IPv6 Attacks and Defenses - A Hands-on Workshop presented at DeepSec 2014

by Enno Rey,

Summary : IPv6 deployment is rising every single day; Specifically, according to the statistics and the trends of the Internet Society, “2013 marked the third straight year IPv6 use on the global Internet has doubled. If current trends continue, more than half of Internet users around the world will be IPv6-connected in less than 6 years.” At the same time, ARIN states that they are currently in phase four of their “IPv4 Countdown Plan”, while RIPE has reached its last /8 IPv4 address space quite some time ago. So, “this time it is for real”. Moreover, most of the Operating Systems, network and security devices (like firewalls, IDS, etc.) come with IPv6 pre-enabled. However, are we ready for the IPv6 era from a security perspective?
In this workshop, various attack methods that “exploit” IPv6 design and implementation security issues will be discussed. These issues, due to their nature, affect several modern and prestigious Operating Systems as well as network and security devices. Specifically, it will be explained and demonstrated how you can exploit IPv6-specific features for pen-testing IPv6 systems and networks. To this end, first, all the required theory regarding the changes that IPv6 brings with it and affects security will be presented. Then, it will be explained and demonstrated how to launch most of the known IPv6 attacks. Furthermore, some more advanced attacks will be presented, as well as ways of fuzzing the protocol implementation against various systems and security devices. For accomplishing our goals, a specific IPv6 pen-testing and security assessment tool written by the instructors will be provided. Finally, mitigation techniques to protect your IPv6 infrastructure from these attacks will also be discussed. At the end, two IPv6 Security challenges will be given to the attendees of the workshop to practice their IPv6 security skills: One for blue team members to get the experience of analysing real IPv6 attacks, and one for red team members to practice their IPv6 penetration testing skills.
Only by knowing the potential IPv6 security issues we shall be able to protect it effectively. The acquired knowledge will be valuable both to penetration testers who want to test IPv6 networks as well as to network and security engineers who want to protect effectively their IPv6 networks.

Enno Rey: Daniel and Enno are long time network geeks who love to explore network devices & protocols and to break flawed ones.