicious
data to an application listening on a port. For instance, I
suspect that
last week's round of SSH bugs will work equally well over IP
v6 if the SSH
supports IPv6 connections.
Problems in application level, i think that should not be solved in network level.
And let's face it -
there's only a limited amount you can do to *secure*
the network before it becomes time to bite the bullet and st
art using IPSec. ;)
This is is time question... ;-) Best regards, Marcelo. --- UOL, o melhor da Internet http://www.uol.com.br/
Current thread:
- RE: IPv6, (continued)
- RE: IPv6 Hornat, Charles (Dec 18)
- RE: IPv6 mike (Dec 18)
- FW: IPv6 Hornat, Charles (Dec 18)
- Re: FW: IPv6 xbud (Dec 19)
- Re: FW: IPv6 mike (Dec 19)
- Re: IPv6 Jon Miller (Dec 19)
- Re: IPv6 mb_lima (Dec 20)
- Re: IPv6 Valdis . Kletnieks (Dec 20)
- Re: IPv6 mb_lima (Dec 20)
- Re: IPv6 mb_lima (Dec 20)
- Re: IPv6 mb_lima (Dec 20)
- RE: IPv6 Hornat, Charles (Dec 18)