TOPERA v0.2IPv6 and Slow HTTP
AttacksDaniel Garcia a.k.a Cr0hn (twitter.com/
ggdaniel)Rafa Sánchez - (twitter.com/
r_a_ff_a_e_ll_o)
Que vamos a contar´
Que vamos a contar´
IDS -->
Que vamos a contar´
IDS --> SNORT -->
Que vamos a contar´
IDS --> SNORT --> Topera v0.1 -->
Que vamos a contar´
IDS --> SNORT --> Topera v0.1 -->
DEMO -->
Que vamos a contar´
IDS --> SNORT --> Topera v0.1 -->
DEMO --> Topera v0.2-->
Que vamos a contar´
IDS --> SNORT --> Topera v0.1 -->
DEMO --> Topera v0.2--> DEMO
IDS/IPS
Sistema de Detección/Prevención
de Intrusos
IDS/IPS
Sistema de Detección/Prevención
de Intrusos
SNORT
No se lleva muy bien con IPv6
SNORT
No se lleva muy bien con IPv6
SNORT
Extension Headers
http://www.tcpipguide.com/
IETF
Rfc2460 -> IPv6 nodes must accept and attempt to process extension headers in any order and occurring any number
of times in the same packet […]Dec. 1998
IETF
A Uniform Format for IPv6 Extension Headers
(draft, April 2012)[…]further work required in this area. Some
issues that are left unresolved beyond this document include: There can be an arbitrary
number of extension headers […]
IETF
A Uniform Format for IPv6 Extension Headers
(draft, April 2012)[…]further work required in this area. Some
issues that are left unresolved beyond this document include: There can be an arbitrary
number of extension headers […]
IETF
Security Implications of the Use of IPv6 Extension Headers with IPv6 Neighbor
Discovery[…] this document proposes that hosts silently
ignore Neighbor Discovery messages that use IPv6 Extension Headers[…]
(F. Gont) - IPv6 maintenance Working Group (6man)
IETF
Security Implications of the Use of IPv6 Extension Headers with IPv6 Neighbor
Discovery[…] this document proposes that hosts silently
ignore Neighbor Discovery messages that use IPv6 Extension Headers[…]
(F. Gont) - IPv6 maintenance Working Group (6man)
Topera v0.1
SNORT es vulnerable ante determinado tipo de paquetes IPv6
Topera v0.1
SNORT es vulnerable ante determinado tipo de paquetes IPv6
Presentada en #NN2ED
Topera v0.1
SNORT es vulnerable ante determinado tipo de paquetes IPv6
Presentada en #NN2EDEscaneos TCP indetectables por SNORT
Topera v0.1
SNORT es vulnerable ante determinado tipo de paquetes IPv6
Presentada en #NN2EDEscaneos TCP indetectables por SNORT
Topera v0.1
SNORT es vulnerable ante determinado tipo de paquetes IPv6
Presentada en #NN2EDEscaneos TCP indetectables por SNORT
Topera v0.1
CONSECUENCIASde TOPERA...
Topera v0.1
DEMO
http://code.google.com/p/topera/
Nuevos Ataques
TOPERA evoluciona…
Nuevos Ataques
TOPERA evoluciona…
Slow HTTPDenial Of Service Attack
Slowloris
Denial Of Service Attack
CRLFContent-Length
Slowloris
Denial Of Service Attack
CRLFContent-Length
TOPERA v0.2
Y si mezclamos todo?
http://securityreactions.tumblr.com/
Topera v0.2
https://github.com/toperaproject/topera/
Es un Riesgo Real??
Es un Riesgo Real??
Gracias Ralli, Fran!!
Es un Riesgo Real??
Gracias Ralli, Fran!!
Es un Riesgo Real??
Gracias Ralli, Fran!!
Es un Riesgo Real??
Es un Riesgo Real??
Es un Riesgo Real??
Es un Riesgo Real??
Es un Riesgo Real??
Es un Riesgo Real??
Es un Riesgo Real??
Es un Riesgo Real??
Es un Riesgo Real??
Es un Riesgo Real??
Es un Riesgo Real??