SlideShare una empresa de Scribd logo

IPv6 Security und Hacking

Swiss IPv6 Council
Swiss IPv6 Council

Aspekte von IPv6-Security • Hackertools & ein paar Angriffsszenarien • 3 Empfehlungen q a) Ist IPv6 sicherer als IPv4? q b) Ist IPv6 unsicherer als IPv4? q c) Wer ist an allem Schuld? q d) Wie wirkt sich die Integration von IPv6 in meine Organisation auf deren IT-Sicherheit aus?

Tecnología
1 de 48
Descargar para leer sin conexión
IPv6 Security & Hacking Swiss IPv6 Council Tech-Event Frank Herberg frank.herberg@switch.ch Zürich, 25.3.2013 v1.2
Die nächsten 60 Minuten •  Aspekte von IPv6-Security •  Hackertools & ein paar Angriffsszenarien •  3 Empfehlungen © 2013 SWITCH 2
Quiz: Was ist die relevante Fragestellung? ✗ q  a) Ist IPv6 sicherer als IPv4? ✗ q  b) Ist IPv6 unsicherer als IPv4? ✗ q  c) Wer ist an allem Schuld? ✓ q  d) Wie wirkt sich die Integration von IPv6 in meine Organisation auf deren IT-Sicherheit aus? © 2013 SWITCH 3
Quiz: Was ist die relevante Fragestellung? Und warum? ✓ q  Wie wirkt sich die Integration von IPv6 in meine Organisation auf deren IT-Sicherheit aus? è  IPv6 kommt zusätzlich zu IPv4 ins Haus è  IPv6-Integration bringt vieles in Bewegung è  Ableiten von Massnahmen um akzeptables Sicherheitsniveau zu gewährleisten © 2013 SWITCH 4
Ziel: Sicherheitsniveau aufrecht erhalten Value of Security Risk assets level IT-Security Strategy © 2013 SWITCH 5
Dual Stack IPv6 IPv4 Managed Monitored Defined ?? ?? Filtered Secured maybe not Well known at all known © 2013 SWITCH 6
Mehr Komplexität durch mehrere IP- Adressen pro Interface IPv4 traffic 173.194.32.119 link local IPv6 traffic fe80::3e07:54ff:fe5d:abcd 2001:610::41:3e07:54ff:fe5d:abcd* global IPv6 traffic 2001:610::41:65d2:e7eb:d16b:a761** è privacy issue global IPv6 traffic è traceability issue * Interface Identifier derived from MAC è the same all over the world ** Privacy Extensions: random / temporary IP address © 2013 SWITCH 7
Unvorhersehbare Quell-Adresswahl bei Dual-Stack durch Happy Eyeballs 173.194.32.119 Monitoring, fe80::3e07:54ff:fe5d:abcd Traceability, 2001:610::41:3e07:54ff:fe5d:abcd Session Hijacking 2001:610::41:65d2:e7eb:d16b:a761 Prevention 2 Mechanismen für Adresswahl: •  Default Address Selection RFC 6724 (2012) è "prefer IPv6" •  Happy Eyeballs RFC 6555 (2012), Application level è "prefer 'better' user experience" (faster response) © 2013 SWITCH 8
IPv6 Adress-Notation ist nicht eindeutig fe80:0000:0000:0000:0204:61ab:fe9d:f156 // full form fe80:0:0:0:204:61ab:fe9d:f156 // drop leading zeroes fe80::204:61ab:fe9d:f156 // collapse multiple zeroes to :: fe80::204:61ab:254.157.241.86 // dotted quad at the end, multiple zeroes collapsed è  filtern & suchen wird schwieriger è  z.B. Logfile|grep, queries è  selbstgeschriebene Skripte © 2013 SWITCH 9
Extension Header & Security IPv6-Header TCP- DATA Next Header = 6 Header … (TCP) IPv6-Header Routing-Hdr. Frgmnt-Hdr. TCP- DATA Next Header = 43 Next Header = 44 Next Header = 6 Header … (Routing) (Fragment) (TCP) Die Grösse des IPv6-Header ist fix (40 Byte) è Für Optionen werden Extension Header angehängt •  Beliebig viele EH können verkettet werden alles •  EH können beliebig viele Optionen enthalten willkommene Einladungen •  EH haben verschiedene Formate für Hacker •  Reihenfolge ist nicht festgelegt (nur empfohlen) © 2013 SWITCH 10
Extension Header Attacken •  Angreifer sendet Pakete mit •  vielen EH •  EH mit vielen Optionen •  ungültigen EH oder Optionen (Fuzzing) •  EH in denen Informationen versteckt sind (Covert Channel) •  sehr viele Pakete mit Router-Alert-Option •  Umgehen von Security-Einrichtungen z.B. im Switch RA- Guard, Angriff auf das Endsystem (Robustheit der Implementierung), auf Router (beschäftigen) © 2013 SWITCH 11
ICMPv6 ist viel umfangreicher Error-Messages (1-127) 1:Destination Unreachable 2:Packet too big (PMTUD) 3:Time Exceeded (Hop Limit) 4:Parameter Problem ICMP kann nicht Info-Messages (Ping) mehr so einfach 128:Echo Request 129:Echo Reply gefiltert werden siehe RFC 4890 (38 Multicast Listener Discovery (MLD, MLD2) Seiten) 130:Multicast Listener Query 131/143:Multicast Listener Report/2 132:Multicast Listener Done Neighbor Discovery (NDP), Stateless neue Angriffsvektoren Autoconfiguration (SLAAC) (lokal, remote) 133:Router Solicitation 134:Router Advertisement ein paar Beispiele 135:Neighbor Solicitation (DAD) 136:Neighbor Advertisement (DAD) 137:Redirect Message siehe unten Other (Router Renumbering, Mobile IPv6, Inverse NS/ NA,…) 138-153 © 2013 SWITCH 12
Geringere Reife im Design... •  Parts of IPv6 are still "Development in Progress" •  Examples: RFC 6564: April 2012 "A Uniform Format for IPv6 Extension Headers" RFC 6555: April 2012 "Happy Eyeballs: Success with Dual-Stack Hosts" RFC 6724: September 2012 "Default Address Selection for IPv6" © 2013 SWITCH 13
... und in den Implementierungen (insbesondere bei Security Devices) know what •  Common effects you need •  Required Features are not yet implemented •  You will have to wait for it watch out •  Performance isn't ensured •  Things are probably not (yet) hardware accelerated •  Stability isn't guaranteed be prepared •  You will have to deal with frequent updates © 2013 SWITCH 14
Aktuelles Beispiel: "Remote system freeze thanks to Kaspersky Internet Security 2013" a fragmented packet with one large extension header leads to a complete freeze of the operating system...! © 2013 SWITCH 15
Was sonst noch... •  IDS/IPS, Network-Monitoring, Service-Monitoring, etc. must be upgraded for IPv6 •  IPv4-based ACLs! (ssh-Access, DB-Access, you name it) •  IP Reputation based protection does not (yet) exist (IPv6 blacklists) •  Tunnel can be autoconfigured, can bypass IPv4- Firewalls (Protocol type 41, UDP) & NAT (Teredo, UDP) •  ... © 2013 SWITCH 16
Wenig Know-how und Erfahrungen •  Little or no Know-how compared to IPv4 •  Network-Staff, Sysadmins, Security-Staff •  Management, (1st-Level-)Support •  Learning IPv6 needs •  time •  free resources •  practical experience •  leads to mistakes in the beginning © 2013 SWITCH 17
Neue Angriffe – neue Hackertools •  The Hackers Choice IPv6 Attack Toolkit ca. 50 Tools, M. Heuse und andere http://thc.org/thc-ipv6/ •  SI6 Networks IPv6 Toolkit ca. 12 Tools, F. Gont http://www.si6networks.com/tools/ipv6toolkit/ è erproben neue Angriffsvektoren è zeigen Schwachstellen im Design è  oder der Implementierung (auch zum Testen!) è  können missbraucht werden © 2013 SWITCH 18
THC IPv6 Attack Toolkit (thc.org) •  Last update 2013-01-21 •  Current public version: v2.1 •  GPLv3 applies to this code •  This tool is for legal purposes only! © 2013 SWITCH 19
SLAAC Step 1: generating link-local addr. R1 A MAC: 3c:07:54:5d:40:66 B C Generate a link local address (FE80), from MAC address state: tentative Send NeighSolicit for DupAddrDetect (:: => Solicited-Node multicast addr) Either receive a NeighAdvert to show an address conflict: stop autoconfig or change state of link local address to: preferred fe80::3e07:54ff:fe5d:4066 © 2013 SWITCH 20
SLAAC Step 2: generating global addresses R1 A fe80::3e07:54ff:fe5d:4066 3c:07:54:5d:40:66 B C Send RS to All-Router-Multicast-Address (ff02::2) RA: Prefix is "2001:620:0:49::" Default Router Address is fe80... If RA received: generate global routable address(es) from received prefix(es) Send NS for DAD (:: => Solicited-Node multicast addr) Either receive a NA to show an address conflict: don't use address or configure Global Address(es) 2001:620:0:49:3e07:54ff:fe5d:4066, default router address(es) and other parameter (DNS) © 2013 SWITCH 21
Rogue Router Advertisement Principle I am your Default Router! R1 A C B Attacker sends Router Advertisements nodes configure IPv6 according to spoofed RA: IPv6 addresses & Default Router © 2013 SWITCH 22
Rogue RA – Denial of Service BLOCK R1 A B B Default Router All traffic sent to Attacker ends up in a black hole © 2013 SWITCH 23
Rogue RA – Man in the Middle Attack FORWARD R1 A B B Default Router Attacker can intercept, listen, modify unprotected data © 2013 SWITCH 24
Rogue RA – Performance Issue WLAN R1 A B B Default Router Attacker becomes a bottleneck Often not an attack but misconfigured client © 2013 SWITCH 25
Rogue RA Attacking Tool fake_router6 / fake_router26 Announce yourself as a router and try to become the default router. If a non-existing link-local or mac address is supplied, this results in a DOS. Example: fake_router6 eth0 2004::/48 © 2013 SWITCH 26
Rogue RA Scenarios •  Local Attacker with thc-tools installed •  Remote Attacker who successfully compromised a node on the network segment (DMZ) •  Misconfiguration! User "accidentally" transmits RAs onto the local link. •  E.g. Windows ICS (Internet Connection Sharing) è Accidental Rogue RA incidents are likely. © 2013 SWITCH 27
Router Lifetime 0 Attack Wann sendet ein Router RAs mit "Router Lifetime" = 0? © 2013 SWITCH 28
Router Lifetime 0 Attack R1 is down (Router lifetime = 0) R1 A B B R1 sends legitimate RAs Attacker clones RAs but with Lifetime = 0 Remove legitimate router from routing table © 2013 SWITCH 29
Router Lifetime 0 Attack kill_router6 eth0 ‘fe80::219:7ff:feeb:f80’! ! Starting to send router kill entries for fe80::219:7ff:feeb:f80 (Press Control-C to end)...! ! ! ! Option -H adds hop-by-hop, -F fragmentation header and -D dst header to bypass RA guard. ! © 2013 SWITCH 30
Router Lifetime 0 Attack kill_router6 eth0 ‘fe80::219:7ff:feeb:f80’! Starting to send router kill entries for fe80::219:7ff:feeb:f80 (Press Control-C to end)... ! © 2013 SWITCH 31
Router Advertisement Flooding 2004:: is a prefix 2005:: is a prefix 2006:: is a prefix 2007:: is a prefix… R1 A B C Attacker floods LAN with Router Advertisements © 2013 SWITCH 32
Router Advertisement Flooding flood_router6, flood_router26 Flood the local network with router advertisements. Each packet contains 17 prefix and route entries (only Version _26) -F/-D/-H add fragment/destination/hop-by-hop header to bypass RA guard security. Syntax: flood_router6 [-HFD] interface Example: flood_router6 eth0 © 2013 SWITCH 33
RA Flooding Effect on Win7 © 2013 SWITCH 34
Some RA Flooding Facts •  Nodes will stall or crash: •  Windows XP,Vista,7,8,200x Server •  Free/Net/Open-BSD - depends on version •  OS X •  Juniper •  Android phones, iPads,... slow down or freeze •  Save: •  Cisco IOS & ASA - is fixed* •  Linux has a limit of 16 IPv6 addresses incl. link local (not attackable) © 2013 SWITCH 35
An "IPv6 readiness update" is available for Windows 7 and for Windows Server 2008 R2 (Nov. 2012) http://support.microsoft.com/kb/2750841/en •  Only for Win7 and 2008 R2 •  Limits no of prefixes to 100 •  a patched machine still freezes totally during the attack, but recovers quickly when it stops © 2013 SWITCH 36
Fazit zu Rogue Router Advertisements •  Everybody on the local network can •  add IPs, delete / change default router •  DOS network •  do a MITM attack •  decrease Network-Performance •  decrease System-Performance •  crash Systems •  !! Autoconf. IPv6 in IPv4-only network = open 2nd door Consider Mitigation ;-) è RFC 6104 © 2013 SWITCH 37
Duplicate Address Detection - DOS sorry, I have I want to use this address this IPv6 already address A B C A sends NS for DAD (to Solicited Node Multicast Address) Attacker sends NA for each NS A can't configure any IPv6 address © 2013 SWITCH 38
Duplicate Address Detection - DOS © 2013 SWITCH 39
Some DAD-DOS Observations •  Linux configures link local address (!) and tries every 30 seconds to configure a Global Unicast Address. •  XP tries a few times – also with different random addresses, and then quits •  Win7 tries a few times and then quits - might show popup "Windows has detected an IP address conflict" è works also for DHCPv6 and manual config! è Switch "MLD Snooping" © 2013 SWITCH 40
Some other Attacks •  Attacks with MLD (fake/flood) •  NA Spoofing (wie ARP) •  Neighbor Cache Exhaustion Attack (Scanning) •  Redirect Spoofing (wie gehabt) •  Attacks with DHCPv6 (wie gehabt) •  DNS dictionary / IP Pattern-scan (Reconnaissance) •  .... © 2013 SWITCH 41
Fazit: Wie wirkt IPv6-Integration auf IT- Security einer Organisation? •  Higher complexity (protocol and network) •  Lower maturity (especially security devices) Security level •  Less Know-how •  New / more Attack vectors •  Less visibility (monitoring) •  Already active in "IPv4-only" net •  A lot of changes (also means new opportunities) © 2013 SWITCH 42
How to decrease the Security of an IPv6 deployment? "It's hard enough to deploy IPv6, let's deal with the Security stuff afterwards!" © 2013 SWITCH 43
How to improve the Security of an IPv6 deployment? – It's simple! 0. Secure existing Operations è IPv6 is already there! (Autoconf., Tunnel è Monitoring, 2nd door ACLs, FW Tunnel traffic) 1. Understand IPv6 before you deploy it! è Start early – start small – take your time! 2. Synchronise deployment with the readiness of your Security equipment! è Have a plan - which involves Security! © 2013 SWITCH 44
frank.herberg@switch.ch http://securityblog.switch.ch/ http://switch.ch/securitytraining © 2013 SWITCH 45
Anhang • Lese-Tipps • THC Installationstipps © 2013 SWITCH 46
Zum Lesen • Scott Hogg / Eric Vyncke: "IPv6-Security" Cisco Press • NIST - Guidelines for the Secure Deployment of IPv6 http://csrc.nist.gov/publications/nistpubs/800-119/sp800-119.pdf • Mailing List ipv6hackers http://lists.si6networks.com/listinfo/ipv6hackers © 2013 SWITCH 47
Get & Install THC IPv6 Attack tools •  Download thc-ipv6-[Version].tar.gz from thc.org •  Required: Linux 2.6 or higher •  Install sudo apt-get install libssl-dev libpcap-dev! tar -xzf thc-ipv6-n.n.tar.gz ! cd thc-ipv6-n.n/! make! sudo make install! make clean! ! •  Run as root! •  Also to test implementations in your Lab! © 2013 SWITCH 48

