Evasion of High-End IPS Devices in the Age of IPv6

Presented at Black Hat USA 2014, Aug. 6, 2014, 10:15 a.m. (25 minutes).

IPv6 era is here, either if you already use it or if you continue to ignore it. However, even in the last case, this does not mean that your nodes (end-hosts, networking devices, security devices) are not already pre-configured with IPv6 connectivity, at least to some extent. At the same time, ARIN states that they are currently in phase three of a 4-phased IPv4 Countdown Plan, being already down to about 0.9/8s in aggregate. On the other hand, RIPE NCC has reached its last /8 IPv4 address space quite some time ago.

And what IPv6 does not forgive for sure is the lack of security awareness. Several times in the past it has been shown that this new layer-3 protocol, apart from the huge address space and other new functionalities, it also brings with it several security issues. In this talk, it will be shown that significant security issues still remain unsolved. Specifically, three different but novel techniques will be presented that allow attackers to exploit even a really minor detail in the design of the IPv6 protocol to make security devices like high-end commercial IDPS devices completely blind. These techniques allow the attackers to launch any kind of attack against their targets, from port scanning to SQLi, while remaining undetected. Moreover, in this talk, after presenting detailed analysis of the attacks and the corresponding exploitation results against IDPS devices, potential security implications to other security devices, like firewalls will also be examined. Finally, specific mitigation techniques will be proposed, both short-term and long-term ones, in order to protect your network from them.


Presenters:

  • Antonios Atlasis - secfu.net
    Antonios Atlasis, MPhil, PhD, is an independent IT security analyst and researcher having over 20 years of diverse Information Technology experience. He is also an accomplished instructor and software developer and he has been granted a number of awards both for his academic work and his professional achievements. His main research interests include vulnerability discoveries in IPv6, SCADA systems, and other critical protocols.
  • Enno Rey - ERNW GmbH
    Enno is a long-time network geek who loves to explore network devices and protocols and to break flawed ones.

Links:

Similar Presentations: