Presented at DeepSec 2014 „Do you want to know more?“
IPv6 deployment is rising every single day; Specifically, according to the statistics and the trends of the Internet Society, "2013 marked the third straight year IPv6 use on the global Internet has doubled. If current trends continue, more than half of Internet users around the world will be IPv6-connected in less than 6 years." At the same time, ARIN states that they are currently in phase four of their "IPv4 Countdown Plan", while RIPE has reached its last /8 IPv4 address space quite some time ago. So, "this time it is for real". Moreover, most of the Operating Systems, network and security devices (like firewalls, IDS, etc.) come with IPv6 pre-enabled. However, are we ready for the IPv6 era from a security perspective?
In this workshop, various attack methods that "exploit" IPv6 design and implementation security issues will be discussed. These issues, due to their nature, affect several modern and prestigious Operating Systems as well as network and security devices. Specifically, it will be explained and demonstrated how you can exploit IPv6-specific features for pen-testing IPv6 systems and networks. To this end, first, all the required theory regarding the changes that IPv6 brings with it and affects security will be presented. Then, it will be explained and demonstrated how to launch most of the known IPv6 attacks. Furthermore, some more advanced attacks will be presented, as well as ways of fuzzing the protocol implementation against various systems and security devices. For accomplishing our goals, a specific IPv6 pen-testing and security assessment tool written by the instructors will be provided. Finally, mitigation techniques to protect your IPv6 infrastructure from these attacks will also be discussed. At the end, two IPv6 Security challenges will be given to the attendees of the workshop to practice their IPv6 security skills: One for blue team members to get the experience of analysing real IPv6 attacks, and one for red team members to practice their IPv6 penetration testing skills.
Only by knowing the potential IPv6 security issues we shall be able to protect it effectively. The acquired knowledge will be valuable both to penetration testers who want to test IPv6 networks as well as to network and security engineers who want to protect effectively their IPv6 networks.
- ERNW GmbH
Enno (@Enno_Insinuator) is a long-time network security geek who likes to explore devices and protocols, and to break flawed ones. He has been involved with IPv6 since 1999 and blogs about IPv6 security in all its flavors at http://www.insinuator.net/tag/ipv6/.
Antonios Atlasis (MPhil, PhD) has been an IT engineer for more than 20 years, developer and instructor in several Computer Science and Computer Security related fields. The last years he has been specialised in IT Security, working mainly as a penetration tester, incident handler and intrusion analyst. His latest security researches focuses on IPv6 and some of his work has been presented at BlackHat Europe 2012, BlackHat Abu Dhabi 2012, at the IPv6 Security Summit of Troopers 13 and Troopers 14, while the newest one will be presented at BlackHat US 2014.