Recomendados

IPv6 strategy for deployment at ETH Switzerland
IPv6 strategy for deployment at ETH SwitzerlandIPv6 strategy for deployment at ETH Switzerland
IPv6 strategy for deployment at ETH SwitzerlandSwiss IPv6 Council
 
Swisscom: Testing von IPv6 Security Devices
Swisscom: Testing von IPv6 Security DevicesSwisscom: Testing von IPv6 Security Devices
Swisscom: Testing von IPv6 Security DevicesSwiss IPv6 Council
 
IPv6 Adressvergabe und Adressierung
IPv6 Adressvergabe und AdressierungIPv6 Adressvergabe und Adressierung
IPv6 Adressvergabe und AdressierungSwiss IPv6 Council
 
Der Einsatz von Lisp für die IPv6 Migration
Der Einsatz von Lisp für die IPv6 MigrationDer Einsatz von Lisp für die IPv6 Migration
Der Einsatz von Lisp für die IPv6 MigrationSwiss IPv6 Council
 
Rapid IPv6 Deployment for ISP Networks
Rapid IPv6 Deployment for ISP NetworksRapid IPv6 Deployment for ISP Networks
Rapid IPv6 Deployment for ISP NetworksSkeeve Stevens
 
IPv6 at CSCS
IPv6 at CSCSIPv6 at CSCS
IPv6 at CSCSSwiss IPv6 Council
 
Hands-on Experience with IPv6 Routing and Services
Hands-on Experience with IPv6 Routing and ServicesHands-on Experience with IPv6 Routing and Services
Hands-on Experience with IPv6 Routing and ServicesCisco Canada
 
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...Jisc
 

Recomendados

IPv6 strategy for deployment at ETH Switzerland
IPv6 strategy for deployment at ETH SwitzerlandIPv6 strategy for deployment at ETH Switzerland
IPv6 strategy for deployment at ETH SwitzerlandSwiss IPv6 Council
 
Swisscom: Testing von IPv6 Security Devices
Swisscom: Testing von IPv6 Security DevicesSwisscom: Testing von IPv6 Security Devices
Swisscom: Testing von IPv6 Security DevicesSwiss IPv6 Council
 
IPv6 Adressvergabe und Adressierung
IPv6 Adressvergabe und AdressierungIPv6 Adressvergabe und Adressierung
IPv6 Adressvergabe und AdressierungSwiss IPv6 Council
 
Der Einsatz von Lisp für die IPv6 Migration
Der Einsatz von Lisp für die IPv6 MigrationDer Einsatz von Lisp für die IPv6 Migration
Der Einsatz von Lisp für die IPv6 MigrationSwiss IPv6 Council
 
Rapid IPv6 Deployment for ISP Networks
Rapid IPv6 Deployment for ISP NetworksRapid IPv6 Deployment for ISP Networks
Rapid IPv6 Deployment for ISP NetworksSkeeve Stevens
 
IPv6 at CSCS
IPv6 at CSCSIPv6 at CSCS
IPv6 at CSCSSwiss IPv6 Council
 
Hands-on Experience with IPv6 Routing and Services
Hands-on Experience with IPv6 Routing and ServicesHands-on Experience with IPv6 Routing and Services
Hands-on Experience with IPv6 Routing and ServicesCisco Canada
 
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...Jisc
 
Microsoft IT's IPv6 Killer App
Microsoft IT's IPv6 Killer AppMicrosoft IT's IPv6 Killer App
Microsoft IT's IPv6 Killer AppOliver Müller
 
Agile Networking with OpenStack
Agile Networking with OpenStack Agile Networking with OpenStack
Agile Networking with OpenStack openstackcisco
 
OpenStack Neutron IPv6 Lessons
OpenStack Neutron IPv6 LessonsOpenStack Neutron IPv6 Lessons
OpenStack Neutron IPv6 LessonsAkihiro Motoki
 
Is OpenStack Neutron production ready for large scale deployments?
Is OpenStack Neutron production ready for large scale deployments?Is OpenStack Neutron production ready for large scale deployments?
Is OpenStack Neutron production ready for large scale deployments?Елена Ежова
 
NTTドコモ様 導入事例 OpenStack Summit 2016 Barcelona 講演「Expanding and Deepening NTT D...
NTTドコモ様 導入事例 OpenStack Summit 2016 Barcelona 講演「Expanding and Deepening NTT D...NTTドコモ様 導入事例 OpenStack Summit 2016 Barcelona 講演「Expanding and Deepening NTT D...
NTTドコモ様 導入事例 OpenStack Summit 2016 Barcelona 講演「Expanding and Deepening NTT D...VirtualTech Japan Inc.
 
Introduction to SDN
Introduction to SDNIntroduction to SDN
Introduction to SDNMuhammad Moinur Rahman
 
IPV6 - Threats and Countermeasures / Crash Course
IPV6 - Threats and Countermeasures / Crash CourseIPV6 - Threats and Countermeasures / Crash Course
IPV6 - Threats and Countermeasures / Crash CourseThierry Zoller
 
Introduction to SDN and NFV
Introduction to SDN and NFVIntroduction to SDN and NFV
Introduction to SDN and NFVBasim Aly (JNCIP-SP, JNCIP-ENT)
 
Henrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspectiveHenrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspectiveIKT-Norge
 
Unlock Your Cloud Potential with Mirantis OpenStack & Cumulus Linux
Unlock Your Cloud Potential with Mirantis OpenStack & Cumulus LinuxUnlock Your Cloud Potential with Mirantis OpenStack & Cumulus Linux
Unlock Your Cloud Potential with Mirantis OpenStack & Cumulus LinuxCumulus Networks
 
Eric Vyncke - Layer-2 security, ipv6 norway
Eric Vyncke - Layer-2 security, ipv6 norwayEric Vyncke - Layer-2 security, ipv6 norway
Eric Vyncke - Layer-2 security, ipv6 norwayIKT-Norge
 
DPDK Summit 2015 - Sprint - Arun Rajagopal
DPDK Summit 2015 - Sprint - Arun RajagopalDPDK Summit 2015 - Sprint - Arun Rajagopal
DPDK Summit 2015 - Sprint - Arun RajagopalJim St. Leger
 
Eric Vyncke - IPv6 security in general
Eric Vyncke - IPv6 security in generalEric Vyncke - IPv6 security in general
Eric Vyncke - IPv6 security in generalIKT-Norge
 
IPv6 Security - Myths and Reality
IPv6 Security - Myths and RealityIPv6 Security - Myths and Reality
IPv6 Security - Myths and RealitySwiss IPv6 Council
 
Implementing an IPv6 Enabled Environment for a Public Cloud Tenant
Implementing an IPv6 Enabled Environment for a Public Cloud TenantImplementing an IPv6 Enabled Environment for a Public Cloud Tenant
Implementing an IPv6 Enabled Environment for a Public Cloud TenantShixiong Shang
 
Deploying IPv6 in OpenStack Environments
Deploying IPv6 in OpenStack EnvironmentsDeploying IPv6 in OpenStack Environments
Deploying IPv6 in OpenStack EnvironmentsShannon McFarland
 
