IPv4 Server Hacked in 12 Minutes While IPv6 Server Remained Untouched

Exterminator

Level 85
Thread author
Verified
Top Poster
Well-known
Oct 23, 2012
12,527
A small experiment carried out by Sucuri's CTO, Daniel Cid, shows the security advantages IPv6 has over IPv4, but also the dangers of using factory default or common user-password combinations to secure online servers.

Cid carried out his experiment at the start of the month when he set up ten servers and left their SSH ports open to external connections. He ran five servers on IPv4-only addresses, while the other five ran only on IPv6 addresses.

Both servers had their root password set to "password," a big no-no on live production environments.

Party at IPv4's house, while crickets sing at IPv6
According to Cid, the first IPv4 server fell after only 12 minutes, with the other four servers getting hacked after a few more minutes. It took the hacker 20 seconds to brute-force the SSH root account.

On the other hand, Cid says that after a week, nobody even bothered to scan any of the IPv6 servers, at least once, let alone hack them.

"What we can draw from this is that the obscurity of IPv6 helps to minimize the noise of attacks," Cid says. "Most likely, this is because it is more difficult to map the range of IPv6 addresses (2^128) than it is with the range of IPv4 addresses (2^32)."

Additionally, there are so-called scan lists of IPv4 addresses available online, which include the IP ranges of several well-known hosting providers, which also aid attackers in hacking IPv4 servers.

Hacked servers used for DDoS attacks
But things didn't end there. Before Cid had any time to disable and scrap the compromised IPv4 servers, the attacker had already downloaded the Linux/XOR.DDoS malware and was busy launching attacks against a Chinese website.

Digital Ocean detected the massive 800+ Mbps SYN packet flood originating from the five hacked servers, and intervened to shut down the servers.

The conclusion is that you can't set up online servers and defer changing to root password for another time. In the span of 15 minutes, you can very easily lose control over the server and have to start over again. Servers put online need to have all security mechanisms up and running at the time they're connected online.
 

NekoHr

Level 3
Verified
Well-known
Feb 5, 2016
139
So at the moment it's security through obscurity and low hanging fruit, no one bothers to look what's there in IPv6 when there is enough targets on IPv4.
 
  • Like
Reactions: DardiM

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top