Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

[CB19] New threats are already around you, the IPV6 attack must be understood by Jie Fu, KunZhe Chai, YongTao Wang


Published on

Due to the exhaustion of IPv4 free address space, the use of IPv6 on the Internet is gradually increasing. All Windows operating systems since Windows Vista have IPv6 enabled by default. IPv6 brings a series of improvements compared to IPV4, but these improvements are also put a double-edged sword.
Recently, we have been focusing on "IPv6" attack research and found that in the IPV6 environment, there are many attack points, such as Iptables will fail, use IPV6 to bypass the Web defense strategy and abuse IPV6-specific protocols for man-in-the-middle attacks, and Other attack ideas!
In this speech, I will disclose the attack methods and ideas I have found for IPV6, and will also release tools for IPV6 attacks.

  • Login to see the comments

  • Be the first to like this

[CB19] New threats are already around you, the IPV6 attack must be understood by Jie Fu, KunZhe Chai, YongTao Wang

  1. 1. J i n g l u n L i , S e c u r i t y R e s e a r c h e r @ B C M S o c i a l C o r p . New threat are already around you the IPv6 attack must be understood h t t p s : / / c y b e r w e e k . a e
  2. 2. 2 State of IPv6 deployment
  3. 3. World IPv6 capability and preference 3 The current growth rate is getting faster recently.
  4. 4. IPv6 statistics of Google 4 So many users that access Google over IPv6. The data of this image is collected by Google.
  5. 5. OS IPv6 Ready Version Memo Android 5.0+ iOS 4.1+ Windows XP+ * IPv6 on XP is not installed by default. macOS OSX 10.7+(Lion) Ubuntu All Debian 3.0+ Comparison of IPv6 support in operating systems 5 Modern systems already support IPv6.
  6. 6. 6 What changed in IPv6 mainly? ARP was replaced by NDP(Neighbor Discovery Protocol) Larger address space Internet Protocol Security (IPSec) part IP header (No header length, no IPID, no checksum …) …
  7. 7. 7 ARP & NDP - ARP (IPv4): Q: Who is A: I am. My MAC is 00-17-FC-6B-61-34. - NDP/ICMPv6 (IPv6):
  8. 8. 8 A larger address space - IPv4: 32-bit 4, 294, 967, 296 addresses. - IPv6: 128-bit 340,282,366,920,938,463,463,374,607,431,768,211,456 addresses.
  9. 9. 9 Internet Protocol Security (IPSec) IPSec Tunnel
  10. 10. 10 Problems of IPv6
  11. 11. 11 NAT IPv4 NAT
  12. 12. 12 ARP Spoofing disappeared? Not really. IPv4 ARP Spoofing
  13. 13. 13 NDP neighbor spoofing
  14. 14. 14 Attack the gateway (Flooding) - Attack: 1. DHCPv6 Type 2. SLAAC Type - Solve: A. limit the number of addresses that each MAC can request B. limit the number of MAC that each port of a switch can serve
  15. 15. 15 Privacy problem - A unique IP address makes it easier for servers to correlate requests and real users. - Even data is encrypted, metadata will leak things. - Privacy extensions for IPv6 (RFC 4941) - Maybe it’s still not enough…
  16. 16. 16 Tools for IPv6 are becoming more and more powerful - ping6 - nmap - ipv6-toolkit (SI6 Networks):
  17. 17. 17 mitm6: Compromising IPv4 via IPv6  reply to DHCPv6 messages  provide a link-local IPv6 address Take over DNS  IPv6 DNS server will be used DNS spoofing  Use a fake WPAD.DAT file WPAD exploit  NTLM relay Fake proxy
  18. 18. 18 iptables & ip6tables
  19. 19. Other ways to access localhost 19
  20. 20. 20 A long way to go …
  21. 21. 21 Thank you