SDN - OpenFlow + OpenVSwitch + Quantum
SDN - OpenFlow + OpenVSwitch + QuantumSDN - OpenFlow + OpenVSwitch + Quantum
SDN - OpenFlow + OpenVSwitch + QuantumThe Linux Foundation
 
Cumulus networks - Overcoming traditional network limitations with open source
Cumulus networks - Overcoming traditional network limitations with open sourceCumulus networks - Overcoming traditional network limitations with open source
Cumulus networks - Overcoming traditional network limitations with open sourceNat Morris
 
pps Matters
pps Matterspps Matters
pps MattersBangladesh Network Operators Group
 
Multicast in OpenStack Tips
Multicast in OpenStack TipsMulticast in OpenStack Tips
Multicast in OpenStack TipsVikram G Hosakote
 
Eric Vyncke - IPv6 Security Vendor Point of View
Eric Vyncke - IPv6 Security Vendor Point of ViewEric Vyncke - IPv6 Security Vendor Point of View
Eric Vyncke - IPv6 Security Vendor Point of ViewIPv6 Conference
 
The IPv6 Snort Plugin (at DeepSec 2014)
The IPv6 Snort Plugin (at DeepSec 2014)The IPv6 Snort Plugin (at DeepSec 2014)
The IPv6 Snort Plugin (at DeepSec 2014)Martin Schütte
 

Más contenido relacionado

La actualidad más candente

Microsoft IT's IPv6 Killer App
Microsoft IT's IPv6 Killer AppMicrosoft IT's IPv6 Killer App
Microsoft IT's IPv6 Killer AppOliver Müller
 
Agile Networking with OpenStack
Agile Networking with OpenStack Agile Networking with OpenStack
Agile Networking with OpenStack openstackcisco
 
OpenStack Neutron IPv6 Lessons
OpenStack Neutron IPv6 LessonsOpenStack Neutron IPv6 Lessons
OpenStack Neutron IPv6 LessonsAkihiro Motoki
 
Is OpenStack Neutron production ready for large scale deployments?
Is OpenStack Neutron production ready for large scale deployments?Is OpenStack Neutron production ready for large scale deployments?
Is OpenStack Neutron production ready for large scale deployments?Елена Ежова
 
NTTドコモ様 導入事例 OpenStack Summit 2016 Barcelona 講演「Expanding and Deepening NTT D...
NTTドコモ様 導入事例 OpenStack Summit 2016 Barcelona 講演「Expanding and Deepening NTT D...NTTドコモ様 導入事例 OpenStack Summit 2016 Barcelona 講演「Expanding and Deepening NTT D...
NTTドコモ様 導入事例 OpenStack Summit 2016 Barcelona 講演「Expanding and Deepening NTT D...VirtualTech Japan Inc.
 
IPV6 - Threats and Countermeasures / Crash Course
IPV6 - Threats and Countermeasures / Crash CourseIPV6 - Threats and Countermeasures / Crash Course
IPV6 - Threats and Countermeasures / Crash CourseThierry Zoller
 
Henrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspectiveHenrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspectiveIKT-Norge
 
Unlock Your Cloud Potential with Mirantis OpenStack & Cumulus Linux
Unlock Your Cloud Potential with Mirantis OpenStack & Cumulus LinuxUnlock Your Cloud Potential with Mirantis OpenStack & Cumulus Linux
Unlock Your Cloud Potential with Mirantis OpenStack & Cumulus LinuxCumulus Networks
 
Eric Vyncke - Layer-2 security, ipv6 norway
Eric Vyncke - Layer-2 security, ipv6 norwayEric Vyncke - Layer-2 security, ipv6 norway
Eric Vyncke - Layer-2 security, ipv6 norwayIKT-Norge
 
DPDK Summit 2015 - Sprint - Arun Rajagopal
DPDK Summit 2015 - Sprint - Arun RajagopalDPDK Summit 2015 - Sprint - Arun Rajagopal
DPDK Summit 2015 - Sprint - Arun RajagopalJim St. Leger
 
Eric Vyncke - IPv6 security in general
Eric Vyncke - IPv6 security in generalEric Vyncke - IPv6 security in general
Eric Vyncke - IPv6 security in generalIKT-Norge
 
IPv6 Security - Myths and Reality
IPv6 Security - Myths and RealityIPv6 Security - Myths and Reality
IPv6 Security - Myths and RealitySwiss IPv6 Council
 
Implementing an IPv6 Enabled Environment for a Public Cloud Tenant
Implementing an IPv6 Enabled Environment for a Public Cloud TenantImplementing an IPv6 Enabled Environment for a Public Cloud Tenant
Implementing an IPv6 Enabled Environment for a Public Cloud TenantShixiong Shang
 
Deploying IPv6 in OpenStack Environments
Deploying IPv6 in OpenStack EnvironmentsDeploying IPv6 in OpenStack Environments
Deploying IPv6 in OpenStack EnvironmentsShannon McFarland
 
SDN - OpenFlow + OpenVSwitch + Quantum
SDN - OpenFlow + OpenVSwitch + QuantumSDN - OpenFlow + OpenVSwitch + Quantum
SDN - OpenFlow + OpenVSwitch + QuantumThe Linux Foundation
 
Cumulus networks - Overcoming traditional network limitations with open source
Cumulus networks - Overcoming traditional network limitations with open sourceCumulus networks - Overcoming traditional network limitations with open source
Cumulus networks - Overcoming traditional network limitations with open sourceNat Morris
 

La actualidad más candente (20)

Microsoft IT's IPv6 Killer App
Microsoft IT's IPv6 Killer AppMicrosoft IT's IPv6 Killer App
Microsoft IT's IPv6 Killer App
 
Agile Networking with OpenStack
Agile Networking with OpenStack Agile Networking with OpenStack
Agile Networking with OpenStack
 
OpenStack Neutron IPv6 Lessons
OpenStack Neutron IPv6 LessonsOpenStack Neutron IPv6 Lessons
OpenStack Neutron IPv6 Lessons
 
Is OpenStack Neutron production ready for large scale deployments?
Is OpenStack Neutron production ready for large scale deployments?Is OpenStack Neutron production ready for large scale deployments?
Is OpenStack Neutron production ready for large scale deployments?
 
NTTドコモ様 導入事例 OpenStack Summit 2016 Barcelona 講演「Expanding and Deepening NTT D...
NTTドコモ様 導入事例 OpenStack Summit 2016 Barcelona 講演「Expanding and Deepening NTT D...NTTドコモ様 導入事例 OpenStack Summit 2016 Barcelona 講演「Expanding and Deepening NTT D...
NTTドコモ様 導入事例 OpenStack Summit 2016 Barcelona 講演「Expanding and Deepening NTT D...
 
Introduction to SDN
Introduction to SDNIntroduction to SDN
Introduction to SDN
 
IPV6 - Threats and Countermeasures / Crash Course
IPV6 - Threats and Countermeasures / Crash CourseIPV6 - Threats and Countermeasures / Crash Course
IPV6 - Threats and Countermeasures / Crash Course
 
Introduction to SDN and NFV
Introduction to SDN and NFVIntroduction to SDN and NFV
Introduction to SDN and NFV
 
Henrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspectiveHenrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspective
 
Unlock Your Cloud Potential with Mirantis OpenStack & Cumulus Linux
Unlock Your Cloud Potential with Mirantis OpenStack & Cumulus LinuxUnlock Your Cloud Potential with Mirantis OpenStack & Cumulus Linux
Unlock Your Cloud Potential with Mirantis OpenStack & Cumulus Linux
 
Eric Vyncke - Layer-2 security, ipv6 norway
Eric Vyncke - Layer-2 security, ipv6 norwayEric Vyncke - Layer-2 security, ipv6 norway
Eric Vyncke - Layer-2 security, ipv6 norway
 
DPDK Summit 2015 - Sprint - Arun Rajagopal
DPDK Summit 2015 - Sprint - Arun RajagopalDPDK Summit 2015 - Sprint - Arun Rajagopal
DPDK Summit 2015 - Sprint - Arun Rajagopal
 
Eric Vyncke - IPv6 security in general
Eric Vyncke - IPv6 security in generalEric Vyncke - IPv6 security in general
Eric Vyncke - IPv6 security in general
 
IPv6 Security - Myths and Reality
IPv6 Security - Myths and RealityIPv6 Security - Myths and Reality
IPv6 Security - Myths and Reality
 
Implementing an IPv6 Enabled Environment for a Public Cloud Tenant
Implementing an IPv6 Enabled Environment for a Public Cloud TenantImplementing an IPv6 Enabled Environment for a Public Cloud Tenant
Implementing an IPv6 Enabled Environment for a Public Cloud Tenant
 
Deploying IPv6 in OpenStack Environments
Deploying IPv6 in OpenStack EnvironmentsDeploying IPv6 in OpenStack Environments
Deploying IPv6 in OpenStack Environments
 
SDN - OpenFlow + OpenVSwitch + Quantum
SDN - OpenFlow + OpenVSwitch + QuantumSDN - OpenFlow + OpenVSwitch + Quantum
SDN - OpenFlow + OpenVSwitch + Quantum
 
Cumulus networks - Overcoming traditional network limitations with open source
Cumulus networks - Overcoming traditional network limitations with open sourceCumulus networks - Overcoming traditional network limitations with open source
Cumulus networks - Overcoming traditional network limitations with open source
 
pps Matters
pps Matterspps Matters
pps Matters
 
Multicast in OpenStack Tips
Multicast in OpenStack TipsMulticast in OpenStack Tips
Multicast in OpenStack Tips
 

Similar a IPv6 Security und Hacking

Eric Vyncke - IPv6 Security Vendor Point of View
Eric Vyncke - IPv6 Security Vendor Point of ViewEric Vyncke - IPv6 Security Vendor Point of View
Eric Vyncke - IPv6 Security Vendor Point of ViewIPv6 Conference
 
The IPv6 Snort Plugin (at DeepSec 2014)
The IPv6 Snort Plugin (at DeepSec 2014)The IPv6 Snort Plugin (at DeepSec 2014)
The IPv6 Snort Plugin (at DeepSec 2014)Martin Schütte
 
Is IPv6 Security Still an Afterthought?
Is IPv6 Security Still an Afterthought?Is IPv6 Security Still an Afterthought?
Is IPv6 Security Still an Afterthought?APNIC
 
Getting started with IPv6
Getting started with IPv6Getting started with IPv6
Getting started with IPv6Private
 
SREcon Europe 2016 - Full-mesh IPsec network at Hosted Graphite
SREcon Europe 2016 - Full-mesh IPsec network at Hosted GraphiteSREcon Europe 2016 - Full-mesh IPsec network at Hosted Graphite
SREcon Europe 2016 - Full-mesh IPsec network at Hosted GraphiteHostedGraphite
 
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...ir. Carmelo Zaccone
 
Zaccone Carmelo - IPv6 and security from a user’s point of view
Zaccone Carmelo - IPv6 and security from a user’s point of view Zaccone Carmelo - IPv6 and security from a user’s point of view
Zaccone Carmelo - IPv6 and security from a user’s point of view IPv6 Conference
 
Successfully Deploying IPv6
Successfully Deploying IPv6Successfully Deploying IPv6
Successfully Deploying IPv6Zivaro Inc
 
Ipv6 Security with Mikrotik RouterOS by Wardner Maia
Ipv6 Security with Mikrotik RouterOS by Wardner MaiaIpv6 Security with Mikrotik RouterOS by Wardner Maia
Ipv6 Security with Mikrotik RouterOS by Wardner MaiaWardner Maia
 
PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...
PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...
PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...PROIDEA
 
IPv6 Security - Hacker Halted 2013
IPv6 Security - Hacker Halted 2013IPv6 Security - Hacker Halted 2013
IPv6 Security - Hacker Halted 2013Zivaro Inc
 
OpenStack Havana over IPv6
OpenStack Havana over IPv6OpenStack Havana over IPv6
OpenStack Havana over IPv6Shixiong Shang
 
IPv6 and IP Multicast… better together?
IPv6 and IP Multicast… better together?IPv6 and IP Multicast… better together?
IPv6 and IP Multicast… better together?Steve Simlo
 
Fernando Gont - The Hack Summit 2021 - State of the Art in IPv6 Security
Fernando Gont - The Hack Summit 2021 - State of the Art in IPv6 SecurityFernando Gont - The Hack Summit 2021 - State of the Art in IPv6 Security
Fernando Gont - The Hack Summit 2021 - State of the Art in IPv6 SecurityEdgeUno
 
Fb i pv6-sparchimanv1.0
Fb i pv6-sparchimanv1.0Fb i pv6-sparchimanv1.0
Fb i pv6-sparchimanv1.0Fred Bovy
 
Insider Threat Visualization - HackInTheBox 2007
Insider Threat Visualization - HackInTheBox 2007Insider Threat Visualization - HackInTheBox 2007
Insider Threat Visualization - HackInTheBox 2007Raffael Marty
 
All about routers
All about routersAll about routers
All about routersagwanna
 

Similar a IPv6 Security und Hacking (20)

Eric Vyncke - IPv6 Security Vendor Point of View
Eric Vyncke - IPv6 Security Vendor Point of ViewEric Vyncke - IPv6 Security Vendor Point of View
Eric Vyncke - IPv6 Security Vendor Point of View
 
The IPv6 Snort Plugin (at DeepSec 2014)
The IPv6 Snort Plugin (at DeepSec 2014)The IPv6 Snort Plugin (at DeepSec 2014)
The IPv6 Snort Plugin (at DeepSec 2014)
 
Is IPv6 Security Still an Afterthought?
Is IPv6 Security Still an Afterthought?Is IPv6 Security Still an Afterthought?
Is IPv6 Security Still an Afterthought?
 
Tech f42
Tech f42Tech f42
Tech f42
 
Getting started with IPv6
Getting started with IPv6Getting started with IPv6
Getting started with IPv6
 
SREcon Europe 2016 - Full-mesh IPsec network at Hosted Graphite
SREcon Europe 2016 - Full-mesh IPsec network at Hosted GraphiteSREcon Europe 2016 - Full-mesh IPsec network at Hosted Graphite
SREcon Europe 2016 - Full-mesh IPsec network at Hosted Graphite
 
Fedv6tf-fhs
Fedv6tf-fhsFedv6tf-fhs
Fedv6tf-fhs
 
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...
 
Zaccone Carmelo - IPv6 and security from a user’s point of view
Zaccone Carmelo - IPv6 and security from a user’s point of view Zaccone Carmelo - IPv6 and security from a user’s point of view
Zaccone Carmelo - IPv6 and security from a user’s point of view
 
Successfully Deploying IPv6
Successfully Deploying IPv6Successfully Deploying IPv6
Successfully Deploying IPv6
 
Ipv6 Security with Mikrotik RouterOS by Wardner Maia
Ipv6 Security with Mikrotik RouterOS by Wardner MaiaIpv6 Security with Mikrotik RouterOS by Wardner Maia
Ipv6 Security with Mikrotik RouterOS by Wardner Maia
 
PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...
PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...
PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...
 
IPv6 Security - Hacker Halted 2013
IPv6 Security - Hacker Halted 2013IPv6 Security - Hacker Halted 2013
IPv6 Security - Hacker Halted 2013
 
OpenStack Havana over IPv6
OpenStack Havana over IPv6OpenStack Havana over IPv6
OpenStack Havana over IPv6
 
IPv6 and IP Multicast… better together?
IPv6 and IP Multicast… better together?IPv6 and IP Multicast… better together?
IPv6 and IP Multicast… better together?
 
