PAM 2021: Plight at the End of the Tunnel: Legacy IPv6 Transition Mechanisms in the Wild
PAM 2021 Session 8: Network Security
Plight at the End of the Tunnel: Legacy IPv6 Transition Mechanisms in the Wild
John Kristoff, Mohammad Ghasemisharif, Chris Kanich, and Jason Polakis (UIC)
Abstract: IPv6 automatic transition mechanisms such as 6to4 and ISA- TAP endure on a surprising number of Internet hosts. These mechanisms lie in hibernation awaiting someone or something to rouse them awake. In this paper we measure the prevalence and persistence of legacy IPv6 automatic transition mechanisms, together with an evaluation of the potential threat they pose. We begin with a series of DNS-based experi- ments and analyses including the registration of available domain names, and demonstrate how attackers can conduct man-in-the-middle attacks against all IPv6 traffic for a significant number of end systems. To vali- date another form of traffic hijacking, we then announce a control set of special-purpose IPv6 prefixes, that cannot be protected by the RPKI, to see these routes go undetected, accepted, and installed in the BGP ta- bles of over 30 other upstream networks. Finally, we survey the Internet IPv4 address space to discover over 1.5 million addresses are open IPv6 tunnel relays in the wild that can be abused to facilitate a variety of un- wanted activity such as IPv6 address spoofing attacks. We demonstrate how many attacks can be conducted remotely, anonymously, and without warning by adversaries. Behind the scenes our responsible disclosure has spearheaded network vendor software updates, ISP remediation efforts, and the deployment of new security threat monitoring services.
ipv4
