Knockin' on IPv6 Doors - Hack In Paris · There's a significant mistmatch beween IPv4 and IPv6...

Fernando Gont

Knockin' on IPv6 Doors

Hack In Paris 2018Paris, France. June 25-29, 2018

© 2018 SI6 Networks. All rights reservedHack in Paris 2018Paris, France. June 25-29, 2018

About...

● Security Researcher and Consultant at SI6 Networks● Published:

● 30 IETF RFCs (10+ on IPv6)● 10+ active IETF Internet-Drafts

● Author of the SI6 Networks' IPv6 toolkit● https://www.si6networks.com/tools/ipv6toolkit

● More information at: https://www.gont.com.ar

https://www.si6networks.com/tools/ipv6toolkit

https://www.gont.com.ar/


How I lost my voice :-)

Congreso de Seguridad en Computo 2011 4Hack in Paris 2018Paris, France. June 25-29, 2018

© 2018 SI6 Networks. All rights reserved

Introduction


So... what is this “IPv6” thing about?

● It addresses the problem of IPv4 address exhaustion● Employs 128-bit addresses (vs. IPv4's 32-bit addresses)● Provides the same service as IPv4● It is not backwards-compatible with IPv4


So... what is this “IPv6” thing about? (II)

● For every domain name, the DNS may contain ● A resource records (IPv4 addresses)● AAAA (Quad-A) resource records (IPv6 addresses)

● Hosts may query for A and/or AAAA resource records according different criteria

● Based on a number of factors, IPv6 and/or IPv4 could be employed


Deployment: Current state of affairs



IPv4/IPv6 Security Polices


IPv4/IPv6 Security Policies

● IPv6 and IPv4 are two different network-layer protocols● Such policies are typically configured independently of each other

● No unified rules for both network protocols● Very prone for policy mismatches

● Security policies are expected to be the same for both protocols● But...are they?



Our Experiment


What we did

● Study the filtering policies for different types of nodes:● Web servers● Name servers● Mail servers● Routers

● For different types of organizations● Companies● Non-profits● Educational

● Compare the policies for IPv4 and IPv6


Some specific questions to be answered

● What's the typical number of addresses in IPv4 vs. IPv6?● Are there mistmatches in the security policies for...

● different IPv4 addresses?● different IPv6 addresses?● IPv4 vs. IPv6 addresses?

● Are IPv6 security policies...● stricter or more relaxed than those IPv4?● or are them just different?



Identifying Targets


Leveraging search engines

● script6 of SI6 Networks' IPv6 Toolkit leverages "Bing"

● Simple implementation:● Specify site● Iterate through results pages● Use letters and/o numbers in search string to shield different results

● Example:

script6 get-bing navy.mil


Leveraging search engines (II)

● Results improve with the help of a dictionary● Example:

script6 get-bing-dict navy.mil english.dic



Results


Typical number of addresses per domain


Policy mismatches across address families


Open ports on IPv4/IPv6 (cumulative)


Open ports (differential)

25Hack in Paris 2018Paris, France. June 25-29, 2018


Conclusions


Some conclusions

● There's a significant mistmatch beween IPv4 and IPv6 security policies

● Previous studies suggested that fewer controls were enforced on IPv6

● Ours suggest that IPv4 and IPv6 policies are just different● there are also minor mistmatches between different IPv6 addresses!

27Hack in Paris 2018Paris, France. June 25-29, 2018


Questions?


Thanks!

Fernando Gont

[email protected]

IPv6 Hackers mailing-listhttp://www.si6networks.com/community/

www.si6networks.com

Knockin' on IPv6 Doors - Hack In Paris · There's a significant mistmatch beween IPv4 and IPv6...

Documents

Transcript of Knockin' on IPv6 Doors - Hack In Paris · There's a significant mistmatch beween IPv4 and IPv6...