Fernando Gont - The Hack Summit 2021 - State of the Art in IPv6 Security
Fernando Gont - The Hack Summit 2021 - State of the Art in IPv6 SecurityFernando Gont - The Hack Summit 2021 - State of the Art in IPv6 Security
Fernando Gont - The Hack Summit 2021 - State of the Art in IPv6 Security
 
Fb i pv6-sparchimanv1.0
Fb i pv6-sparchimanv1.0Fb i pv6-sparchimanv1.0
Fb i pv6-sparchimanv1.0
 
Insider Threat Visualization - HackInTheBox 2007
Insider Threat Visualization - HackInTheBox 2007Insider Threat Visualization - HackInTheBox 2007
Insider Threat Visualization - HackInTheBox 2007
 
All about routers
All about routersAll about routers
All about routers
 
10 fn s05
10 fn s0510 fn s05
10 fn s05
 

Más de Swiss IPv6 Council

Intro Swiss IPv6 Council Event, 24. März 2014
Intro Swiss IPv6 Council Event, 24. März 2014Intro Swiss IPv6 Council Event, 24. März 2014
Intro Swiss IPv6 Council Event, 24. März 2014Swiss IPv6 Council
 
IPv6 Integration im Datacenter - wie komplex ist es wirklich?
IPv6 Integration im Datacenter - wie komplex ist es wirklich?IPv6 Integration im Datacenter - wie komplex ist es wirklich?
IPv6 Integration im Datacenter - wie komplex ist es wirklich?Swiss IPv6 Council
 
Dual-Stack IPv6 Monitoring bei AWK - Member Anlass Swiss IPv6 Council Nov 2013
Dual-Stack IPv6 Monitoring bei AWK - Member Anlass Swiss IPv6 Council Nov 2013Dual-Stack IPv6 Monitoring bei AWK - Member Anlass Swiss IPv6 Council Nov 2013
Dual-Stack IPv6 Monitoring bei AWK - Member Anlass Swiss IPv6 Council Nov 2013Swiss IPv6 Council
 
IPv6 bei PostFinance AG - Erste Erkenntnisse aus der Vorstudie
IPv6 bei PostFinance AG - Erste Erkenntnisse aus der VorstudieIPv6 bei PostFinance AG - Erste Erkenntnisse aus der Vorstudie
IPv6 bei PostFinance AG - Erste Erkenntnisse aus der VorstudieSwiss IPv6 Council
 
IPv6 bei der Post - Step by Step zu IPv6
IPv6 bei der Post - Step by Step zu IPv6IPv6 bei der Post - Step by Step zu IPv6
IPv6 bei der Post - Step by Step zu IPv6Swiss IPv6 Council
 
SIG IPv6 Provider "IPv6 Ready"
SIG IPv6 Provider "IPv6 Ready"SIG IPv6 Provider "IPv6 Ready"
SIG IPv6 Provider "IPv6 Ready"Swiss IPv6 Council
 
Dos And Donts Of IPv6 Transition
Dos And Donts Of IPv6 TransitionDos And Donts Of IPv6 Transition
Dos And Donts Of IPv6 TransitionSwiss IPv6 Council
 
Members geneva dos and donts of transition silvia hagen
Members geneva dos and donts of transition silvia hagen Members geneva dos and donts of transition silvia hagen
Members geneva dos and donts of transition silvia hagen Swiss IPv6 Council
 
IPv6 solutions for an easy implementation
IPv6 solutions for an easy implementationIPv6 solutions for an easy implementation
IPv6 solutions for an easy implementationSwiss IPv6 Council
 
IPv6 Adoption --- Acceleration
IPv6 Adoption --- AccelerationIPv6 Adoption --- Acceleration
IPv6 Adoption --- AccelerationSwiss IPv6 Council
 
Network Neutrality - What's At Stake
Network Neutrality - What's At StakeNetwork Neutrality - What's At Stake
Network Neutrality - What's At StakeSwiss IPv6 Council
 

Más de Swiss IPv6 Council (14)

Intro Swiss IPv6 Council Event, 24. März 2014
Intro Swiss IPv6 Council Event, 24. März 2014Intro Swiss IPv6 Council Event, 24. März 2014
Intro Swiss IPv6 Council Event, 24. März 2014
 
IPv6 Integration im Datacenter - wie komplex ist es wirklich?
IPv6 Integration im Datacenter - wie komplex ist es wirklich?IPv6 Integration im Datacenter - wie komplex ist es wirklich?
IPv6 Integration im Datacenter - wie komplex ist es wirklich?
 
Dual-Stack IPv6 Monitoring bei AWK - Member Anlass Swiss IPv6 Council Nov 2013
Dual-Stack IPv6 Monitoring bei AWK - Member Anlass Swiss IPv6 Council Nov 2013Dual-Stack IPv6 Monitoring bei AWK - Member Anlass Swiss IPv6 Council Nov 2013
Dual-Stack IPv6 Monitoring bei AWK - Member Anlass Swiss IPv6 Council Nov 2013
 
IPv6 bei PostFinance AG - Erste Erkenntnisse aus der Vorstudie
IPv6 bei PostFinance AG - Erste Erkenntnisse aus der VorstudieIPv6 bei PostFinance AG - Erste Erkenntnisse aus der Vorstudie
IPv6 bei PostFinance AG - Erste Erkenntnisse aus der Vorstudie
 
IPv6 bei der Post - Step by Step zu IPv6
IPv6 bei der Post - Step by Step zu IPv6IPv6 bei der Post - Step by Step zu IPv6
IPv6 bei der Post - Step by Step zu IPv6
 
SIG IPv6 Provider "IPv6 Ready"
SIG IPv6 Provider "IPv6 Ready"SIG IPv6 Provider "IPv6 Ready"
SIG IPv6 Provider "IPv6 Ready"
 
Dos And Donts Of IPv6 Transition
Dos And Donts Of IPv6 TransitionDos And Donts Of IPv6 Transition
Dos And Donts Of IPv6 Transition
 
Members geneva dos and donts of transition silvia hagen
Members geneva dos and donts of transition silvia hagen Members geneva dos and donts of transition silvia hagen
Members geneva dos and donts of transition silvia hagen
 
IPv6 solutions for an easy implementation
IPv6 solutions for an easy implementationIPv6 solutions for an easy implementation
IPv6 solutions for an easy implementation
 
IPv6 Adoption --- Acceleration
IPv6 Adoption --- AccelerationIPv6 Adoption --- Acceleration
IPv6 Adoption --- Acceleration
 
IPv6 Transition
IPv6 TransitionIPv6 Transition
IPv6 Transition
 
Network Neutrality - What's At Stake
Network Neutrality - What's At StakeNetwork Neutrality - What's At Stake
Network Neutrality - What's At Stake
 
LISP Update
LISP UpdateLISP Update
LISP Update
 
IPv6 Enterprise Planning
IPv6 Enterprise PlanningIPv6 Enterprise Planning
IPv6 Enterprise Planning
 

Último

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 

Último (20)

