The US Federal Communications Commission (FCC) and the National Institute of Standards and Technology (NIST) came out with IPv6-related documents recently, showing increased interest in IPv6 by the US government. Although the FCC document is a collection of previously known information, according to Ars Technica, there is still some new information included. The more in-depth NIST document is intended for federal agencies and goes into much detail about the differences between IPv6 and IPv4, and how those differences impact security.
“However, the authors of the NIST document don’t seem to be familiar with a nifty security feature that’s in the ICMPv6 specification: for ICMPv6 packets that are only supposed to be local, the hop limit field in the IPv6 header—that would be the time to live field with IPv4—is set to the largest possible value, 255, when the packet is transmitted. Upon reception, the IPv6 system can then check if this value is still 255. If so, the packet was transmitted over the local network: if it came from elsewhere, one or more routers would have decremented the hop limit value so it couldn’t have been 255. This way, non-local but supposed-to-be local packets can be rejected without explicit filters or cryptography.”