New release : CTI Report - Pharmaceutical and drug manufacturing 

                 Download now

IPv6 and security: news from the front – July

July 26, 2013

IPv6 and security: news from the front – July

Published articles

Stéphane Bortzmeyer attended the training Hacking IPv6 Networks at the Hack In Paris conference and published an article on his blog: The "IPv6 Hacking" course«. He shares some of the notes he took during the training : analysis of the Flow Label field, network scanning, Neighbor Cache poisoning…

Ivan Pepelnjak published an article on his blog: FIRST-HOP IPV6 SECURITY FEATURES IN CISCO IOS. He briefly describes the IPv6 security mechanisms that can be used with Cisco equipment.

Fernando Gont published an article on the SearchNetworking blog: IPv6 addressing requires special attention to ensure security. The article details the problems posed by certain methods of generating IPv6 addresses and more specifically the possibilities of Host Tracking.

 

Conferences

Antonios Atlasis carried out a workshop : Advanced Attack Techniques against IPv6 Networks – A Hands-On Workshop. The 250 slides They present, in a very technical way, numerous attacks exploiting IPv6 Extension Headers: evasion, denial of service, hidden channels…

John Kristoff gave a presentation at the conference FIRST : A Sampling of Internetwork Security Issues Involving IPv6. Although not very detailed, the slides give an overview of the overall impact of IPv6 on security: «current IETF work», «spam», «DoS», «IPv6 for sale in the underground», «what we (don't) see today»…

 

Tools

In addition to the slides of workshop from Antonios Atlasis (see above), of the Python scripts were published:

  • CVE_2012_2744.py
  • IPv6-attacks-Ether.py
  • mitm_attack.py

 

Vulnerabilities

A vulnerability has been discovered in Sophos' UTM product (OSVDB-94622An unspecified vulnerability in the IPv6-related kernel code could lead to a crash. A update A patch addressing the vulnerability was published by Sophos.

A vulnerability (CVSS Base: 5.4) has been discovered in the Linux kernel (CVE-2013-4125Sending a sequence of specially designed Router Advertisement messages can do crasher the core.

 

Finally, at the boundary between the bug And the vulnerability, this screenshot will surely bring a smile to some readers' faces (source) :

Contact