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 

IPv6 Security und Hacking

  • 1. IPv6 Security & Hacking Swiss IPv6 Council Tech-Event Frank Herberg frank.herberg@switch.ch Zürich, 25.3.2013 v1.2
  • 2. Die nächsten 60 Minuten •  Aspekte von IPv6-Security •  Hackertools & ein paar Angriffsszenarien •  3 Empfehlungen © 2013 SWITCH 2
  • 3. Quiz: Was ist die relevante Fragestellung? ✗ q  a) Ist IPv6 sicherer als IPv4? ✗ q  b) Ist IPv6 unsicherer als IPv4? ✗ q  c) Wer ist an allem Schuld? ✓ q  d) Wie wirkt sich die Integration von IPv6 in meine Organisation auf deren IT-Sicherheit aus? © 2013 SWITCH 3
  • 4. Quiz: Was ist die relevante Fragestellung? Und warum? ✓ q  Wie wirkt sich die Integration von IPv6 in meine Organisation auf deren IT-Sicherheit aus? è  IPv6 kommt zusätzlich zu IPv4 ins Haus è  IPv6-Integration bringt vieles in Bewegung è  Ableiten von Massnahmen um akzeptables Sicherheitsniveau zu gewährleisten © 2013 SWITCH 4
  • 5. Ziel: Sicherheitsniveau aufrecht erhalten Value of Security Risk assets level IT-Security Strategy © 2013 SWITCH 5
  • 6. Dual Stack IPv6 IPv4 Managed Monitored Defined ?? ?? Filtered Secured maybe not Well known at all known © 2013 SWITCH 6
  • 7. Mehr Komplexität durch mehrere IP- Adressen pro Interface IPv4 traffic 173.194.32.119 link local IPv6 traffic fe80::3e07:54ff:fe5d:abcd 2001:610::41:3e07:54ff:fe5d:abcd* global IPv6 traffic 2001:610::41:65d2:e7eb:d16b:a761** è privacy issue global IPv6 traffic è traceability issue * Interface Identifier derived from MAC è the same all over the world ** Privacy Extensions: random / temporary IP address © 2013 SWITCH 7
  • 8. Unvorhersehbare Quell-Adresswahl bei Dual-Stack durch Happy Eyeballs 173.194.32.119 Monitoring, fe80::3e07:54ff:fe5d:abcd Traceability, 2001:610::41:3e07:54ff:fe5d:abcd Session Hijacking 2001:610::41:65d2:e7eb:d16b:a761 Prevention 2 Mechanismen für Adresswahl: •  Default Address Selection RFC 6724 (2012) è "prefer IPv6" •  Happy Eyeballs RFC 6555 (2012), Application level è "prefer 'better' user experience" (faster response) © 2013 SWITCH 8
  • 9. IPv6 Adress-Notation ist nicht eindeutig fe80:0000:0000:0000:0204:61ab:fe9d:f156 // full form fe80:0:0:0:204:61ab:fe9d:f156 // drop leading zeroes fe80::204:61ab:fe9d:f156 // collapse multiple zeroes to :: fe80::204:61ab:254.157.241.86 // dotted quad at the end, multiple zeroes collapsed è  filtern & suchen wird schwieriger è  z.B. Logfile|grep, queries è  selbstgeschriebene Skripte © 2013 SWITCH 9
  • 10. Extension Header & Security IPv6-Header TCP- DATA Next Header = 6 Header … (TCP) IPv6-Header Routing-Hdr. Frgmnt-Hdr. TCP- DATA Next Header = 43 Next Header = 44 Next Header = 6 Header … (Routing) (Fragment) (TCP) Die Grösse des IPv6-Header ist fix (40 Byte) è Für Optionen werden Extension Header angehängt •  Beliebig viele EH können verkettet werden alles •  EH können beliebig viele Optionen enthalten willkommene Einladungen •  EH haben verschiedene Formate für Hacker •  Reihenfolge ist nicht festgelegt (nur empfohlen) © 2013 SWITCH 10
  • 11. Extension Header Attacken •  Angreifer sendet Pakete mit •  vielen EH •  EH mit vielen Optionen •  ungültigen EH oder Optionen (Fuzzing) •  EH in denen Informationen versteckt sind (Covert Channel) •  sehr viele Pakete mit Router-Alert-Option •  Umgehen von Security-Einrichtungen z.B. im Switch RA- Guard, Angriff auf das Endsystem (Robustheit der Implementierung), auf Router (beschäftigen) © 2013 SWITCH 11
  • 12. ICMPv6 ist viel umfangreicher Error-Messages (1-127) 1:Destination Unreachable 2:Packet too big (PMTUD) 3:Time Exceeded (Hop Limit) 4:Parameter Problem ICMP kann nicht Info-Messages (Ping) mehr so einfach 128:Echo Request 129:Echo Reply gefiltert werden siehe RFC 4890 (38 Multicast Listener Discovery (MLD, MLD2) Seiten) 130:Multicast Listener Query 131/143:Multicast Listener Report/2 132:Multicast Listener Done Neighbor Discovery (NDP), Stateless neue Angriffsvektoren Autoconfiguration (SLAAC) (lokal, remote) 133:Router Solicitation 134:Router Advertisement ein paar Beispiele 135:Neighbor Solicitation (DAD) 136:Neighbor Advertisement (DAD) 137:Redirect Message siehe unten Other (Router Renumbering, Mobile IPv6, Inverse NS/ NA,…) 138-153 © 2013 SWITCH 12
  • 13. Geringere Reife im Design... •  Parts of IPv6 are still "Development in Progress" •  Examples: RFC 6564: April 2012 "A Uniform Format for IPv6 Extension Headers" RFC 6555: April 2012 "Happy Eyeballs: Success with Dual-Stack Hosts" RFC 6724: September 2012 "Default Address Selection for IPv6" © 2013 SWITCH 13
  • 14. ... und in den Implementierungen (insbesondere bei Security Devices) know what •  Common effects you need •  Required Features are not yet implemented •  You will have to wait for it watch out •  Performance isn't ensured •  Things are probably not (yet) hardware accelerated •  Stability isn't guaranteed be prepared •  You will have to deal with frequent updates © 2013 SWITCH 14
  • 15. Aktuelles Beispiel: "Remote system freeze thanks to Kaspersky Internet Security 2013" a fragmented packet with one large extension header leads to a complete freeze of the operating system...! © 2013 SWITCH 15
  • 16. Was sonst noch... •  IDS/IPS, Network-Monitoring, Service-Monitoring, etc. must be upgraded for IPv6 •  IPv4-based ACLs! (ssh-Access, DB-Access, you name it) •  IP Reputation based protection does not (yet) exist (IPv6 blacklists) •  Tunnel can be autoconfigured, can bypass IPv4- Firewalls (Protocol type 41, UDP) & NAT (Teredo, UDP) •  ... © 2013 SWITCH 16
  • 17. Wenig Know-how und Erfahrungen •  Little or no Know-how compared to IPv4 •  Network-Staff, Sysadmins, Security-Staff •  Management, (1st-Level-)Support •  Learning IPv6 needs •  time •  free resources •  practical experience •  leads to mistakes in the beginning © 2013 SWITCH 17
  • 18. Neue Angriffe – neue Hackertools •  The Hackers Choice IPv6 Attack Toolkit ca. 50 Tools, M. Heuse und andere http://thc.org/thc-ipv6/ •  SI6 Networks IPv6 Toolkit ca. 12 Tools, F. Gont http://www.si6networks.com/tools/ipv6toolkit/ è erproben neue Angriffsvektoren è zeigen Schwachstellen im Design è  oder der Implementierung (auch zum Testen!) è  können missbraucht werden © 2013 SWITCH 18
  • 19. THC IPv6 Attack Toolkit (thc.org) •  Last update 2013-01-21 •  Current public version: v2.1 •  GPLv3 applies to this code •  This tool is for legal purposes only! © 2013 SWITCH 19
  • 20. SLAAC Step 1: generating link-local addr. R1 A MAC: 3c:07:54:5d:40:66 B C Generate a link local address (FE80), from MAC address state: tentative Send NeighSolicit for DupAddrDetect (:: => Solicited-Node multicast addr) Either receive a NeighAdvert to show an address conflict: stop autoconfig or change state of link local address to: preferred fe80::3e07:54ff:fe5d:4066 © 2013 SWITCH 20
