技术控

    今日:119| 主题:49431
收藏本版 (1)
最新软件应用技术尽在掌握

[其他] IPv6 servers beat IPv4 in security -- for now

[复制链接]
久居深海蓝透人心 发表于 2016-10-4 09:24:35
151 1

立即注册CoLaBug.com会员,免费获得投稿人的专业资料,享用更多功能,玩转个人品牌!

您需要 登录 才可以下载或查看,没有帐号?立即注册

x

IPv6 servers beat IPv4 in security -- for now-1 (conducted,security,password,recently,surprise)

  Security company Sucuri CTO Daniel Cid recently conducted a  small experiment : How long would it take for attackers brute-forcing SSH accounts to compromise IPv4 and IPv6 servers? While the IPv4 servers fell within minutes -- no surprise there -- none of the IPv6 servers got hit. Not a single one.
As part of the experiment, Cid configured five IPv4 servers and five IPv6 servers with open SSH ports across two cloud hosting providers, Digital Ocean and Linode. Attackers typically run through a list of common passwords to find the user account using that string, so all the test servers had "password" as the root password.
It didn't take long for the first server to be compromised -- just 12 minutes, in fact. It took the attacker only 20 seconds to brute-force the SSH password. The first server to fall was one of the IPv4 ones, and the remaining four followed suit within minutes of the first. The IPv6 servers, on the other hand, remained intact. After one week, none of them had been scanned, probed, or attacked, much less compromised.
The IPv6 servers didn't benefit from some built-in security feature or from any inherent security superiority over the older protocol. The attackers just didn't find them.
Years after the last IPv4 address blocks were allocated to regional Internet registries and the world proclaimed there were no more IPv4 addresses left, IPv6 servers are few and remain relatively obscure. Some criminals may be targeting IPv6 servers, but they are still small in number compared to the attack volume against IPv4 systems.
It also helps that the larger address space (2^128 potential addresses to IPv4's 2^32) makes it harder to scan and find potential IPv6 targets. In contrast, it's easy to find scan lists of IPv4 addresses with IP ranges of several well-known hosting providers, through various online sources. These lists provide attackers with a starting point in finding IPv4 servers.
"What we can draw from this is that the obscurity of IPv6 helps to minimize the noise of attacks," Cid said.
  As an aside, the attackers who compromised the IPv4 servers didn't waste any time. As soon as they were in, they downloaded three distributed denial-of-service attack scripts -- dos.py, down.pl and viteza.py -- from three Romanian sites and modified init files to load the Linux DDoS toolkit Linux/Xor.DDoS during boot. To make sure they didn't lose control over the machine, the attackers also installed backdoors and set up an hourly cron job to re-enable the malware if it gets removed.
While all five IPv4 servers were injected with the same malware, only one appeared to have been used in an active campaign. Digital Ocean detected one of the servers participating in a massive 800+ Mbps SYN packet flood against three customers on a Chinese IP address before it disabled networking on the problematic droplet.
"We didn't expect attackers to use it so quickly after the initial compromise," Cid wrote, noting they needed to be more careful with these experiments. Networking should have been disabled as soon as the machines were compromised.
Bottom line, administrators shouldn't underestimate how quickly attackers move. It may be tempting to save time by setting up servers with a weak or default password and plan to change it to a secure password later. But it isn't worth the potential time savings when they can lose control of the box within a 15-minute span. Attackers are clearly still using SSH brute-force attacks, so servers need strong credentials from the start.
Using IPv6 servers keeps the attackers at bay for now, but that doesn't excuse bad habits. Servers should already have strong credentials and configure all the security mechanisms before they are connected online. There is no time for later.
友荐云推荐




上一篇:ROS: An Open Source Robotics Platform on Linux
下一篇:GearLoadingProject
酷辣虫提示酷辣虫禁止发表任何与中华人民共和国法律有抵触的内容!所有内容由用户发布,并不代表酷辣虫的观点,酷辣虫无法对用户发布内容真实性提供任何的保证,请自行验证并承担风险与后果。如您有版权、违规等问题,请通过"联系我们"或"违规举报"告知我们处理。

刘智 发表于 2016-10-4 11:01:17
看帖要回,回帖才健康,在踩踩,楼主辛苦了!
回复 支持 反对

使用道具 举报

*滑动验证:
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

我要投稿

推荐阅读

扫码访问 @iTTTTT瑞翔 的微博
回页顶回复上一篇下一篇回列表手机版
手机版/CoLaBug.com ( 粤ICP备05003221号 | 文网文[2010]257号 )|网站地图 酷辣虫

© 2001-2016 Comsenz Inc. Design: Dean. DiscuzFans.

返回顶部 返回列表