For many, the concept of “the internet” conjures up an idea of a digital world, separate from our physical one and existing “somewhere out there.” Maybe in the “cloud.” Fundamentally though, the internet is built on a straightforward process—different computer networks communicating with each other.
Every day, around three zettabytes of information flow between different packet switching networks around the world. Human error and firewalls aside, all this information finds its way to its specified target. To identify senders and receivers of information among billions of peers, computers use Internet Protocol (IP) addresses.
These numeric strings ensure that information finds its way from computer A to computer B without accidentally going to computer C. Every single internet-connected device has a unique IP address. But there’s a problem. The internet is much bigger than its original creators envisioned, and there aren’t enough addresses to go around. For defenders trying to manage their attack surface, the solution to this problem can have a serious impact on their visibility.
How We Got IPv4
It’s easy to forget that once upon a time, computers within different proprietary networks couldn’t connect to one another. Different networks used different connection protocols and ports. TCP/IP, a common standard for letting computers know how to talk to one another, changed this.
First adopted by an internet precursor called the Advanced Research Projects Agency Network (ARPANET) on January 1st, 1983, the TCP/IP address protocol known as Internet Protocol version 4 (or IPv4 for short) became the standard method for communication between internet-connected devices. To provide enough addresses for all connected devices, IPv4 uses a 32-bit numerical address space. In total, IPv4 allows for 232 (roughly 4.2 billion) possible individual addresses.
In 1983, over four billion IP addresses seemed like a lot. However, as usage of the protocol grew, it became apparent to the Internet Assigned Numbers Authority (IANA), which from 1988 became responsible for maintaining the IP address system, that a 32-bit format would not allow for enough IP addresses to meet global demand. Trends like cloud adoption, new demographics using the web, and the eventual rise of mobile devices rapidly began to eat up available address options.
To slow down the pace at which IPv4 addresses were being used up, a variety of remedial technologies were developed throughout the 1990s. Network address translation (NAT) is one. NAT is a method that allows a single network connection to have multiple private addresses. Sort of like an apartment block with one address but numerous units. However, though this and other methods of reallocating IPv4 addresses have helped keep large parts of the internet functioning, they were, and are, stop-gap solutions that add complexity to internet devices and create inefficiencies.
Enter IPv6
With IPv4 running out, a permanent solution was needed. Ultimately, IPv4 had to be replaced. In 1996, the Internet Engineering Task Force (IETF), a standards body, developed a new IPV protocol known as IPv6. IPv6 expands IP addresses to 128 bits. This means that instead of 4.2 billion combinations allowed by IPv4, there can be over 2128 (340 trillion trillion trillion) possible addresses with IPv6. A number big enough for everyone on the planet to have more than a billion devices.
With a simpler address format than IPv4 and the ability to bypass the need for translation and enable autoconfiguration, IPv6 created efficiencies not possible with IPv4.
However, IPv6 does have one downside. IPv4 and IP6 are not interoperable. While there are a few different translation methods for bridging them, direct communication between IPv4 and IPv6 is not possible. This means that developers and producers of tech like mobile phones and routers need to upgrade firmware to make IPv6 compatible with IPv4. More importantly, internet service providers must also overhaul their hardware to carry IPv6 traffic.
Despite these obstacles, IPv6 adoption is gaining pace. According to Google’s IPv6 adoption tracker, just over 34% of the internet is working on the IPv6 protocol now. However, in certain regions, this number is much higher. For example, within the US, IPv6 adoption is currently at 51%. If you use public cloud applications (where almost everything happens on IPv6), then you use IPv6.
What IPv6 Does for Your Attack Surface
The evolution of the internet from IPv4 to IPv6 means that a large part of your attack surface might be invisible to you. This is because most attack surface management (ASM) solutions can only discover IPv4 assets.
Remember that IPv4 has 4.2 billion IP addresses. Although this is a huge number, ASM vendors can create protocols that can brute force scan a data set of this size and discover relevant assets.
The IPv6 address book is 128 times bigger. Right now, no computer can scan this data set in its entirety. This is a problem because 51% of internet-connected assets in the US use IPv6. For most companies, more than half of their attack surface is not discoverable with traditional ASM solutions. Bearing in mind that a Gartner report once showed that almost 40% of all IT spending goes on shadow IT assets, this is a scary thought.
Randori Uses an Attacker’s POV to See IPv6
What your ASM vendor says are your internet-facing assets is probably only a subset of your actual attack surface. To understand your attack surface, you need an ASM system that can find both the IPv4 and IPv6 assets that an attacker could exploit.
Randori’s ASM system does this by scanning your attack surface from the inside out. We cannot scan the entire IPv6 address book. But we can discover the IPv6 addresses that are connected to your environment. Randori finds the breadcrumbs of information within your networks that point to IPv6 accounts and discovers all of the IPv4, IPv6, Cloud, and IoT assets you have.
