To infinity and beyond… almost

Developers have released a tool that allows security researchers to map out and explore the cyberspace environment established by IPv6, the next-gen internet protocol.

The ipv666 tool suite, developed by researchers lavalamp and Marc Newlin, identifies live IPv6 addresses in both the global IPv6 address space and targeted IPv6 networks.

The scanner features a cyclical loop to predict addresses, scan them, identify aliased networks, clean scan results, and update its statistical model.

The utility, released as open source software to accompany a presentation on Tuesday at Hack in the Box, Dubai, remains a work in progress.

The statistical model it is built on needs to be refined, as the researchers readily acknowledge in a blog post accompanying the release.

IPv6 was developed by the Internet Engineering Task Force (IETF) to deal with the long-anticipated problem of IPv4 address exhaustion. Smartphones and the growing number of IoT devices mean sticking with IPv4 is simply not viable.

IPv6 will replace IPv4 sooner or later, even though the technology changes security boundaries.

Network Address Translation – where a network of PCs or other client sit behind a firewall and present the same IP address to the world – is no longer supported with IPv6.

Moving on from DHCP provision of IPv4 to “self-service” set-ups associated with IPv6 further complicate matters, as the researchers explain.

“Devices can start talking over IPv6 without a network administrator having to provision specific services to support the IPv6 address allocation,” the researchers said.

IPv4 uses a 32-bit address giving 4.3 billion addresses. IPv6 uses a 128-bit address, theoretically allowing 3.3 x 1038 addresses – a vast increase.

Service delivery and optimization are more straightforward to optimise with IPv6 than IPv4, simplifying the load on routers.

The researchers list the features of IPv6 that mean security assumptions derived under IPv4 are no longer valid:

  • IPv6 works out of the box without any configuration
  • There’s no such thing as private address space (for the most part)
  • Everything is routable
  • Existing firewall rules are inapplicable
  • Existing service configurations might bind sensitive services to unintended IP addresses
  • More difficult to prevent ping scans
  • Single packets can be relayed to many hosts [through multicasting]

Even its developers have yet to really try out ipv666, but reaction to the release from the wider security research community has nonetheless been enthusiastic.

“Some great insight into exploring the IPV6 space,” an Australian hacker enthused on Twitter. “Subdomain enumeration and passive DNS data is only going to become more valuable as IPV6 adoption increases.”