IPv6 Covert Channels

The growing adoption of IPv6, driven by major ISPs and tech companies, introduces new security risks. One such risk is the ease of implementing covert channels within IPv6 communications, which remain undetected by common open-source IDS tools like Suricata, Zeek, and Snort. Using high-level programming languages like Python and open-source libraries such as Scapy, it is possible to inject covert data into IPv6 packets without disrupting application-level communication. This technique applies to on-premises, hybrid-cloud, and commercial cloud environments, including AWS, Azure, and Vultr, leveraging an IPv6 network stack. Six covert channels have been implemented and tested in virtual and cloud environments to evaluate their feasibility. To prevent interference with legitimate traffic, packets are cleaned before delivery, ensuring injected data is removed and restoring packets to their original form.