[AusNOG] My Predictions for the ISP Industry

Christopher Pollock chris at ionetworks.com.au
Thu Mar 15 13:39:51 EST 2012


Yes, definitely, but although we've added a second attack vector, it's also
important to note that its inherent differences will change the attack
profile.

Geoff made a great presentation on Dark Traffic on V6 at AusNOG a few years
ago on how the profile is changing:
http://www.potaroo.net/ispcol/2010-07/dark6.html

tl;dr version is that because of the increased space, it appears somewhat
unfeasible to scan v6 address ranges the way that v4 gets swept.  It
obviously doesn't mean that attack traffic won't exist, but it does mean it
will be more directly targeted with vectors discovered rather than swept.
 To a certain extent this means that we'll have a greater level of control
over what parts of our infrastructure are more likely to be found,
depending on what information we allow to be publically available.

For one thing, this makes a good case for keeping your internal DNS truly
internal.

--
Christopher Pollock,
io Networks Pty Ltd.
e. chris at ionetworks.com.au
p. 1300 1 2 4 8 16
d. 07 3188 7588
m. 0410 747 765
skype: christopherpollock
http://www.ionetworks.com.au
In-house, Outsourced.



On Thu, Mar 15, 2012 at 12:22 PM, Eric Pinkerton <
Eric.Pinkerton at stratsec.net> wrote:

> >I can't see why you wouldn't turn it on now if you had the option.
>
> One of the things that I haven't seen much discussed about is that in
> turning on dual stack you are obviously increasing your attack surface.
>
> Bad people* have been playing with IPV6 for quite some time, thanks to
> anonymity provided by tunnelling, and of course because many of the current
> defensive measures are behind the curve here.  Also you can draw your own
> conclusions about the efficacy of current LI solutions where IPV6 is
> concerned.
>
> There are number exploits specifically targeting weaknesses within IPV6
> and ICMP6 protocols, and research has put pay to earlier misguided
> perceptions that IPV6 is inherently more secure that its predecessor.  Add
> to this  an increase in the opportunity for configuration mistakes and you
> start to appreciate why many organisations are in  'wait and see what
> everyone else does' mode.
>
>
> Regards
>
>
>
> Eric Pinkerton
> Principal Consultant
>
> STRATSEC.NET PTY LTD
>
> *
> http://www.internetsecuritydb.com/2011/07/australian-feds-unmask-evil.html
>
>
> --
> Message  protected by MailGuard: e-mail anti-virus, anti-spam and content
> filtering.http://www.mailguard.com.au/mg
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20120315/30000b8e/attachment.html>


More information about the AusNOG mailing list