Enumerating Active IPv6 Hosts for Large-Scale Security Scans via DNSSEC-Signed Reverse Zones
| Title | Enumerating Active IPv6 Hosts for Large-Scale Security Scans via DNSSEC-Signed Reverse Zones |
| Publication Type | Conference Paper |
| Year of Publication | 2018 |
| Authors | Borgolte, Kevin, Hao, Shuang, Fiebig, Tobias, Vigna, Giovanni |
| Conference Name | 2018 IEEE Symposium on Security and Privacy (SP) |
| Publisher | IEEE |
| ISBN Number | 978-1-5386-4353-2 |
| Keywords | computer network security, DNS, DNSsec, DNSSEC-signed IPv6 reverse zones, integrated circuits, Internet, Internet of Things, Internet of Things devices, Internet-connected devices, internet-wide scans, IP networks, IPv4 hosts, IPv6, IPv6 address space, IPv6 hosts, large-scale security scans, Licenses, Network reconnaissance, network scanning, principal component analysis, privacy, pubcrawl, resilience, Resiliency, Revere DNS (rDNS), RNA, Scalability, security, Security by Default, sensitive data exposure, unintended IPv6 connectivity, ZMap |
| Abstract | Security research has made extensive use of exhaustive Internet-wide scans over the recent years, as they can provide significant insights into the overall state of security of the Internet, and ZMap made scanning the entire IPv4 address space practical. However, the IPv4 address space is exhausted, and a switch to IPv6, the only accepted long-term solution, is inevitable. In turn, to better understand the security of devices connected to the Internet, including in particular Internet of Things devices, it is imperative to include IPv6 addresses in security evaluations and scans. Unfortunately, it is practically infeasible to iterate through the entire IPv6 address space, as it is 2^96 times larger than the IPv4 address space. Therefore, enumeration of active hosts prior to scanning is necessary. Without it, we will be unable to investigate the overall security of Internet-connected devices in the future. In this paper, we introduce a novel technique to enumerate an active part of the IPv6 address space by walking DNSSEC-signed IPv6 reverse zones. Subsequently, by scanning the enumerated addresses, we uncover significant security problems: the exposure of sensitive data, and incorrectly controlled access to hosts, such as access to routing infrastructure via administrative interfaces, all of which were accessible via IPv6. Furthermore, from our analysis of the differences between accessing dual-stack hosts via IPv6 and IPv4, we hypothesize that the root cause is that machines automatically and by default take on globally routable IPv6 addresses. This is a practice that the affected system administrators appear unaware of, as the respective services are almost always properly protected from unauthorized access via IPv4. Our findings indicate (i) that enumerating active IPv6 hosts is practical without a preferential network position contrary to common belief, (ii) that the security of active IPv6 hosts is currently still lagging behind the security state of IPv4 hosts, and (iii) that unintended IPv6 connectivity is a major security issue for unaware system administrators. |
| URL | https://ieeexplore.ieee.org/document/8418637 |
| DOI | 10.1109/SP.2018.00027 |
| Citation Key | borgolte_enumerating_2018 |
- Licenses
- ZMap
- unintended IPv6 connectivity
- sensitive data exposure
- Security by Default
- security
- Scalability
- RNA
- Revere DNS (rDNS)
- Resiliency
- resilience
- pubcrawl
- privacy
- principal component analysis
- network scanning
- Network reconnaissance
- computer network security
- large-scale security scans
- IPv6 hosts
- IPv6 address space
- IPv6
- IPv4 hosts
- IP networks
- internet-wide scans
- Internet-connected devices
- Internet of Things devices
- Internet of Things
- internet
- integrated circuits
- DNSSEC-signed IPv6 reverse zones
- DNSsec
- DNS