With the IPv6 Summit on Friday, various IPv6 related topics are of course on my mind. So I figured to put together a quick laundry list of "stupid little IPv6 tricks/topics". Let me know what issues you are running into as well:
1 - Proxies
Right now, many web sites use proxies to provide IPv6 access. The result is some "interesting" behaviour that you may experience:
2 - Extension Headers
Security devices still have issues with extension headers. They may miss attacks, or just misinterpret packets.
3 - Log Analysis / Address Interpreation
I still see log analysis tools that at first sight seem to work fine with IPv6, but they don't "normalize" the addresses, meaning that 2001:db8::1 is not considered equal to 2001:0db8::1 or 2001:0db8:0000:0000:0000:0000:0000:0001.
4 - Spam
Probably the most common IPv6 "attack" I see is spam, probably by accident (both ends happen to support IPv6) but it works quite well as there are still no real block list for IPv6.
5 - Portscans
So far, we see pretty much no port scans on IPv6 (which is kind of good ;-) ). It is still a decent idea to "hide" an SSH server in IPv6 space.
BTW: Don't forget that we are now able to accept IPv6 firewall logs, not just IPv4!
Intrusion Detection In-Depth - SANS London July 2019
Jun 12th 2013
6 years ago