Advances in IPv6 Network Reconnaissance

Presented at TROOPERS18 (2018), March 13, 2018, 2:30 p.m. (Unknown duration)

IPv6's increased address space has changed the network reconnaissance game: since (IPv4-era) brute-force address scans are no longer feasible, an attacker or pentester has to rely on smarter address scans and other alternative or complementary techniques. RFC7707 (Gont & Chown, 2016) has shed light on IPv6 network reconnaissance, and pointed some techniques that should be explored and/or implemented (since there were no tools implementing them at the time). This presentation will cover recent advances in IPv6 network reconnaissance, ranging from implementation of some of the techniques envisioned in RFC7707, to new techniques or tricks that had not been explored before. As part of this presentation, a new version of the SI6 IPv6 Toolkit ( will be released, including both new and updated tools of value to both pentesters (targeting a specific site or organization) and network/security researchers (targeting the IPv6 Internet at mass scale).


  • Fernando Gont
    Fernando Gont specializes in the field of communications protocols security, working for private and governmental organizations from around the world. Gont has worked on a number of projects for the UK National Infrastructure Security Co-ordination Centre (NISCC) and the UK Centre for the Protection of National Infrastructure (CPNI) in the field of communications protocols security. As part of his work for these organizations, he has written a series of documents with recommendations for network engineers and implementers of the TCP/IP protocol suite, and has performed the first thorough security assessment of the IPv6 protocol suite. Gont is currently working as a security consultant and researcher for SI6 Networks Additionally, he is a member of the Centro de Estudios de Informatica (CEDI) at Universidad Tecnológica Nacional/Facultad Regional Haedo (UTN/FRH) of Argentina, where he works in the field of Internet engineering. As part of his work for these organizations, he is active in several working groups of the Internet Engineering Task Force (IETF), and has published 30 IETF RFCs (Request For Comments) and more than a dozen IETF Internet-Drafts. Gont has also developed the SI6 Network's IPv6 Toolkit - a portable and comprehensive security asessment toolkit for the IPv6 protocol suite, and the IoT-toolkit - a security assessment toolkit for IoT devices. Gont runs the IPv6 Hackers and the IoT Hackers mailing-lists, and has been a speaker at a number of conferences and technical meetings about information security, operating systems, and Internet engineering, including: CanSecWest 2005, Midnight Sun Vulnerability and Security Workshop/Retreat 2005, FIRST Technical Colloquium 2005, Kernel Conference Australia 2009, DEEPSEC 2009, HACK.LU 2011, DEEPSEC 2011, LACSEC 2012, Hackito Ergo Sum 2012, Hack In Paris 2013, German IPv6 Kongress 2014, H2HC 2017, and Troopers 2017. Additionally, he is a regular attendee of the Internet Engineering Task Force (IETF) meetings. More information about Fernando Gont is available at his personal website:


Similar Presentations: