out of a common white paper NATO cooperative Cyber Defence Centre of Excllence and emerges the Tallinn University of technology, can be pulled out in conventional, IPv4-based networks data over IPv6 on monitoring tools over a network. The method was named by researchers “Hedgehog in the Fog”.
thus was an attacker able to create a hidden channel through which data from a network can be dissipated. Also systems to can can also over IPv6 transition mechanisms remote control. The researchers with a tunneled IPv6 transition tool show in a proof of concept in an IPv4 or an IPv4/IPv6 dual-stack that they pass can funnel traffic on open source and signature-based network intrusion detection systems (NIDS). Snort, Surcata, Bro, and Moloch were tested.
anonymously tested and commercial tools, they were however is not final in the research included. In many tools, yet no support for IPv6 is implemented, because the users that do not ask, also many tools are not designed for the analysis of 128-bit IPv6 addresses, according to the white paper. Furthermore, many manufacturers use also open source tools as the basis for their products. You can also work around, because such tools often for performance reasons real-time detection and traffic decapsulation and disables payload decoding and for smaller companies usually too expensive, which is why they were not final evaluated tools.
with the current state of the art it is very difficult to defend themselves against such attacks, because they are difficult to discover in real time. Especially then, when in networks with high data volumes, split the data into smaller pieces and distributed to different points and with different protocols in the network. Only with significant performance degradation, it is possible to detect such attacks, because in different streams, the detection information would have to be correlated with common tools. With Verhaltensbasierten tools could you recognize this but would get a high number of false alarms. DISPLAY
has become the networking of vehicles over the last 20 years to a medium for general safety messages and traffic management. But nowadays cars are equipped with new sensors to achieve even better networked and safer driving.
the number of attacks on the basis of IPv6 will increase the predictions of researchers according to in the future. Especially the provider aware therefore of the problem. Also the interpretation would have to be changed given this possibility of network traffic, better understanding of such attacks. Users, however, must inform how you properly configure security solutions and install to better verify suspicious operations on the network.
with IPv6 tries to remove restrictions which are about resulted in the address space of IPv4 small become . However, IPv6 is not a continuation of IPv4, but basically a completely new protocol that carries not only new opportunities, but also new as above described risks taken.
“the tools that we have developed together, were made public and so can test the results against their own information systems and verify the security community,” commented Bernard of Blumbergs, author of the results and safety researcher at the NATO cooperative Cyber Defence Centre of excellence.
[withmaterialfromMartinSchindler silicon.de ]