IPv6: future hero or current villain?

I found this Wired post about the possibile threats posed by increasing use of IPv6 to be quite interesting. IPv6, for those of you not elbow-deep in internet protocol, is the replacement for the current internet address model (the way that human-readable names like "wired.com" are mapped to numerical addresses like 255.128.32.16). The limitation to the existing model (IPv4) is that we're literally running out of address space: IPv6 will vastly increase the number of discrete addresses available for use, but it will take a few years for the necessary equipment and software to be deployed.

Something I hadn't thought about was that this roll-out of IPv6-capable equipment might create some new opportunities for hackers:

Joe Klein, a security researcher with Command Information, says many organizations and home users have IPv6 enabled on their systems by default but don't know it. They also don't have protection in place to block malicious traffic, since some intrusion detection systems and firewalls aren't set up to monitor IPv6 traffic, presenting an appealing vector through which outsiders can attack their networks undetected.

"Essentially, we have systems that are wide open to a network," says Klein, who is a member of an IPv6 task force and will be speaking about the issue tonight at the HOPE (Hackers on Planet Earth) conference in New York. "It's like having wireless on your network without knowing it."

The internet is moving to IPv6 because IPv4 is running out of addresses. Estimates of when IPv4 addresses will be exhausted have varied. Command Information has a widget on its web site counting down the number of IPv4 addresses still available each time the American Registry for Internet Numbers assigns an address or block of addresses. By the widget's count, the supply of IPv4 addresses – currently at around 620 million -- will run out in about 917 days, or about two and a half years.