EVASION OF HIGH-END IPS DEVICES IN THE AGE OF IPV6 presented at BlackHatUS 2014

by Enno Rey, Antonios Atlasis,

Summary : IPv6 era is here, either if you already use it or if you continue to ignore it. However, even in the last case, this does not mean that your nodes (end-hosts, networking devices, security devices) are not already pre-configured with IPv6 connectivity, at least to some extent. At the same time, ARIN states that they are currently in phase three of a 4-phased IPv4 Countdown Plan, being already down to about 0.9/8s in aggregate. On the other hand, RIPE NCC has reached its last /8 IPv4 address space quite some time ago.
And what IPv6 does not forgive for sure is the lack of security awareness. Several times in the past it has been shown that this new layer-3 protocol, apart from the huge address space and other new functionalities, it also brings with it several security issues. In this talk, it will be shown that significant security issues still remain unsolved. Specifically, three different but novel techniques will be presented that allow attackers to exploit even a really minor detail in the design of the IPv6 protocol to make security devices like high-end commercial IDPS devices completely blind. These techniques allow the attackers to launch any kind of attack against their targets, from port scanning to SQLi, while remaining undetected. Moreover, in this talk, after presenting detailed analysis of the attacks and the corresponding exploitation results against IDPS devices, potential security implications to other security devices, like firewalls will also be examined. Finally, specific mitigation techniques will be proposed, both short-term and long-term ones, in order to protect your network from them.

Enno Rey: Daniel and Enno are long time network geeks who love to explore network devices & protocols and to break flawed ones.