摘要:ABSTRACT
The current version of the Internet, IPv4 was depleted of addresses on February 3, 2011.1
The shortage of addresses has led to the introduction of IPv6 which has 128-bit (16-byte) source
and destination IP addresses. Many organizations do not see a reason to convert to IPv6, and
believe they are not running IPv6.2 Whether an organization knows it or not, any laptop/PC
running Vista or Windows 7 is a vulnerability from which attacks can come that will be invisible
to IPv4 networks.
Since the Internet today uses IPv4 for 99% of the traffic3, it will be a slow migration to
IPv6. Three transition strategies are being employed: header translation, dual stack and
tunneling of IPv6 inside IPv4.4 Tunneling is the most precarious method for today’s IPv4
networks. The IPv6 packet is included inside the message field of an IPv4 packet. The contents
of the IPv6 packet will not be noticed by an IPv4 firewall or intrusion detection system. Hidden
IPv6 traffic running across an organization’s network can wreak havoc, allow malware to enter
the network, and be the basis for a denial of service attack.5 The only defense against such
attacks is deep packet inspection (DPI).
The widespread use of DPI is inevitable. The first serious security breach caused by
tunneled IPv6 inside an IPv4 packet is certain to come in the near future. This event will be a
stimulus to organizations to defend against such attacks.
关键词:Keywords: IPv4, IPv6, deep packet inspection, cyber terrorism, security
