(IETF I-D): Implications of IPv6 Addressing on Security Operations (Fwd: New Version Notification for draft-gont-opsec-ipv6-addressing-00.txt)

Fernando Gont fgont at si6networks.com
Tue Feb 7 23:06:40 UTC 2023

Hi, Bill,

On 7/2/23 01:26, William Herrin wrote:
> On Mon, Feb 6, 2023 at 7:40 PM Fernando Gont <fgont at si6networks.com> wrote:
>> On 7/2/23 00:05, William Herrin wrote:
>>> On the one hand, sophisticated attackers already scatter attacks
>>> between source addresses to evade protection software.
>> Whereas in the IPv6 case , you normally have at least a /64 without
>> restriction. You might have a /56 or /48 thanks to your ISP, or simply a
>> /48 thanks to some free tunnelbroker provider...
> That's not what's actually happening. 

Well, this *is* happening. -- trust me :-)

> What's happening is a mix of
> your computer gets one address unless you bother to enable DHCP/PD, or
> your CPE gets an IPv6 block and your computer does SLAAC and/or DHCP
> to assign itself a single IPv6 address. A lot of the probing is coming
> from hijacked computers, so they have the address they have.
> Sophisticated attackers can do more with the address blocks they get
> from their own service providers. But sophisticated attackers could
> spin up VMs with stolen credit cards, hijack BGP and do all manner of
> things with IPv4 and IPv6 too.

You can use a /48 pretty legitimately without stealing any credit cards 
or spinning extra VMs...

Fernando Gont
SI6 Networks
e-mail: fgont at si6networks.com
PGP Fingerprint: F242 FF0E A804 AF81 EB10 2F07 7CA1 321D 663B B494

More information about the NANOG mailing list