Pen testing on IPv6 networks

In Through the Back Door

Article from Issue 143/2012
Author(s):

If you have enabled IPv6 on your network without considering basic security issues, you might have opened up a hole for attackers. In this article, we demonstrate a successful attack on a server via IPv6 and explain how the popular security tools handle IPv6.

Although the “next generation” IPv6 Internet protocol can already look back on more than 10 years of history, many companies are only now starting to migrate to the new version. Some experts have already begun to point out that IPv6 security has some unexpected complications for admins who are accustomed to IPv4 networks. One such under-mentioned problem is the need to lock down or turn off IPv6 services that might be running on an IPv4 or a dual IPv4/ IPv6 network. Some modern systems enable IPv6 by default. Even if your network is primarily focused on IPv4, it is a good idea to pay some special attention to IPv6 in your pen testing. You might discover that your systems are vulnerable to exploits in IPv6 that aren’t available (or don’t appear) through conventional IPv4 pen tests.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Charly's Column: Swaks

    Searching for errors on an SMTP server via Telnet and test mails can seem like a never-ending obstacle course. The utility called Swaks helps bring the finish line within reach.

  • Security Lessons

    When it comes to security, public disclosure of vulnerabilities and working exploit code is now common. We look at why this can be both harmful and helpful to securing your systems.

  • Apache Tuning Tips

    In the battle for web visitors, milliseconds count. A few simple changes will help your site stay popular.

  • Linux Filesystems on Windows 8

    For years, Windows has stubbornly refused to support any filesystems apart from its own, but with a few tricks, you can make your Windows systems talk to the Linux ext filesystem.

  • Charly's Column: Metasploitable

    If you mess around with a pen-testing tool on your own network, you might survive the consequences, but chances are you'll take the prize for outstanding recklessness. Charly has some advice: Use Metasploitable, perhaps the most broken Linux ever.

comments powered by Disqus