iTnews

IPv6 attacks bypass network intrusion detection systems

By Juha Saarinen, iTnews on Apr 7, 2017 6:47AM
IPv6 attacks bypass network intrusion detection systems

New protocol enables invisible data exfiltration.

The transition to internet protocol version 6 has opened up a whole new range of threat vectors that allow attackers to set up undetectable communications channels across networks, researchers have found.

A paper has been published by researchers at the NATO defence alliance's Cooperative Cyber Defence Centre of Excellence and Estonia's Tallinn University of Technology. It outlines how attackers can create covert data exfiltration channels and system remote control, using IPv6 transition mechanisms.

IPv6 aims to remove the technical drawbacks of the older IPv4 addressing scheme but brings its own fresh set of dangers, the researchers warned.

Since IPv6 implementations and security solutions are relatively new and untested, and systems engineers aren't fully aware of them, the new protocol can become a network backdoor attackers can exploit undetected.

The researchers developed proofs of concept with tunnel-based IPv6 transition tools over IPv4-only, or IPv4/IPv6 dual-stack networks, that were able to pass traffic undetected by common network intrusion detection systems (NIDS) such as Snort, Suricata, Bro and Moloch.

Defending against such IPv6 tunnelling attacks is very difficult with current NIDS.

"... any reasonably sophisticated method for exfiltrating data will be hard to detect in real-time by existing NIDSs, especially in situations where the data is split into smaller chunks and the resulting pieces use different connections or protocols (e.g. IPv4 and IPv6)," the researchers wrote.

Fundamental changes to the way network traffic is interpreted and parsed are required to address the threat, and administrators need to know how to properly configure, deploy and monitor security solutions to be aware of network flows, the researchers said.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
ccdcoe hedgehog in the fog ipv4 ipv6 security

Partner Content

Beat the DDoS blackmails in 2021
Partner Content Beat the DDoS blackmails in 2021
Why companies fail at picking cloud modernisation partners
Partner Content Why companies fail at picking cloud modernisation partners
Shut the door on ransomware
Partner Content Shut the door on ransomware
MSI shows first laptops with Wi-Fi 6E, Nvidia RTX 30 graphics
Partner Content MSI shows first laptops with Wi-Fi 6E, Nvidia RTX 30 graphics

Sponsored Whitepapers

The risky business of open source
The risky business of open source
Ensure your e-signatures are legally binding
Ensure your e-signatures are legally binding
Mitigating open source risk in your organisation
Mitigating open source risk in your organisation
How to choose a WAF that's right for you
How to choose a WAF that's right for you
The global telco 5G cloud gaming opportunity
The global telco 5G cloud gaming opportunity

Events

  • On-Demand Webinar: How Poly and Microsoft are Embracing Future Work Environments
  • Beat the DDoS blackmailers in 2021
By Juha Saarinen, iTnews
Apr 7 2017
6:47AM
0 Comments

Related Articles

  • New Raindrop malware used in SolarWinds hack found
  • Security vendor Malwarebytes hacked through Office 365 and Azure
  • UNSW restarts search for new CISO
  • Reserve Bank of NZ governor apologises for 'serious' data breach
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Telstra blasts plan to 'set aside' mobile spectrum for Optus and TPG, but not it

Telstra blasts plan to 'set aside' mobile spectrum for Optus and TPG, but not it

Google unravels state-of-art Android and Windows exploit chains

Google unravels state-of-art Android and Windows exploit chains

Tyro halts trading following week-long outage

Tyro halts trading following week-long outage

Defence switches on initial SAP ERP system capability

Defence switches on initial SAP ERP system capability

You must be a registered member of iTnews to post a comment.
Log In | Register
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.