A gap in the adoption of the IPv6 protocol could be leaving users prone to attack, researchers have warned.
Security firm Neohapsis is warning that the protocol, which has been undergoing a rollout over the last several years, could be subject to a unique attack that redirects users to unwanted potentially malicious pages.
Dubbed an SLAAC attack, the operation takes advantage of the client-side rollout of IPv6 and the built-in preference such systems have for the new protocol.
“Modern operating systems, such as Windows 8 and Mac OS X, come out of the box ready and willing to use IPv6, but most networks still have only IPv4,” explained Neohapsis researchers Brent Bandelgar and Scott Behrens.
“This is a problem because the administrators of those networks may not be expecting any IPv6 activity and only have IPv4 monitoring and defences in place.”
The researchers went on to describe a scenario in which the attacker finds an IPv4 connection and sets up a server or network impersonating an IPv6 alternative. When users attempt to load the intended site, their systems could, by default, select the imposter network instead, sending their traffic through the attacker’s systems.
“They could pretend to be an IPv6 router on your network and see all your web traffic, including data being sent to and from your machine,” the researchers said.
“Even more lethal, the attacker could modify web pages to launch client-side attacks, meaning they could create fake websites that look like the ones you are trying to access, but send all data you enter back to the attacker (such as your username and password or credit card number).”
While such attacks could be mitigated by disabling IPv6 on newer systems, Neohapsis believes that the more practical and effective solution for the long term is to encourage companies and network operators to speed up their adoption of the IPv6 protocol.
AUG
2013