The security of IPv6 networks is extremely important. On this page we feature some of the resources to help you learn more about IPv6 security. The most recent information posted to our site can be found at this link:
Overview
- IPv6 Security Frequently Asked Questions (FAQ)
- IPv6 Security for IPv4 Engineers
- CPNI – Security implications of IPV6
- Article: IPv6 myths: Debunking misconceptions regarding IPv6 security features
- Article: Requirements for secure IPv6 deployments include better IPv6 tester tools
- Article: Address IPv6 security before your time runs out
General
- RFC 4942: IPv6 Transition/Coexistence Security Considerations
- Article: How IPv6 deployment affects the security of IoT devices
- Presentation: BRUCON 2012; Recent Advances in IPv6 Security [slides][video]
- Presentation: Troopers 2015: Recent IPv6 Security Standardization Efforts [video]
Addressing
- Article: IPv6 addressing requires special attention to ensure security
- Article: Understanding security flaws in IPv6 addressing schemes
- Article: IPv6 update: A look at the security and privacy improvements
- Article: How to use an interface identifier to check for IPv6 network updates
- Article: IPv6 addresses: Security recommendations for usage
- Article: IPv6 addresses: Stability concerns and usage advice
- RFC 7721: Security and Privacy Considerations for IPv6 Address Generation Mechanisms
IPv6 Extension Headers
- Article: IPv6 filtering threatens impact of new protocol
- Article: Filtering IPv6 extension headers is sometimes necessary
- Article: IPv6 extension headers and security: Analyzing the risk
- Article: How a single ICMPv6 packet can cause a denial-of-service attack
- Article: Using IPv6 atomic fragments for a denial-of-service attack
Neighbor Discovery
- RFC 3756: IPv6 Neighbor Discovery (ND) Trust Models and Threats
- Article: How to avoid IPv6 neighbor discovery threats
- Article: How to protect your IPv6 address management
- Article: Mitigating IPv6 neighbor discovery attacks
- Article: IPv6 attack attempts and how to mitigate them
- Article: First-hop security in IPv6
- RFC 7113: Implementation Advice for IPv6 Router Advertisement Guard (RA-Guard)
- RFC 7610: DHCPv6-Shield: Protecting against Rogue DHCPv6 Servers
IPv6 Transition/Co-existence Mechanisms
- Article: IPv6 security issues: IPv6 transition mechanisms
- Article: How to avoid security issues with VPN leaks on dual-stack networks
- RFC 4942: IPv6 Transition/Coexistence Security Considerations
- RFC 7123: Security Implications of IPv6 on IPv4 Networks
- RFC 7359: Layer 3 Virtual Private Network (VPN) Tunnel Traffic Leakages in Dual-Stack Hosts/Networks
Firewalls
- Article: IPv6 firewall security: Fixing issues introduced by the new protocol
- RFC 6092: Recommended Simple Security Capabilities in Customer Premises Equipment (CPE) for Providing Residential IPv6 Internet Service
- RFC 4890: Recommendations for Filtering ICMPv6 Messages in Firewalls
- RFC 6204: Basic Requirements for IPv6 Customer Edge Routers
Network Reconnaissance
- RFC 7707: Network Reconnaissance in IPv6 Networks
- Article: Analysis: Vast IPv6 address space actually enables IPv6 attacks
- Article: How to perform IPv6 network reconnaissance
- Article: Network reconnaissance: How to use SI6 Networks’ IPv6 toolkit
- Article: How to use DNS reverse mapping to scan IPv6 addresses
- Article: DNS reverse address mapping: Exploiting the scanning technique
Security Assessment
Operational Considerations
- RIPE-554: Requirements for IPv6 in ICT Equipment
- Internet Draft: Operational Security Considerations for IPv6 Networks
- RFC 7381: Enterprise IPv6 Deployment Guidelines
- How to set up IPv6 BGP peering and filtering in Quagga BGP router
- IPv6 in Enterprise Client Networks
- Podcast: Packet Pushers Healthy Paranoia Podcast: IPv6 Security Smackdown
IPv6 Security Communities
IPv6 Security Tools
IPv6 Security Resources
- Troopers Conference archives: IPv6 Security Summit 2014, IPv6 Security Summit 2015, NGI 2017, NGI 2018
- Enno Rey’s IPv6 Talks and Publications
- Fernando Gont’s articles on IPv6 security