Internet Protocol, version 6 (IPv6) was designed to alleviate the address space limitations of IPv4 and provide additional security and routing capabilities. The protocol itself, however, can be misused to deliver malware in a way that eludes detection by firewalls or intrusion detection systems (IDS) not configured to recognize IPv6 traffic. This problem can be amplified in cases where malware is used to reconfigure vulnerable hosts to allow IPv6 traffic.
Misuse of IPv6 to deliver malware relies on several factors, including incomplete or inconsistent support for IPv6; the IPv6 auto-configuration capability; malware designed to enable IPv6 support on susceptible hosts; and malicious application of traffic “tunneling," a method of internet data transmission in which the public internet is used to relay private network data.
This paper describes malware tunneling, outlines methods for managing attacks, identifies additional IPv6 security risks, and helps users understand more about minimizing associated risks.