Biggest risks of IPv6

Like any other protocol, IPv6 got it’s own little problems. These weaknesses can mainly be exploited in the local network. The problem with IPv6 is the fact, the it is active  on most systems, but the administrators are not aware of it.

  • Hidden IPv6 Traffic

If you are not using IPv6, block inbound and outbound traffic on your firewall. Most firewalls still have handicaps compared to IPv4. Intrusion Protection Systems do have only limited or no functionality in IPv6.

  • IPv6 Tunnels

Teredo, 6to4 and ISATAP allow to tunnel IPv6 through IPv4. For the administrator it looks like common IPv4 traffic. This allows an attacker to bypass Intrusion Protection Systems and firewalls. Teredo can even establish unwanted bidirectional tunnels to the Internet.

  • Router and Duplicate Address Detection Spoofing

Under IPv6 it is relatively simple to execute Router Spoofing and Duplicate Address Detection Spoofing. Similar attacks are possible under IPv4 as well. Because of the lacking knowledge, these attacks are very effective.

  • Rogue Router

Today, almost all devices have IPv6 turned on, but it is not actively used. That means, that all devices only wait for a Router Advertisement to become active. This Advertisement is the trigger for every device to set an IPv6 address and to actively use IPv6. Placing a rogue router in your network ends in a big mess.

The biggest danger with IPv6 is to ignore it. Even if you got no IPv6 connection to the Internet, it is here. IPv6 is not something to come in the far future.

If you do not want to use IPv6, then don’t use it by intention.