[ipv6hackers] The state of IPv6 (pen)testing and the future

Fernando Gont fgont at si6networks.com
Thu Jan 24 05:32:47 CET 2013 

Hi, Marc,

On 01/23/2013 06:23 AM, Marc Heuse wrote:
> Is anyone presenting on new IPv6 security issues in 2013?

Yes, I'm planning to present about v6 security. For the most part, my
talks will be about:

* Ongoing work at the IETF
* New tools for my toolkit
* Hopefully new atches for open source OSes (I'm planning to comit some
time to that)


> I will do one presentation at the german IPv6 congress in June with some
> new stuff, but so far that is it. In 2012 it was all Fernando, me plus
> one talk by Antonios Atlasis at Blackhat about extension headers and
> fragments [2].
> (or did I miss a talk with new content?)

IIRC, there was an IPv6 talk at AthCon, which had some empirical data
about the lack of firewall rules parity for dual-stacked systems (e.g.,
ssh blocked on v4, but allowed on v6).


> Is anyone providing public IPv6 pentesting trainings in 2013?

I will. The specific venues/dates are still to be arranged, though.


> For securing there are a few (few!), but for full hands-on pentesting, I
> am not aware of anyone else besides me (and my plan so far is only at
> CanSecWest, HITB Amsterdam, Sysscan and 44con so far) - so if you do,
> please send this to the list. We need more IPv6 security/pentest
> training to educate people!

Definitely!



> Coming to tools. I am only aware of two IPv6 pentesting tools emerging
> in 2012: the Topera IPv6 Port Scanner [3] and the SinFP3 Fingerprinting
> Tool [4]. 

scan6 of <http://www.si6networks.com/tools/ipv6toolkit> has some basic
support for local scans -- and I have more stuff coming in this area...


> This is ... disappointing. On the plus side, the IPv6 support
> (especially scripts) with nmap got a lot better. Did I miss tools here?
> Of course there were updates to Fernando's tools and mine.
> But the lack of IPv6 pentesting/security tools is an issue.

I fully agree. For instance... some time ago I even wasn't able to find
an IPv6-based SYN flooder -- that's why implemented tcp6 in my toolkit.

Was there such a thing publicly available?



> Which brings me to my last topic - the thc-ipv6 toolkit currently
> contains ~50 attack and assessment tools. The last update (v2.2) came
> out on the 27th of December 2012. And at the moment I only have a few
> ideas left what to add, so:
> please send me your wishes, ideas, critizism what I could add/enhance to
> thc-ipv6 package! :-)

I still have in my "TODO list" that of committing some time to send some
patches for your toolkit. I'll take a closer look and try to contribute
some code.

Thanks!

Best regards,
-- 
Fernando Gont
SI6 Networks
e-mail: fgont at si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492

More information about the Ipv6hackers mailing list