AN INSECURITY RESEARCHER has revealed that IPv6 can enable 'man in the middle attacks' on Windows PCs.
Alec Waters of the Infosec Institute showed off a
proof of concept attack that targeted Windows 7 systems, but said it could apply in theory to any operating system with IPv6 installed and operational.
The attack physically needs rogue hardware, a router that's connected to the victim's IPv4 network that will act as a sort of network parasite. The router will have two interfaces, with the one facing the victim IPv6-capable and the one facing the Internet IPv4-capable.
The systems at risk will use the newer IPv6 protocol rather than the older IPv4 protocol. This means that in an IPv4 based network, traffic will flow through the rogue router instead of legitimate routers. It is called a Stateless Address Auto Configuration (SLAAC) attack, named after the process it is taking advantage of.
Waters said, "We have successfully awakened the victim's latent desire to use IPv6 in preference to IPv4. We've not needed any passwords, hacks or brute force. All we had to do was nudge the victim in the right direction."
He added, "The most effective defence is simply to disable IPv6 on all capable hosts if there's no business reason to use it."
