IPv6 - a new security threat?

18Jan 2011

IPv6 - a new security threat?

by Craig Mayhew on Tue 18th Jan 2011 under General/Techie
IPv6 as covered in a recent article on the adire site will enable us to have millions of unique ip address for every individual on the planet. This creates brilliant opportunities but also one very big problem.

Website account security until no has been failry easy to maintain. For instance, attacking someones twitter account and gaining access could cause you substantial financial gain the owner substantial damage. Websites like twitter will detect obvious brute force attacks where someone attempts to guess an account password and they will block the offending ip address from attempting to login to that twitter account. So let's say if I as an attacker attempt to crack a twitter account by guessing the forgotten password then my attempts will be ignored after my 10th failed login. The twitter account therefore remains secure.

Now let's say there are 500 celebrity twitter accounts I wanted to try and gain access to, and would be delighted if I as the attacked cracked even one of these. If twitter uses the above logic of blocking me from logging in to each accoun after 10 trys then in total I ill get 5000 attempts across all the accounts!

Twitter along with other websites are thankfully much smarter than this. They will instead block my ip address from attempting to login to any account after a certain number of failed login attempts. So they may spot what I'm doing and block me after my 50th login attempt.

With time as a factor - if I'm patient then I might be able to get 50 attempts a day - I'm sure you can see where this is going. If your password isn;t suitably complex, e.g. it's just one word then it will likely be cracked in at most a few years. But let's also assume you have a fairly secure password.

As long as the password isn't simple then this is a great method of security as it doesn't involve locking accounts or really give anyone a hope of breaking ito someones account unless they have used a really dumb password.

However, IPv6 might ruin all that. Imagine instead of the one or two IP addresses, I have millions.

This does depend on how the IPv6 addresses are allocated. One way to prevent this problem is if all my ip adresses start the same e.g. 1111:1111:1111:1111:1111:1111:1111:0001 to 1111:1111:1111:1111:1111:1111:1111:FFFF then twitter could block all addresses beginning with 1111:1111:1111:1111:1111:1111:1111. although it might not have any way of knowing they are all in use by me.

security   IPv6  


© 2005-2024 Craig Mayhew