[AfrIPv6-Discuss] "Measuring IPv6 resilience and security"

Willy Manga mangawilly at gmail.com
Mon May 4 10:24:56 UTC 2020

Worth reading


I quote a section of their conclusion:

"While we did not observe any attacks specific to the new protocol
itself, we found misconfigured systems to be a common problem. In the
DNS for example,incorrect AAAA records render thousands of services that
are perfectly reachableover IPv4, unreachable over IPv6. Another
example are firewalls, that are often incorrectly configured to handle
traffic containing Extension Headers, resulting in the possibility to
bypass that firewall. This means SSH daemons, used to remotely
configure hosts and devices behind that firewall, are suddenly
reachable,thus imposing a security risk."

Willy Manga

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.afrinic.net/pipermail/afripv6-discuss/attachments/20200504/8cd664a5/attachment.sig>

More information about the AfrIPv6-Discuss mailing list