  • 21. SLAAC Step 2: generating global addresses R1 A fe80::3e07:54ff:fe5d:4066 3c:07:54:5d:40:66 B C Send RS to All-Router-Multicast-Address (ff02::2) RA: Prefix is "2001:620:0:49::" Default Router Address is fe80... If RA received: generate global routable address(es) from received prefix(es) Send NS for DAD (:: => Solicited-Node multicast addr) Either receive a NA to show an address conflict: don't use address or configure Global Address(es) 2001:620:0:49:3e07:54ff:fe5d:4066, default router address(es) and other parameter (DNS) © 2013 SWITCH 21
  • 22. Rogue Router Advertisement Principle I am your Default Router! R1 A C B Attacker sends Router Advertisements nodes configure IPv6 according to spoofed RA: IPv6 addresses & Default Router © 2013 SWITCH 22
  • 23. Rogue RA – Denial of Service BLOCK R1 A B B Default Router All traffic sent to Attacker ends up in a black hole © 2013 SWITCH 23
  • 24. Rogue RA – Man in the Middle Attack FORWARD R1 A B B Default Router Attacker can intercept, listen, modify unprotected data © 2013 SWITCH 24
  • 25. Rogue RA – Performance Issue WLAN R1 A B B Default Router Attacker becomes a bottleneck Often not an attack but misconfigured client © 2013 SWITCH 25
  • 26. Rogue RA Attacking Tool fake_router6 / fake_router26 Announce yourself as a router and try to become the default router. If a non-existing link-local or mac address is supplied, this results in a DOS. Example: fake_router6 eth0 2004::/48 © 2013 SWITCH 26
  • 27. Rogue RA Scenarios •  Local Attacker with thc-tools installed •  Remote Attacker who successfully compromised a node on the network segment (DMZ) •  Misconfiguration! User "accidentally" transmits RAs onto the local link. •  E.g. Windows ICS (Internet Connection Sharing) è Accidental Rogue RA incidents are likely. © 2013 SWITCH 27
  • 28. Router Lifetime 0 Attack Wann sendet ein Router RAs mit "Router Lifetime" = 0? © 2013 SWITCH 28
  • 29. Router Lifetime 0 Attack R1 is down (Router lifetime = 0) R1 A B B R1 sends legitimate RAs Attacker clones RAs but with Lifetime = 0 Remove legitimate router from routing table © 2013 SWITCH 29
  • 30. Router Lifetime 0 Attack kill_router6 eth0 ‘fe80::219:7ff:feeb:f80’! ! Starting to send router kill entries for fe80::219:7ff:feeb:f80 (Press Control-C to end)...! ! ! ! Option -H adds hop-by-hop, -F fragmentation header and -D dst header to bypass RA guard. ! © 2013 SWITCH 30
  • 31. Router Lifetime 0 Attack kill_router6 eth0 ‘fe80::219:7ff:feeb:f80’! Starting to send router kill entries for fe80::219:7ff:feeb:f80 (Press Control-C to end)... ! © 2013 SWITCH 31
  • 32. Router Advertisement Flooding 2004:: is a prefix 2005:: is a prefix 2006:: is a prefix 2007:: is a prefix… R1 A B C Attacker floods LAN with Router Advertisements © 2013 SWITCH 32
  • 33. Router Advertisement Flooding flood_router6, flood_router26 Flood the local network with router advertisements. Each packet contains 17 prefix and route entries (only Version _26) -F/-D/-H add fragment/destination/hop-by-hop header to bypass RA guard security. Syntax: flood_router6 [-HFD] interface Example: flood_router6 eth0 © 2013 SWITCH 33
  • 34. RA Flooding Effect on Win7 © 2013 SWITCH 34
  • 35. Some RA Flooding Facts •  Nodes will stall or crash: •  Windows XP,Vista,7,8,200x Server •  Free/Net/Open-BSD - depends on version •  OS X •  Juniper •  Android phones, iPads,... slow down or freeze •  Save: •  Cisco IOS & ASA - is fixed* •  Linux has a limit of 16 IPv6 addresses incl. link local (not attackable) © 2013 SWITCH 35
  • 36. An "IPv6 readiness update" is available for Windows 7 and for Windows Server 2008 R2 (Nov. 2012) http://support.microsoft.com/kb/2750841/en •  Only for Win7 and 2008 R2 •  Limits no of prefixes to 100 •  a patched machine still freezes totally during the attack, but recovers quickly when it stops © 2013 SWITCH 36
  • 37. Fazit zu Rogue Router Advertisements •  Everybody on the local network can •  add IPs, delete / change default router •  DOS network •  do a MITM attack •  decrease Network-Performance •  decrease System-Performance •  crash Systems •  !! Autoconf. IPv6 in IPv4-only network = open 2nd door Consider Mitigation ;-) è RFC 6104 © 2013 SWITCH 37
  • 38. Duplicate Address Detection - DOS sorry, I have I want to use this address this IPv6 already address A B C A sends NS for DAD (to Solicited Node Multicast Address) Attacker sends NA for each NS A can't configure any IPv6 address © 2013 SWITCH 38
  • 39. Duplicate Address Detection - DOS © 2013 SWITCH 39
  • 40. Some DAD-DOS Observations •  Linux configures link local address (!) and tries every 30 seconds to configure a Global Unicast Address. •  XP tries a few times – also with different random addresses, and then quits •  Win7 tries a few times and then quits - might show popup "Windows has detected an IP address conflict" è works also for DHCPv6 and manual config! è Switch "MLD Snooping" © 2013 SWITCH 40
  • 41. Some other Attacks •  Attacks with MLD (fake/flood) •  NA Spoofing (wie ARP) •  Neighbor Cache Exhaustion Attack (Scanning) •  Redirect Spoofing (wie gehabt) •  Attacks with DHCPv6 (wie gehabt) •  DNS dictionary / IP Pattern-scan (Reconnaissance) •  .... © 2013 SWITCH 41
  • 42. Fazit: Wie wirkt IPv6-Integration auf IT- Security einer Organisation? •  Higher complexity (protocol and network) •  Lower maturity (especially security devices) Security level •  Less Know-how •  New / more Attack vectors •  Less visibility (monitoring) •  Already active in "IPv4-only" net •  A lot of changes (also means new opportunities) © 2013 SWITCH 42
  • 43. How to decrease the Security of an IPv6 deployment? "It's hard enough to deploy IPv6, let's deal with the Security stuff afterwards!" © 2013 SWITCH 43
  • 44. How to improve the Security of an IPv6 deployment? – It's simple! 0. Secure existing Operations è IPv6 is already there! (Autoconf., Tunnel è Monitoring, 2nd door ACLs, FW Tunnel traffic) 1. Understand IPv6 before you deploy it! è Start early – start small – take your time! 2. Synchronise deployment with the readiness of your Security equipment! è Have a plan - which involves Security! © 2013 SWITCH 44
  • 45. frank.herberg@switch.ch http://securityblog.switch.ch/ http://switch.ch/securitytraining © 2013 SWITCH 45
  • 47. Zum Lesen • Scott Hogg / Eric Vyncke: "IPv6-Security" Cisco Press • NIST - Guidelines for the Secure Deployment of IPv6 http://csrc.nist.gov/publications/nistpubs/800-119/sp800-119.pdf • Mailing List ipv6hackers http://lists.si6networks.com/listinfo/ipv6hackers © 2013 SWITCH 47
  • 48. Get & Install THC IPv6 Attack tools •  Download thc-ipv6-[Version].tar.gz from thc.org •  Required: Linux 2.6 or higher •  Install sudo apt-get install libssl-dev libpcap-dev! tar -xzf thc-ipv6-n.n.tar.gz ! cd thc-ipv6-n.n/! make! sudo make install! make clean! ! •  Run as root! •  Also to test implementations in your Lab! © 2013 SWITCH 48