IPv6 and security: news from the front – September

Published articles

Gérôme Dieu published an infographic on the Orange Security blog: IPv6: Are you ready for a risk-free transition?. It presents some figures and dates, as well as "5 security issues to keep in mind during the transition".

An article was published on the blog Un informático en el lado del mal: Security capabilities and network attacks in IPv4/IPv6. The detection capability of IPv4 and IPv6 man-in-the-middle (MITM) attacks by six endpoint security solutions was evaluated (NOD32 Smart Security 6, MARMITA 1.3, etc.). Only three solutions detected the IPv4 attack (ARP spoofing), and none detected the IPv6 attack (NDP spoofing).

A white paper was published on the Eleven Paths blog: White Paper: Practical hacking in IPv6 networks with Evil FOCA. He describes in considerable detail a MITM attack using NAT64/DNS64 that can be implemented with the Evil Foca tool. white paper It starts by explaining the basics of IPv6, then some concepts, and ends with an explanation of how the attack works.

Conferences

Enno Rey, Christopher Werny and Stefan Schwalb gave a presentation at the conference IPv6 Hackers : IPv6 Capabilities of Commercial Security Components. THE slides They present in particular the results of tests they carried out on Cisco ASA 5505, Check Point Gaia R76 and Juniper SSG-5 products: comparison of IPv4 and IPv6 performance and study of resistance to various IPv6 attacks.

Oliver Eggert gave a presentation at the IPv6 Hackers conference: testing your IPv6-firewall with ft6. He presented a tool for testing the filtering capabilities of an IPv6 firewall: ft6. It is available here.

Eldad Zack gave a presentation at the IPv6 Hackers conference: Firewall Security Assessment and Benchmarking IPv6 Firewall Load Tests. THE slides present the results of performance tests on the Checkpoint Firewall CP2210 and Juniper J2320 Service Router products: throughput measurement with IPv4 traffic, with IPv6 traffic, with IPv4 and IPv6 traffic, with IPv6 traffic including EH, etc.

Marc Heuse gave a presentation at the IPv6 Hackers conference: THC-IPV6 News. He presented the THC-IPv6 suite of tools: available tools, how to perform injection with the 802.1q, 6in4 or PPPoE protocols, the improvements that the future version will bring, etc.

Fernando Gont gave a presentation at the IPv6 Hackers conference: IPv6 Toolkit News. He presented the improvements that the future version of IPv6 Toolkit will bring: bug fixes, the ability to "pipe" addresses with the scan6 tool, the addition of a congestion detection feature in the scan6 tool, etc.

Chema Alonso gave a presentation at the Defcon conference: Fear the Evil FOCA Attacking Internet Connection with IPv6. He presented the Evil Foca tool, which allows for the implementation of various MITM attacks (ARP spoofing, NDP spoofing, etc.). A new version of the tool has been released, enabling the implementation of a new WPAD-based attack in IPv6.

Tools

There version 2.3 The THC-IPv6 tool suite includes 2 new tools, thcsyn6 and redirsniff6, and brings various improvements to existing tools.

There version 1.4.1 The IPv6 Toolkit suite brings various bug fixes and improvements.

There version 6.40 Nmap now allows the use of "CIDR-style" notation when scanning an IPv6 network.

Vulnerabilities

The "udp_v6_push_pending_frames" and "ip6_append_data_mtu" functions of the Linux kernel, version 3.10.3 or lower, are affected by vulnerabilities (CVSS base = 4.7) allowing a local attacker to create a denial-of-service condition by... crasher the system (CVE-2013-4162 And CVE-2013-4163).

The Windows ICMPv6 stack is affected by a vulnerability (CVSS base = 4.7) that could allow an attacker to create a denial of service by sending a specially crafted ICMPv6 packet (MS13-065 And CVE-2013-3183Update 2868623 fixes the vulnerability.

The "IP_MSFILTER" and "IPV6_MSFILTER" functionalities of the implementation multicast of the FreeBSD kernel, versions 8.3 to 9.2-PRERELEASE, are affected by vulnerabilities (CVSS base = 7.2) that could allow a local attacker to elevate their privileges (FreeBSD-SA-13:09.ip_multicast And CVE-2013-3077).

The Apple iOS kernel, versions prior to 7, is affected by a vulnerability (CVSS Base = 6.1) that allows a denial-of-service attack to be created by sending specially crafted ICMPv6 messages (APPLE-SA-2013-09-18-2, CVE-2011-2391).

The "sys_netinet6" and "sys_netatm" modules of the FreeBSD kernel, versions prior to those released on 10/09, are affected by a vulnerability (CVSS base = 6.9) that could allow a local attacker to create a denial of service (kernel panic) or potentially to execute arbitrary code (FreeBSD-SA-13:12.ifioctl And CVE-2013-5691).