IPv6 and security: news from the front – April
New publications
Risks associated with IPv6 autoconfiguration from CERT-FR, article published in the CERTFR-2014-ACT-013 news bulletin
After a quick introduction to autoconfiguration with IPv6, the article explains how an attacker could exploit this feature to intercept network flows (MITM).
Testing the security of IPv6 implementations, report published on the TNO website
This report, intended as a starting point for IPv6 penetration testing, presents a detailed (42 pages) overview of IPv6 vulnerabilities. The five sections are titled "general security considerations", "filtering vulnerabilities", "system specific vulnerabilities", "routing vulnerabilities" and "other vulnerabilities".
IPv6 Security Summit Conference
THE slides of the majority of presentations and workshops Proceedings from the IPv6 Security Summit conference have been published. Brief descriptions are available by clicking the links below.
For presentations:
- Why IPv6 Security is so hard – Structural Deficits of IPv6 and their Implications, by Enno Rey
- HA Strategies in IPv6 Networks, by Ivan Pepelnjak
- Secure Operation of an IPv6 Network, by Eric Vyncke
- Practical Security Assessment of IPv6 Networks and Devices, by Fernando Gont
- Testing IPv6 Firewalls with ft6, by Oliver Eggert
- Recent IPv6 Security Standardization Efforts, by Fernando Gont
- Remote OS Detection with IPv6, by Mathias Morbitzer
- The IPv6 Snort Plugin, by Martin Schütte
- Case Study: Building a Secure IPv6 Guest WiFi Network., by Christopher Werny
For the workshops :
- Basic Attacks & Protection Strategies, by Christopher Werny
- An All-in-one Advanced IPv6 Testing Framework, by Antonios Atlasis
- Overview of the Real-World Capabilities of Major Commercial Security Products, by Christopher Werny and Antonios Atlasis
- Penetration Testing in IPv6 Networks, by Marc Heuse (slides (not available)
New tools
Chiron by Antonios Atlasis, version 0.1
The Chiron tool was released at the IPv6 Security Summit conference. This first version includes an IPv6 scanner, an NDP message creation tool, and a proxy IPv6-to-IPv4.
IPv6 Plugin for Snort by Martin Schütte
This preprocessor for Snort was also released at the IPv6 Security Summit conference. It notably allows the creation of IPv6-specific signatures within Snort.
