IPv4 Server Hacked in 12 Minutes While IPv6 Server Remained Secured

  • 1K
  •  
  •  
  •  
  •  
  •  
  •  
  •  
    1K
    Shares

Recently Sucuri’s CTO, Daniel Cid, carried out a small experiment which shows the security advantages of IPv6 over IPv4, and also the dangers of using factory default or even common user-password combinations to secure their online servers.

Cid carried out his experiment at the start of the month when he set up ten servers and left their SSH ports open to external connections. He ran five servers on IPv4-only addresses, while the other five ran only on IPv6 addresses.

Both servers had their root password set to “password,” a big no-no on live production environments.

According to Cid, the first IPv4 server fell after only 12 minutes, with the other four servers getting hacked after a few more minutes. It took the hacker 20 seconds to brute-force the SSH root account.

On the other hand, Cid says that after a week, nobody even bothered to scan any of the IPv6 servers, at least once, let alone hack them.

“What we can draw from this is that the obscurity of IPv6 helps to minimize the noise of attacks,” Cid says. “Most likely, this is because it is more difficult to map the range of IPv6 addresses (2^128) than it is with the range of IPv4 addresses (2^32).”

Additionally, there are so-called scan lists of IPv4 addresses available online, which include the IP ranges of several well-known hosting providers, which also aid attackers in hacking IPv4 servers.

But things didn’t end there. Before Cid had any time to disable and scrap the compromised IPv4 servers, the attacker had already downloaded the Linux/XOR.DDoS malware and was busy launching attacks against a Chinese website.

Digital Ocean detected the massive 800+ Mbps SYN packet flood originating from the five hacked servers, and intervened to shut down the servers.

The conclusion is that you can’t set up online servers and defer changing to root password for another time. In the span of 15 minutes, you can very easily lose control over the server and have to start over again. Servers put online need to have all security mechanisms up and running at the time they’re connected online.

Since you took time to read the full story.. here is pic to make you laugh..

but-why-is-zobhfc

The following two tabs change content below.

William Fieldhouse

I currently work full time as a penetration tester and have been involved within the IT security industry for over a decade. I also love to pioneer any forms of new technology and ideologies for future advancements. Feel free to contact me at [email protected]

William Fieldhouse

I currently work full time as a penetration tester and have been involved within the IT security industry for over a decade. I also love to pioneer any forms of new technology and ideologies for future advancements. Feel free to contact me at [email protected]

Leave a Reply