Covert Channels using IPv6/ICMPv6

Presented at DEF CON 14 (2006), Aug. 5, 2006, 5 p.m. (50 minutes)

Government organizations are required by the Office of Management and Budget to migrate their networks over to IPv6 by 2008.  There is a belief that this opens inherit risk to the organization due to undiscovered flaws and security holes that may be opened up.  One such breach is the use of covert channels to push data in or out of a network in the guise of standard traffic.  Covert channels are not new, and have been exploited in the past through IPv4 communications.  This presentation and PoC tool demonstration will show how IPv6 networks communicate, and how the tool can be used to pass text or files through IPv6 and ICMPv6 packet manipulation.

Presenters:

• R.P. Murphy
  R.P. Murphy is currently pursuing a Masters Degree in Information Systems Technology and is working on IPv6/ICMPv6 Covert Channels as a thesis topic.  He is a Certified Information Systems Security Professional (CISSP), and does IT Consulting for small businesses.  His areas of expertise include network security, information security and wireless network security and administration.  Areas of interest include computer forensics, protocol analysis and tool development.  Tools developed include MACSpoof, a tool to store and change MAC addresses in Windows, VoodooKey, a tool to recover software keys in Windows, and the PoC tool v00d00N3t, a tool that sends text or files through the use of IPv6 / ICMPv6 packet manipulation.

Links:

• https://defcon.org/html/defcon-14/dc-14-speakers.html#Murphy
• https://infocon.org/cons/DEF CON/DEF CON 14/DEF CON 14 video/DEF CON 14 - RP - Murphy - Covert Channels Using IPv6 - Video.mp4
• https://www.youtube.com/watch?v=Jzv0pljNTjo

Similar Presentations:

• DEF CON 18 (2010) / Who Cares About IPv6?
• DeepSec 2014 „Do you want to know more?“ / IPv6 Attacks and Defenses - A Hands-on Workshop
• DeepSec 2015 „DeepSec No. 9“ / Pentesting and Securing IPv6 Networks (closed)