Pages

Sunday, March 27, 2011

Invisible IPv6 Traffic Poses Serious Network Threat


Experts say that most U.S. organizations have hidden IPv6 traffic running across their networks, and that few network managers are equipped to see, manage or block it. Increasingly, this rogue IPv6 traffic includes attacks such as botnet command and controls.
"If you aren't monitoring your network for IPv6 traffic, the IPv6 pathway can be used as an avenue of attack," says Tim LeMaster, director of systems engineering for Juniper's federal group. "What network managers don't understand is that they can have a user running IPv6 on a host and someone could be sending malicious traffic to that host without them knowing it."
Most U.S. network managers are blind to rogue IPv6 traffic because they don't have IPv6-aware firewalls, intrusion detection systems or network management tools. Also, IPv6 traffic is being tunneled over IPv4 connections and appears to be regular IPv4 packets unless an organization has deployed security mechanisms that can inspect tunneled traffic. (See also: 5 of the biggest IPv6-based threats facing CIOs.)
"At least half of U.S. CIOs have IPv6 on their networks that they don't know about, but the hackers do," says Yanick Pouffary, technology director for the North American IPv6 Task Force and an HP Distinguished Technologist. "You can't ignore IPv6. You need to take the minimum steps to secure your perimeter. You need firewalls that understand IPv4 and IPv6. You need network management tools that understand IPv4 and IPv6."
Saving Rachel (A Donovan Creed Crime Novel)
"Although they're not thinking about IPv6, for most of the Fortune 500, it's in their networks anyways," agrees Dave West, director of systems engineering for Cisco's public sector group. "You may not see IPv6 today as a business driver. But like it or not, you are running IPv6 in your network."
IPv6 is the long-anticipated upgrade to the Internet's main communications protocol, known as IPv4. IPv6 features vastly more address space, built-in security and enhanced support for streaming media and peer-to-peer applications. Available for a decade, IPv6 has been slow to catch on in the United States. Now that unallocated IPv4 addresses are expected to run out in 2011, the pressure is on U.S. carriers and corporations to deploy IPv6 in the next few years.
Kindle Wireless Reading Device, Wi-Fi, Graphite, 6" Display with New E Ink Pearl Technology
IPv6-based threats are not well understood, but they are becoming more prominent. For example, the issue of IPv6-based attacks was raised at a June meeting of the National Security Telecommunications Advisory Committee, a high-level industry group that advises the White House about cybersecurity.

Windows Security Checklist - Part 6: Invisible Internet Browsing or Talk to the Proxy


by Larry Stevenson, aka Prince_Serendip
First published at CastleCops: January 2, 2005
Revised and Updated: June 20, 2010

No one application nor technique can protect you at 100%, but you can still get pretty close to that. When these guidelines are followed by Windows users, it can bring their chances of being infected by malware almost to zero. Now we begin our next installment of the Windows Security Checklist, Part 6: Invisible Internet Browsing or Talk to the Proxy


It is not as complicated as it may first appear, although there can be a lot of information to absorb. The Security Experts, Malware Removal Specialists, Hardware Experts and MVPs at SpywareHammer can help you if you have questions about any of these techniques.

Invisible Internet Browsing

Each computer on the Internet is marked with its own special IP-address. (IP stands for Internet Protocol.) For cable users you probably have one or two static addresses that rarely change. For High Speed-DSL and Dialup users, you may have dynamic ones which change with each logon or fairly often. On high speed-DSL you can usually change your assigned IP address by turning your modem off, waiting 30 seconds and turning it back on, then reconnecting to your ISP's network. Dynamic IP's can be traced using Reverse-DNS where the network or ISP you are on allows for it. Each Reverse-DNS address is unique. Even if your dynamic IP-address changes, the Reverse-DNS address will remain the same.

Your IP-address allows your ISP and other computers to communicate with your PC. To be completely without an IP-address would be the same as a telephone without a dialtone. There would be no communication, and you would be offline. However, there are ways to mask or encrypt your IP-address.

