Hackers may try to disrupt World IPv6 Day

World IPv6 Day is prompting worries that hackers will exploit weaknesses in the new internet protocol to launch attacks

Hundreds of popular websites -- including Google, Facebook, Yahoo and Bing -- are participating in a 24-hour trial of a new Internet standard called IPv6 on June 8, prompting worries that hackers will exploit weaknesses in this emerging technology to launch attacks.

BACKGROUND: Large-scale IPv6 trial set for June 8

Dubbed World IPv6 Day, the IPv6 trial runs from 8 p.m. EST on Tuesday until 7:59 p.m. EST on Wednesday.

Security experts are concerned that the 400-plus corporate, government and university websites that are participating in World IPv6 Day could be hit with distributed denial of service (DDoS) or other hacking attacks during the 24-hour trial.

"In the last five months, there has been a huge increase in DDoS attacks," says Ron Meyran, director of product marketing and security at Radware, a network device company that is not participating in World IPv6 Day. "IPv6 is going to be even easier for attackers ... because IPv6 traffic will go through your deep packet inspection systems uninspected."

Meyran says another concern is that IPv6 packet headers are four times larger than IPv4 headers. This means routers, firewalls and other network devices must process more data, which makes it easier to overwhelm them in a DDoS attack.

"With a DDoS attack, you need to reach 100 per cent utilization of the networking and security devices to saturate the services," Meyran says. The longer headers in IPv6 "must be processed completely to make routing decisions."

"I wonder if there's going to be any sort of DDoS type of things going on ... or hackers probing servers that are dual-stack enabled [running IPv6 and IPv4 at the same time],'' says Jean McManus, executive director of Verizon's Corporate Technology Organization, which is participating in World IPv6 Day. "Content providers need to be careful and watch to make sure that everything is appropriately locked down."

Many security threats related to IPv6 stem from the fact that the technology is new, so it hasn't been as well-tested or de-bugged as IPv4. Also, fewer network managers have experience with IPv6 so they aren't as familiar with writing IPv6-related rules for their firewalls or other security devices.

"We know from security breaches that the security rules that allow you to see the network and applications better ... is where there is a lack of training and expertise with IPv6," Meyran says. "The new software is much more complex ... and there are much less programmers familiar with it."

BY THE NUMBERS: 8 security considerations for IPv6 deployment

World IPv6 Day participants say the event was advertized to everybody in the Internet engineering community, including hackers, and they are beefing up the security measures on their sites accordingly.

"This is a well-publicized event," says John Brzozowski, distinguished engineer and chief architect for IPv6 at Comcast, which is participating in World IPv6 Day both as a provider of IPv6-based cable modem services and as an operator of seven IPv6-enabled websites. "Anything can happen. IPv6 is no different than any other new technology. The potential [for attacks] is there. Protecting the network is key to us."

Brzozowski says Comcast will be monitoring its network for signs of attack throughout the trial. "We're taking the necessary steps so that the Comcast infrastructure is protected," he adds.

Juniper says that if its website comes under DDoS or other attack on World IPv6 Day, it will simply switch back to IPv4. "We can revert back to IPv4 in about five minutes," says Alain Durand, director of software engineering at Juniper, which is using its own translator-in-a-cloud service to IPv6 enable its main website for the day.

Akamai, a content delivery network with 30 customers that are participating in World IPv6 Day, says it isn't too concerned about hacking or DDoS attacks during the IPv6 trial.

"All of our command and control systems are going to stay on IPv4," says Andy Champagne, vice president of engineering with Akamai, which is developing a commercial IPv6 service. "Absent some underlying exposure in the protocol that we don't know about ... we think we're OK. We've got enough IPv6 capacity ... I don't expect any trouble.''

Radware's Meyran says hackers may be so clever that they won't attack websites on World IPv6 Day but will instead wait until these sites turn IPv6 on permanently. "The hackers will be very happy to see this day go successfully and that sites are starting to deploy IPv6 because it opens up new areas of attack," he predicts.

That's why Meyran recommends network administrators who participate in World IPv6 Day follow up with an event focused on IPv6 security testing. "The next stage will be to ... run attack tools that simulate IPv6 attacks to make sure your firewalls are really seeing the network and that your intrusion protection systems can really do the deep packet inspection of IPv6 traffic," he says.

World IPv6 Day is a large-scale experiment sponsored by the Internet Society that is designed to discover problems with IPv6 before the new protocol is widely deployed.

DETAILS: What if IPv6 simply fails to catch on?

The Internet needs IPv6 because it is running out of addresses using IPv4. The free pool of unassigned IPv4 addresses expired in February, and in April the Asia Pacific region ran out of all but a few IPv4 addresses being held in reserve for startups. The American Registry for Internet Numbers (ARIN), which doles out IP addresses to network operators in North America, says it will deplete its supply of IPv4 addresses this fall.

IPv4 uses 32-bit addresses and can support 4.3 billion devices connected directly to the Internet, but IPv6 uses 128-bit addresses and can connect up a virtually unlimited number of devices: 2 to the 128th power. IPv6 offers the promise of faster, less-costly Internet services than the alternative, which is to extend the life of IPv4 using network address translation (NAT) devices.

One major stumbling block for IPv6 deployment is that it's not backward compatible with IPv4. That means website operators have to upgrade their network equipment and software to support IPv6 traffic.

Read more about lan and wan in Network World's LAN & WAN section.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags securityGoogleFacebookipv6YahoointrusionradwareLAN & WAN

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Carolyn Duffy Marsan

Network World
Show Comments

Cool Tech

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Breitling Superocean Heritage Chronographe 44

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?