Hacking IPv6 (Internet Protocol Version 6)
I’ve done some blog posts before on Ipv6 about how it is the new version and type of Network IP Addressing that was created to ease the problem of Ipv4 (the one we’ve had all along with dotted-quad (e.g. 192.168.1.1) global space running out. IPv6 has been available on almost everyones computers for quite a few years now … the problem has been the “Last Mile” (last 22,200 some miles if you are on satellite) or Customer Premises Equipment. But now IPv6 is starting to come online to end-user Internet Connections. So for the purpose of this blog post – IPv6 is already turned on by default in Windows 7 and no doubt Mac OS X … and even in your iPhone and iPad devices. So the behavior described can affect Fixed and Portable computing devices.
On a local network (LAN) – including wireless – it has been pretty standard to use NAT and DHCP along with Router functionality to bring your network online for local (within your premises or conveyance). NAT just translates the real Internet IP Address to pseudo-hidden Private IP Addresses on the local area network. DHCP is the Private IP Address “Server” that assigns fixed and portable computing devices their IP Address and Gateway/Router settings automatically.
In IPV6 it’s not done that way. Many computers will have a real Internet IPV6 address without that NAT thing in the middle to hide behind. Those computers will also auto-configure themselves based on a new thing called RA – Router Advertisements. That replaces DHCP in IPv6 … although in many cases computing devices will get both DHCP assigned IPV4 and RA informed IPV6 addresses for dual-stack (double technology) compatibility.
The problem with the RA’s is that computing devices, Windows 7 was cited as an example, will blindly take these RA’s and set up the “advertiser” as their Default Gateway / Router. Because of this – it is possible for a wiley hacker on your network to spoof as a legitemate router … kind of take over … and be able to sniff all of your network traffic (passwords, credit card info, …)
Matt Oswalt describes this here: http://keepingitclassless.net/2011/09/ipv6-hacking-thc-ipv6-part-2/ and had another part-1 article that’s linked on there as well.
* Because of the way modern (Network Layer 2) wireless and network Ethernet Switches are designed … normally other people (other computing devices) on your Local Area Network do not see your important traffic. This is because of the way “network switch” devices work. Most of the traffic that’s important to you for security purposes is only sent between your computing device and the proper destination device, usually a router to the Internet. This is because the switch will forward only between the switch port that you are on – and the switch port that the router is on. No one else (no other computing device) could normally see your traffic – except for the expected public broadcast traffic that is part of how the IP Networking stuff works.
But for such a man-in-the-middle attack – the attacker becomes your router and forces all of your traffic through their computing device – and can sniff and observe everything. As the article tells – they will set it up to forward your traffic in both directions between your computing device and the Internet so that you don’t know that this is being done.
It also goes on to tell how there are ways for a Network Administrator to put certain things into place to prevent this from happening.
Note please that the attacker has to be on your Local Area Network to do this. On a boat that means they have to be on your boat network. But it doesn’t mean that they have to physically be onboard your boat. That’s something to think about when you might set up WEAK easily guessed or cracked Onboard Wireless Access Point passwords. You might not even be using IPv6 to the Internet on a boat – but IPv6 is still turned on on everyones computing device onboard. So if someone got access to the onboard wireless password … their on the NET … and they could do things like what has been described. They might not get anything over IPv6 if your Internet source doesn’t use it. But they COULD do similar things in IPv4 technology. Let’s say spoof as the DHCP Server for IPv4?
Video: RA DoS (Denial-of-Service) Attack at Defcon 19 Conference
—
Alan Spicer
Alan Spicer Marine Telecom
+1 954 683 3426
communications @ marinetelecom.net