Assessing and Pen-Testing IPv6 Networks by Rick Hayes
Video of “Assessing and Pen-Testing IPv6 Networks” by Rick Hayes (Outerz0ne 7):
- ICMPv6:
- Multicast Listener Discovery (MLD)
- replaces IGMP
- multicast addresses:
http://en.wikipedia.org/wiki/Multicast_address#IPv6
- Neighbor Discovery (ND)
- duplicate address detection
- finds neighbor routers
- keeps track of neighbors
- 5 ICMPv6 packet types:
- router solicitation (who’s the router?)
- router advertisments (I’m the router)
- neighbor solicitation (who are my neighbors?)
- neighbor advertisments (I’m a neighbor)
- redirect
- Multicast Listener Discovery (MLD)
- IPv6 reconnaissance
- sweeping: not feasable
- discovery: DNS
- tools: e.g. nmap, metasploit, ncat, nc6, socat (e.g. for tunneling)
- THC IPv6 Attack Toolkit:
- alive6
- detect-new-ip6
- sendpees6
- thcping6
- trac6
- commercial tools: not all parts of the suites support IPv6
- exploitation:
- THC:
- parasite6
- dnsdict6
- fake_router6
- redir6
- exploit6
- fuzz_ip6
- implementation6/6d
- fake_mld26
- fake_mldrouter6
- fake_mipv6
- fake_advertiser6
- smurf6
- rsmurf6
- THC:
- conclusions:
- most organizations have hidden IPv6 traffic running across their network
- most don’t even know it, or consider it useless
- most modern OS’ have it enabled and set to auto configure by deafult
- IPv4 tools and devices are not looking for IPv6 traffic