Data Exfiltration in IPv6

Blog 0 comments

IPv6 adoption is still nascent and yet there have been many studies that show that Data exfiltration via IPv6 is possible. A whole new range of scenarios is open for hackers to breach IPv6 connections across networks (Data Exfiltration in IPv6).

Did you know?

The data brokering industry stands at more than $200 billion around the world and this number is fast growing.

Worldwide, there are more than 4000 companies that are primarily Data Brokering companies (Data Exfiltration in IPv6).

Data Filteration in IPv6

What is Data Exfiltration?

Data exfiltration is a method where a sensitive company or organization’s data is stolen digitally without prior knowledge and permission. Many times, data exfiltration breaches also are not detected.

A study done shows a few custom exfiltration methods can be used to steal data, along with exfiltration via IPv6 network stack like IPv6teal and IPv6DNSExfil (Data Exfiltration in IPv6).

Ping of Death, patch it now or face hacker attacks

IPv6teal: The receiver and sender (exfiltrate) script is run.
IPv6DNSExfil: The data breach occurs on a higher level of the OSI Model, via DNS AAAA records. Recently, another research study was done by the NATO defense alliance’s Cooperative Cyber Defence Centre of Excellence and Estonia’s Tallinn University of Technology. In this study it was found that using IPv6 transition mechanisms, attackers can stealthily create channels of data exfiltration and remotely control entire networks. The testing proved that attackers can bypass common NIDS (network intrusion detection systems) of IPv6 like Snort, Suricata, Bro, Moloch, etc. The detection of breaches is especially difficult in real-time and when the data is in smaller chunks.

What can be done to stop data exfiltration?

Some changes can be made in order to stop breaches and data exfiltration, like:

  • Fundamental interpretation of the way network traffic works and carried out.
  • Proper configuration, deployment, and monitoring of security solutions according to the network flows.
  • updating/improving the rules and signatures used by IDS to spot anomalies.
  • updating/improving the rules and signatures used by IDS to spot anomalies.
  • updating/improving the rules and signatures used by IDS to spot anomalies.
  • Spot anomalies by updating/improving rules and signatures used by the Intrusion Detection System.
  • Trac Class and Flow Label should not change within the same connection, Within the same connection,
    traffic class and flow label should not change.
  • Check discrepancies in Payload length against Maximum transmission unit.

Different types of IP addresses – Quick Guide

Data exfiltration via IPv6 is an issue that can be addressed with constant monitoring of networks and partnering with a provider of IPv4 and IPv6 like Alpha InfoLab that has put in place multiple encryption layers, especially to monitor real-time traffic (Data Exfiltration in IPv6).

There are companies, however, who are still using IPv4. If you require to purchase, sell, lease or rent IPs IPv4 IPv6, then you need a reputed IPv4 Broker Service Provider, like Alpha InfoLab. Alpha InfoLab has put in place a transparent Exchange IPv4 auction platform where buyers and sellers can bid for IPs from ARIN, RIPE, APNIC, LACNIC, and AFRINIC.

For more information on the best practices to secure IPv4 and IPv6 connections and connect with the network and IP experts at Alpha InfoLab.

Author ipvadblog

Leave a Reply

Your email address will not be published. Required fields are marked *