18 July 2008

The Ghost in Your Machine: IPv6 Gateway to Hackers

Today I'm at HOPE (Hackers on Planet Earth, a computer security conference) with my friend Joe Klein. He just gave a talk on IPv6 security, forcing me to make sure I setup my ip6tables to DROP all before showing up here. His talk went well, and on top of that talk, an article for which he was interviewed was published in Wired. The article is The Ghost in Your Machine: IPv6 Gateway to Hackers, and I highly suggest you check it out. Make sure you know how to secure yourself! And, please go Digg It.


Anonymous said...

Sigh, another "IPv6 is SCARY" post. At this rate it'll never get adopted :)

The best option is not to drop all incoming IPv6 packets, but to configure it properly, like you (hopefully) configured your IPv4 services.

IMHO this proves that iptables-level firewalls shouldn't be your only line of defense: always configure your daemons to properly accept/reject connections from trusted/untrusted hosts.

Ruairidh said...

Aha! Excellent news that this has been found as it may mean vendors will start thinking about security regarding this technology rather than waffling on about how awesome it is.

Still, it's pretty damn awesome...

Have a good time at HOPE!

jdetwlr said...

Thanks for the great tip, I bookmarked the website to find if the computer I'm on has an IPv6 address. BTW, why do you use such a darkened photo of yourself on your blog? I'm curious why you wouldn't use a clearer picture of yourself? Surely you have access to a digital camera. Anyway, keep up the great posts. :-)

Mackenzie said...

I have no services running. I drop all incoming on IPv4, so I did the same on IPv6. My outbound is drop all with a few exceptions for both IPv4 and IPv6. But yes, the point is that you need to configure your IPv6 firewall the same way you configure your IPv4 firewall so that you maintain the same level of service (always important in CSIA) without adding risk.

That was taken using my webcam and Cheese. I do have a digital camera, but it's hard to take a photo of oneself! Even with the timer, you have to try to line it up where you expect to stand, then run around to that spot, hope you're lined up, and get into a flattering position....in under 10 seconds. Oh, and then not blink.