The advent of IPv6 changes not only the network components, but also the security field shifts. We see new types of attacks or at least variations of the attacks we know from IPv4. This article provides an overview of the IPv6 security vulnerabilities that arise with the launch of IPv6.
1. Attacks against the IPv6 protocol
Another vulnerability arises with the routing header 0 (RH0). With its usage, a Denial-of-Service (DoS) attack between two nodes or firewall bypassing strategies can be performed. But since RFC 5095 deprecated the overall usage of RH0 in 2007, these attacks are not explained here one more time. (Please refer to the RFC for further details.)
2. Attacks against ICMPv6
2.3. Neighbor Discovery Spoofing
3. Attacks against DHCPv6
3.1. Address Space Exhaustion
3.2. Rogue DHCPv6 Server
4. Attack Toolkits
- THC-IPv6: The toolkit from Marc Heuse provides many easy to use tools which require almost only the specification of the network interface.
- SI6 Networks' IPv6 Toolkit: This package of tools from Fernando Gont can be used in a more precise manner since it can be fine-tuned with many options. Likewise it is more complicated to use compared to the THC-IPv6 toolkit.
- Scapy: To send completely crafted IPv6 packets, the packet manipulation tool Scapy from Philippe Biondi can be used.
Furthermore, some attacks are possible against the transition methods from IPv4 to IPv6 (not listed here) and of course IPv6 stack implementations in all operating systems will have errors. That means: Not only the generic IPv6 security issues shown in this summary are relevant for security experts, but also application specific vulnerabilities that are new due to the usage of IPv6.