(IETF I-D): Implications of IPv6 Addressing on Security Operations (Fwd: New Version Notification for draft-gont-opsec-ipv6-addressing-00.txt)
Fernando Gont
fgont at si6networks.com
Wed Feb 8 01:21:40 UTC 2023
Hi, Daniel,
On 7/2/23 21:20, Daniel Marks via NANOG wrote:
> Anecdotal but I've seen hacked AWS accounts with Cloudformation scripts
> to create and destroy lots of tiny instances to rotate through IPv4
> addresses.
As with everything, the question is always "what's the level of effort
that is required".
If an attacker is given the option to:
1) Hack an AWS account, and then script the creation of through-away VMs
just to be able to change the IP address each time, or,
2) Stay on the same machine, and be able to (even legitimately) use
2**64 addresses without even the need to hack any terraform scripts
They will probably go for #2. And aside of their choices, #1 requires
more skills than #2.
> Being able to rotate through IP addresses is not a new thing,
> I'm sure we all have networks in mind when we think of garbage/malicious
> traffic just over IPv4 alone.
The difference is in the scale at which this is possible with IPv6, and
how high (or low) the bar is to do it.
> There are some strange implementations of IPv6 that end up having a lot
> of dissociated users grouped together in a /64 (i.e. Linode, AT&T
> Wireless, etc)
Therein probably lies some good advice .. i.e., that to the extent that
is possible, folks refrain from sharing the same /64 across
unrelated/disassociated users.
Thanks,
--
Fernando Gont
SI6 Networks
e-mail: fgont at si6networks.com
PGP Fingerprint: F242 FF0E A804 AF81 EB10 2F07 7CA1 321D 663B B494
More information about the NANOG
mailing list