Alex Lightman, Publisher
We are just two months away from the first ever joint
US IPv6 Summit and Coalition Summit for IPv6. We have
a stellar speaker lineup this year, with many of the
most powerful voices in the IPv6 landscape, including
Major General Dennis C. Moran, Vice Director for Command,
Control, Communications, and Computer Systems (J6),
OJCS; Rep. Robert Goodlatte, Co-Chairman, Congressional
Internet Caucus; and Lt. General James Soligan, Deputy
Commander, NATO Allied Command Transformation. Please
join us March 26th-29th, 2007 at the Hyatt Regency
in Reston, VA, for an eye-opening look into both domestic
and International IPv6 strategies, transition plans,
applications and developing technologies. Early Bird
prices are still in effect -- to register now, go
This issue of 6Sense has a special focus on both
security and consumer electronics trends in IPv6.
In this January, 2007 issue of 6Sense:
- Steve Bellovin and Angelos Keromytis of Columbia
University, and Bill Cheswick, the co-founder of Lumeta,
offer a provocative look at the propagation of worms
in an IPv6 network -- and why we cannot rest on the
laurels of inherent IPv6 security.
- Adam Stein of MU Security provides an insightful
discussion regarding the "attack surfaces" of IPv6
networks and what can be done to reduce major risk
- Chris Harz of IPv6 Summit, Inc. reports on
the latest consumer electronics trends at the CES
2007 show, and what implications they may have for
IPv6 products and services.
Please note that 6Sense welcomes submissions from
anyone who wants to contribute to the creation and
strengthening of the IPv6 industry and international
IPv6 community. We invite you to share your unique
insights with our readers.
We hope that you enjoy this issue, and will join
us in furthering the vision of an expanding IPv6 future
Publisher, 6Sense Newsletter
CEO, Innofone.com, Inc.
"The largest and fastest growing IPv6 pure-play"
Worm Propagation Strategies in
an IPv6 Internet
Steve Bellovin - Professor of Computer Science, Columbia
Bill Cheswick – Co-Founder of Lumeta and private
Angelos Keromytis - Associate professor of Computer
Science at Columbia University
In recent years, the Internet has been plagued by
a number of worms. One popular mechanism that worms
use to detect vulnerable targets is random IP address-space
probing. This is feasible in the current Internet
due to the use of 32-bit addresses, which allow fast-operating
worms to scan the entire address space in a matter
of a few hours. The question has arisen whether or
not their spread will be affected by the deployment
of IPv6. In particular, it has been suggested that
the 128-bit IPv6 address space (relative to the current
32-bit IPv4 address space) will make life harder for
the worm writers: assuming that the total number of
hosts on the Internet does not suddenly increase by
a similar factor, the work factor for finding a target
in an IPv6 Internet will increase by approximately
296, rendering random scanning seemingly
Some worms, such as Melissa, spread by email. These
worms will not be affected by the adoption of IPv6;
though the space of possible email addresses is vast,
these worms typically consult databases such as Microsoft
Outlook's address book.
On the other hand, life will indeed be harder for
address-space scanners, such as Code Red and Slammer.
Clever heuristics can cut the search space dramatically.
More specifically, multi-level searching and spreading
techniques can negate the defender's advantage. However,
the code size required for worms will increase, which
may help prevent Slammer-like attacks. This has created
the impression that an IPv6 Internet would be impervious
to similar kinds of worms.
In the past, there have been two forms of address-space
scans. Some worms use a uniformly distributed random
number generator to select new target addresses. This
strategy is indeed unlikely to succeed in an IPv6
world. Other worms preferentially spread locally,
by biasing the search space toward addresses within
the same network or subnet. This will be a more successful
strategy, though at first glance the 80-bit local
space (nearly twice Avogadro’s number!) would
seem to be a formidable obstacle. We observe that
certain strategies can improve the attacker’s
odds. In particular, by taking advantage of local
knowledge and patterns in address-space assignment,
the attack program can cut the search space considerably.
Security Analysis of IPv6 Networks
Mu Security, Vice President of Marketing
Many manufacturers, government bureaus, Department
of Defense critical assets and infrastructure agencies
are converting proprietary systems to IP-based networks.
This transition from homogenous IPv4 networks or SCADA
networks to mixed IPv4 and IPv6 networks exposes much
larger possible attack surfaces. The attack surface
becomes more complex with diverse IT Systems, SCADA
Control Systems, weapon platforms, or combat systems.
Additionally, previous software bugs once isolated
in proprietary networks expand to become exploitable
vulnerabilities once exposed to an open IP network.
This problem requires a methodical and repeatable
analysis, including a Security Analyzer system to
document and isolate vulnerabilities before they are
As a new protocol stack, IPv6 leverages vulnerabilities
similar to those in IPv4 as well as others unique
to IPv6. Being first to market with a security analysis
system capable of evaluating IPv4 and/or IPv6 is a
significant advantage for any vulnerability assessment,
penetration testing and fuzzing products. As IPv6
becomes a requirement for government infrastructure
in 2008 and a core part of Microsoft's Vista operating
system, the market opportunities for Security Analyzers
grows exponentially. Security Analyzers offer three
immediate benefits to IPv6 systems and applications:
- Problem: Structural issues with many type-length-value
extension headers may be exploitable in IPv6.
- Using Security Analyzers: Rapid identification
and detailed auditing of IPv6 weaknesses prior to
- Problem: Fragmentation support in IPv6 opens up
potential attack vectors.
- Using Security Analyzers: Identification of both
IPv4 and IPv6 fragment attacks.
- Problem: IPv6 addresses contain many more semantics
and a wider range of accepted variations than those
- Using Security Analyzers: Automates parsing structurally
valid addressing in proper context through either
multicast or unicast transport.
CES 2007: Geeks, Gadgets and IPv6
VP of Strategic Planning, IPv6 Summit, Inc.
The Consumer Electronics Show (CES) is the largest
trade show in America, with over 150,000 visitors
and 65 miles of aisles zigzagging around the equivalent
of 35 football fields of floor space at the Las Vegas
Convention Center, the Sands Convention Center, and
various other venues around Las Vegas, Nevada. It
is the annual trek to Mecca for anyone interested
in consumer electronics, including television sets,
car and home stereo systems, cell phones, cameras
(both still and video), MP3 players and accessories,
and the like.
Besides being a concentrator of what are sometimes
called "boy toys," the CES is also an important part of the story of the
future of IPv6, of the consumer demands for products
and services that will be dramatically better, cheaper
or more secure when enabled with IPv6, and which will
eventually lead to ubiquitous v6 availability –
and profitable ledger numbers for hundreds of existing
and startup companies that cater to that demand. Our
IPv6 community has mostly discussed the "push"
aspect of v6 – what infrastructure IT executives
need to provide, and what the technical characteristics
of that infrastructure should be – and paid
relatively little attention to the "pull"
for IPv6 – what popular applications and consumer
trends are evolving that could transmogrify the developmental
status of v6 from "nice to have" to "must
have" – for a mass-consumer audience.
v6 Transition Offers IPv6 Support
v6 Transition, a subsidiary of Innofone.com, Inc.
offers a wide range of IPv6 support services for your
organization. Our team of companies can help you with
your IPv6 plans, whether they involve transitioning
your network to a v6 configuration or developing and
financing products or services for the upcoming market
boom precipitated by the New Internet.