New publications

Evasion of High-End IDPS Devices at the IPv6 Era by Antonios Atlasis, Enno Rey and Rafael Schaefer, presentation given during the Hack.lu conference

THE slides the presentation are similar to those of the presentation made at Black Hat (cf. September article) and detail methods for bypassing IDS (Suricata, Tipping Point, Sourcefire, and Snort). To summarize briefly:

• «"four (4) IDPS"; ;
• «at least twelve (12) different evasion techniques»; ;
• «all of them were reported (disclosed responsibly)»; ;
• «some guys were too busy though, so two of the products still suffer from 0-days IPv6 evasion techniques».

Security Implications of Using IPv6 GUAs Only by Enno Rey, article published on the Insinuator blog

In IPv4, RFC 1918 type addresses are generally used within an internal network and therefore isolate this network from the Internet, because they are not routables on the Internet. In IPv6, the equivalents of these addresses are ULA (Unique Local Address) type addresses, but they are rarely used, in favor of GUA (Global Unicast Address) type addresses., routables on the Internet. The article focuses on three solutions for isolating a network using this type of Internet address:

• «"traffic filtering"; ;
• «selective route announcements»; ;
• «null routing specific segments».

Understanding security flaws in IPv6 addressing schemes by Fernando Gont, article published on the SearchSecurity blog

In this lengthy article, Fernando Gont begins by explaining how IPv6 addresses can be generated, then explains what the impacts on the privacy or security: correlation of a node's activity over time, use of the addressing scheme to perform a network scan, etc.