Due to the exhaustion of IPv4 free address space, the use of IPv6 on the Internet is gradually increasing. All Windows operating systems since Windows Vista have IPv6 enabled by default. IPv6 brings a series of improvements compared to IPV4, but these improvements are also put a double-edged sword.
Recently, we have been focusing on "IPv6" attack research and found that in the IPV6 environment, there are many attack points, such as Iptables will fail, use IPV6 to bypass the Web defense strategy and abuse IPV6-specific protocols for man-in-the-middle attacks, and Other attack ideas!
In this speech, I will disclose the attack methods and ideas I have found for IPV6, and will also release tools for IPV6 attacks.
World IPv6 capability and preference
The current growth rate is getting faster recently.
IPv6 statistics of Google
So many users that access Google over IPv6.
The data of this image is collected by Google.
OS IPv6 Ready Version Memo
Windows XP+ * IPv6 on XP is not installed by default.
macOS OSX 10.7+(Lion)
Comparison of IPv6 support in operating systems
Modern systems already support IPv6.
What changed in IPv6 mainly?
ARP was replaced by NDP(Neighbor Discovery Protocol)
Larger address space
Internet Protocol Security (IPSec) part
IP header (No header length, no IPID, no checksum …)
ARP & NDP
- ARP (IPv4):
Q: Who is 10.64.116.98?
A: I am. My MAC is 00-17-FC-6B-61-34.
- NDP/ICMPv6 (IPv6):
A larger address space
4, 294, 967, 296 addresses.
Internet Protocol Security (IPSec)
Attack the gateway (Flooding)
1. DHCPv6 Type
2. SLAAC Type
A. limit the number of addresses that each MAC can request
B. limit the number of MAC that each port of a switch can serve
- A unique IP address makes it easier for servers to correlate requests and real users.
- Even data is encrypted, metadata will leak things.
- Privacy extensions for IPv6 (RFC 4941)
- Maybe it’s still not enough…
Tools for IPv6 are becoming more and more powerful
- ipv6-toolkit (SI6 Networks):
mitm6: Compromising IPv4 via IPv6
reply to DHCPv6
provide a link-local
Take over DNS
IPv6 DNS server
will be used
Use a fake