(IETF I-D): Implications of IPv6 Addressing on Security Operations (Fwd: New Version Notification for draft-gont-opsec-ipv6-addressing-00.txt)
fgont at si6networks.com
Wed Feb 8 01:21:40 UTC 2023
On 7/2/23 21:20, Daniel Marks via NANOG wrote:
> Anecdotal but I've seen hacked AWS accounts with Cloudformation scripts
> to create and destroy lots of tiny instances to rotate through IPv4
As with everything, the question is always "what's the level of effort
that is required".
If an attacker is given the option to:
1) Hack an AWS account, and then script the creation of through-away VMs
just to be able to change the IP address each time, or,
2) Stay on the same machine, and be able to (even legitimately) use
2**64 addresses without even the need to hack any terraform scripts
They will probably go for #2. And aside of their choices, #1 requires
more skills than #2.
> Being able to rotate through IP addresses is not a new thing,
> I'm sure we all have networks in mind when we think of garbage/malicious
> traffic just over IPv4 alone.
The difference is in the scale at which this is possible with IPv6, and
how high (or low) the bar is to do it.
> There are some strange implementations of IPv6 that end up having a lot
> of dissociated users grouped together in a /64 (i.e. Linode, AT&T
> Wireless, etc)
Therein probably lies some good advice .. i.e., that to the extent that
is possible, folks refrain from sharing the same /64 across
e-mail: fgont at si6networks.com
PGP Fingerprint: F242 FF0E A804 AF81 EB10 2F07 7CA1 321D 663B B494
More information about the NANOG