ACM.459 Before you enable and start using IPv6, make sure you understand how it can be attacked
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ ~~~~~~
⚙️ Discover my series on Automation of cybersecurity measures. THE Coded.
🔒 Related Stories: AWS Security | Internet Security | IPv6
💻 Free content on Cybersecurity Jobs | ✉️ Register for Broadcast list
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ ~~~~~~
In the last article, I showed you how to run Docker without root to protect against injections and similar attacks.
In this article I will discuss some attacks that can be carried out if you use IPv6.
I’ve already explained why I disable IPv6 on my home network.
I do not need it. The goal of IPv6 is to handle many more IP addresses than IPv4 can handle. I don’t have many IP addresses on my personal home network or even in my cloud, so I don’t need them. I doubt anyone needs IPv6 on their home network.
I can instantly recognize IPv4 ranges. After many years of working in the network security field, I can instantly recognize certain IP address ranges such as those belonging to major cloud providers, Google DNS servers, and malicious ranges such as 77.xxx which is usually Russia or the low 100 which is usually somewhere in Asia and often networks like Tencent, Hinet, Chinanet and others.
Easier to spot anomalies. Because I recognize the traffic, it’s easier to spot anomalies. Of course, these network blocks are becoming more and more fragmented, but it remains useful to be able to instantly recognize a potentially malicious source when inspecting network traffic. It is easier to spot anomalies.
Twice as much to manage. IPv4 and IPv6 are completely different. At the packet layer, these protocols do almost everything differently although there are similar concepts and names. If I’m running IPv4 and IPv6 I need to make sure I configure both correctly. If I only use IPv4, I only have to manage one version. As stated in other articles, if I get to the point where I have to…