IPv6 is now the majority of internet traffic in many regions. Your infrastructure likely has IPv6 enabled β whether you configured it or not. This module covers IPv6-specific security considerations, because ignoring IPv6 while locking down IPv4 leaves gaping holes.
Why IPv6 security matters
Most IT teams learned to secure IPv4. When IPv6 is enabled by default on modern OSes (Windows, macOS, Linux), many teams assume “we don’t use IPv6” β but the stack is active. Traffic flows; rules don’t apply. Classic attack: attacker enables IPv6 on a compromised host; data exfil goes out via IPv6 while defenders monitor IPv4.
Key differences from IPv4
| Property | IPv4 | IPv6 |
|---|---|---|
| Address space | 2Β³Β² (~4 billion) | 2ΒΉΒ²βΈ (astronomically large) |
| Format | Dotted decimal (192.168.1.1) | Hex, colon-separated (2001:db8::1) |
| Address config | DHCP primarily | SLAAC, DHCPv6, both |
| NAT | Common | Rare (every device has public IPv6) |
| ARP | Uses ARP | Uses Neighbor Discovery (NDP) |
| Broadcast | Yes | No (multicast only) |
IPv6-specific attacks
SLAAC spoofing
IPv6 hosts auto-configure addresses via Router Advertisements (RA). An attacker on the local segment can send rogue RAs, becoming the default gateway, MITM-ing traffic. Analogous to DHCP spoofing on IPv4.
Continue reading with Pro tier (βΉ4,999/year)
You've read 25% of this module. Unlock the remaining deep-dive, quiz, and every other Advanced/Expert module.