SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Wednesday, March 18th, 2026: IPv4 mapped IPv6; KVM Vulnerabilities; AWS Bedrock DNS Covert Channel
4 snips
Mar 18, 2026 Discussion of how IPv4-mapped IPv6 addresses work and how tools convert or mishandle them. Examination of widespread security flaws in low-cost IP KVMs and which devices remain unpatched. Exploration of sandboxing challenges for AI agents and a DNS covert channel found in an AWS Bedrock code interpreter.
AI Snips
Chapters
Transcript
Episode notes
IPv4 Mapped IPv6 Behaves Differently Per Tool
- IPv4 mapped IPv6 addresses are an OS-level translation allowing IPv6-only apps to communicate via IPv4.
- Tools like wget or browsers accept mapped addresses and convert them to IPv4 while ping6 does not send IPv4 packets, so behavior varies by tool.
Parse IP Addresses As Numeric Types
- Treat IP addresses as their native numeric types instead of raw strings to avoid parsing errors and obfuscation pitfalls.
- Johannes Ulrich recommends handling IPv4 as 32-bit unsigned integers to prevent misinterpretation like octal or integer-encoded addresses.
Cheap IP KVMs Often Lack Basic Protections
- Eclypsium researchers Paul Asadorian and Ronaldo Vazquez-Garcia audited cheap IP KVM units and found multiple vulnerabilities across vendors.
- Some devices lacked brute-force protection and one vendor had RCE with no patch available, highlighting risk in $25–$100 KVM market.