Proxies are simply servers that connect users to a network. Usually it connects to another network (for example, the Internet) from a local network such as a business or even an ISP (Internet Service Provider). It allows many to access a network with one or several addresses. These servers can be very useful, contributing security, speed and privacy to those who wish to truly enjoy the Internet without giving up their identities.

There's basically three kinds of anonymous proxy services of interest to home users. Public Anonymous Proxy Listings which you can use by selecting, then inserting their addresses and port numbers into your web browser. You can find instructions for doing that with most popular browsers here: Using Proxies. Btw, their instuctions for Internet Explorer 6, apply to 7 and 8 as well. That article also explains about transparent, anonymous, distorting, and high anonymity proxies. Note: Try to avoid using proxy toolbar browser addons as many of these include tracking spyware, rather counterproductive to privacy.

By using an anonymous (http) proxy server, you are using their IP instead of your's to access the Internet. An anonymous proxy removes, masks or encrypts your IP on any requests you make when it passes these along to Internet websites. They talk to the proxy, not to you. For these proxies to be truly effective it is important to disable Java, Javascript and third-party cookies in your browser. If this detracts from your enjoyment then leave them on. Be aware though, that by doing so it is riskier. Additional risks also exist for these types of proxy servers, most especially from unencrypted traffic containing logins and passwords. If the anonymous public proxy you're using belongs to a malicious owner, you could be in trouble. You could likely encounter that kind of thing when using random choices from anonymous proxies lists without checking them to see if they're okay. You can look up IP addresses and whois at a site such as What Is My IP. You can find more such sites by searching for whois in your favorite search engine. Btw, Google is never anonymous. I use Scroogle all the time. Donations to Scroogle help us all, so be generous. As a general rule I stay away from anonymous proxies located in Eastern Europe, Russia, anywhere in Asia, Africa and South America.

Tip ...especially for dialup users: Large downloads can be agonizingly slow on dialup. By connecting to a web proxy server you can speed up the download by having the proxy get the files first, and then give them to you at their speed. You may have to test and expirement to find a server that can do that. You can also search for Premium Link Generator Sites. They have features where you can download large files from file sharing sites. You download the file to their server, then you get it from them. Be careful though, as there are some link/sync sites which offer browser addons that are spyware.

For large downloads, I would strongly advise that you get a Download Manager--even if you're on a high speed connection. These types of programs can resume downloads that have stopped without warning or become broken somehow. They can greatly speed up the download by simultaneously splitting the file into smaller segments and downloading them all at once. My favorite one is Free Download Manager.
Another kind of anonymous proxy server is accessed via a web page service. There's no need to program your browser. Simply open the web page and insert the URLs/addresses you wish to visit in their search bar. IPHider is one such service, and it's entirely free.

The third way is by means of a VPN, a Virtual Private Network. A few of these are free, but most are subscription based. Please refer to this article: 8 Free VPN Services.

Warning (Tip)...do not try to join security forum boards using an anonymous proxy. You could be banned. They don't trust members who are not forthcoming.

Besides using anonymous proxy servers on the web, you can use a free program that does even more. Proxomitron is shown below.

Proxomitron has these features:

Stop windows that pop-up, pop-under, or pop-over
Stop those un-closable endless banner chains
Stop pop-up JavaScript message boxes
Remove web-branding and other scripts tacked on by "free" web providers.
Convert most ads and banner pictures into simple text links
Freeze all animated gifs
Make blinking text appear as bold instead
Remove slow web counters
Stop web pages from "auto-refreshing"
Prevent pages from changing fonts
Get rid of or replace web page background images
Protect against getting "trapped" inside someone else's frames!
Make all frames resizable
Close top or bottom frame banner windows
Make background MIDI songs play only when you choose.
Remove status bar scroll-texts
Remove "dynamic" HTML from pages
Disguise your browser's identity and version from JavaScripts
Remove style sheets
Un-hide URLs when the mouse is over a link
Disable frames or tables altogether
Change or delete cookies
Change your browser's user-agent and other identifying fields
Hide where you've been previously from inquisitive web servers
For more information please refer to: The Proxomitron - Universal Web Filter

This article is meant to be a general introduction to the use of anonymous proxies, and not a detailed dissertation on the subject. Thanks for reading.

Best regards and always take care of your security!