[nsp-sec] IPv6 bad actors ??

Aaron Hughes aaron at unitedlayer.com
Tue Mar 13 13:29:17 EDT 2012 

I've seen some SPAM over IPv6, however, I don't believe the spammers actually knew they were using dual stacked mail servers. Just the nature of the protocol being there.

As far as probing, I've seen only minor traffic, however, dark nets do get it.. Perhaps it's time to do some real analytics and a preso at operator forums. 

Cheers,
Aaron

On Tue, Mar 13, 2012 at 03:42:40PM +0000, Buraglio, Nicholas D wrote:
> ----------- nsp-security Confidential --------
> 
> There has been a reported increase in IPv6 spam, although I've not seen any.  There are already bogon lists for IPv6, which doesn't really address your question, but is another good data point and tool at your disposal.  
> Some of the things we've seen are tunnel hosts popping up which could be used to MTIM stuff (but are likely just misconfiguration).  This could be easily solved by implementing RA-Guard, if our equipment supported it (which is one of my loud soapbox items).  We've also seen a pretty good amount of teredo and 6to4 (in conjunction with the tunnel hosts), which isn't necessarily a problem, but it's traffic that is somewhat obfuscated.  We helped this some by building our own gateways internally.  
> 
> The internet2 IPv6 working group mailing list will sometimes have decent/relevant information, although you will have to weed through some chatter. 
> 
> nb
> 
> ---
> Nick Buraglio   
> Senior Network Engineer
> University of Illinois CITES / NCSA / ICCN
> GPG key 0x2E5B44F4
> P: 217.689.4254
> buraglio at illinois.edu
> 
> 
> 
> 
> 
> On Mar 13, 2012, at 10:14 AM, John Brown wrote:
> 
> > ----------- nsp-security Confidential --------
> > 
> > With IPv6 become more prevalent, what sort of IPv6 attack vectors are people seeing??
> > I see lists of IPv4 stuff, but hardly ever see IPv6 address space show up.
> > I've got to believe that bad actors are actively probing v6 networks and devices.
> > 
> > thoughts
> > 
> > 
> > _______________________________________________
> > nsp-security mailing list
> > nsp-security at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/nsp-security
> > 
> > Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> > community. Confidentiality is essential for effective Internet security counter-measures.
> > _______________________________________________
> 
> 
> 
> 
> -- 
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
> 
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> -- 

-- 

Aaron Hughes 
UnitedLayer, LLC
Chief Network Architect
+1-415-349-2128
aaron at unitedlayer.com
http://www.unitedlayer.com/

More information about the nsp-security mailing list