Question

You are asked to check your company’s configurations to determine if any filters should be built to stop certain ICMPv6 traffic. Your supervisor asks for a list of ICMPv6 traffic or issues that are of concern and the reasons why such concerns could be a problem. Build a list for your supervisor. Include packet types or specific circumstances in which ICMPv6 traffic could compromise network security.

Answer 1

ICMPv6 is used by IPv6 nodes to report errors encountered in processing packets, and to perform other internet-layer functions, such as diagnostics.  An Internet Control Message Protocol (ICMP) flood attack, also known as a Ping flood attack, is a common Denial-of-Service (DoS) attack in which an attacker attempts to overwhelm a targeted device with ICMP echo-requests.

Explanation:

Issues that are of concern which could be a problem include :

Denial-of-Service Attacks  

• ICMPv6 can be used to cause a denial of service (DoS) in a number of  ways, including simply sending excessive numbers of ICMPv6 packets to destinations in the site and sending error messages that disrupt  established communications by causing sessions to be dropped.

Probing

• A major security consideration is preventing attackers from probing  the site to determine the topology and identify hosts that might be vulnerable to attack.  Carefully crafted but, often, malformed  messages can be used to provoke ICMPv6 responses from hosts thereby  informing attackers of potential targets for future attacks.  However, the very large address space of IPv6 makes probing a less effective weapon as compared with IPv4 . Redirection Attacks

Redirection Attacks

• A redirection attack could be used by a malicious sender to perform  man-in-the-middle attacks or divert packets either to a malicious  monitor or to cause DoS by blackholing the packets.  These attacks would normally have to be carried out locally on a link using the Redirect message.  Administrators need to decide if the improvement  in efficiency from using Redirect messages is worth the risk of  malicious use.  Factors to consider include the physical security of   the link and the complexity of addressing on the link

Renumbering Attacks

• Spurious Renumbering messages can lead to the disruption of a site.  Although Renumbering messages are required to be authenticated with  IPsec, so that it is difficult to carry out such attacks in practice,  they should not be allowed through a site boundary firewall.  On the  other hand, a site may employ multiple "layers" of firewalls.

Problems Resulting from ICMPv6 Transparency

• Because some ICMPv6 error packets need to be passed through a  firewall in both directions, malicious users can potentially use  these messages to communicate between inside and outside, bypassing  administrative inspection.

Packet types or specific circumstances in which ICMPv6 traffic could compromise network security :

Ping sweep — A type of attack that uses ICMP echo request messages to enumerate live hosts on a network.

Ping flood — Utilized to launch a denial of service attack (DoS), where the attacker sends ICMP requests in a rapid succession without waiting for the targeted system to respond.

ICMP tunneling — A method used to establish a covert communication channel between remote systems, most times between a client and a proxy. All communications are sent via ICMP requests and replies

Forged ICMP redirects —  The attacker would send a ICMP redirect message, which informs a host of a direct path to a destination, to the victim that contains the IP addresses of the attacker’s system. This allows an attacker to compromise network traffic via a man-in-the-middle attack or cause a DoS.