[ipv6hackers] The state of IPv6 (pen)testing and the future

Joe Klein jsklein at gmail.com
Thu Jan 24 12:09:11 CET 2013


Antonios,

Congrats on speaking at Black Hat. I have submitted papers and
presentation for the last 6 years, only to be turned down every time.

Joe Klein

On Wed, Jan 23, 2013 at 6:22 AM, Antonios Atlasis
<antonios.atlasis at gmail.com> wrote:
> Hi,
>
> there was also one additional talk by me in BH Abu Dhabi called "Security
> Impacts of Abusing IPv6 Extension Headers" (
> https://www.blackhat.com/ad-12/archives.html#Atlasis) - new content in
> comparison with [2].
>
> Antonios
>
> 2013/1/23 Marc Heuse <mh at mh-sec.de>
>
>> Hi guys,
>>
>> it has become pretty quiet on the list. As the depletion of IPv6 in
>> north america will take until beginning of next year [1] and a lot of
>> common topics have been already discussed here, I think thats
>> understandable.
>>
>> So, I would like to ask some things on the status of people actively
>> doing IPv6 security.
>>
>> Is anyone presenting on new IPv6 security issues in 2013?
>> I will do one presentation at the german IPv6 congress in June with some
>> new stuff, but so far that is it. In 2012 it was all Fernando, me plus
>> one talk by Antonios Atlasis at Blackhat about extension headers and
>> fragments [2].
>> (or did I miss a talk with new content?)
>>
>> Is anyone providing public IPv6 pentesting trainings in 2013?
>> For securing there are a few (few!), but for full hands-on pentesting, I
>> am not aware of anyone else besides me (and my plan so far is only at
>> CanSecWest, HITB Amsterdam, Sysscan and 44con so far) - so if you do,
>> please send this to the list. We need more IPv6 security/pentest
>> training to educate people!
>>
>> Coming to tools. I am only aware of two IPv6 pentesting tools emerging
>> in 2012: the Topera IPv6 Port Scanner [3] and the SinFP3 Fingerprinting
>> Tool [4]. This is ... disappointing. On the plus side, the IPv6 support
>> (especially scripts) with nmap got a lot better. Did I miss tools here?
>> Of course there were updates to Fernando's tools and mine.
>> But the lack of IPv6 pentesting/security tools is an issue.
>>
>> Which brings me to my last topic - the thc-ipv6 toolkit currently
>> contains ~50 attack and assessment tools. The last update (v2.2) came
>> out on the 27th of December 2012. And at the moment I only have a few
>> ideas left what to add, so:
>> please send me your wishes, ideas, critizism what I could add/enhance to
>> thc-ipv6 package! :-)
>>
>> Happy 2013 and lets see what IPv6 brings us in this new year.
>>
>> Greets,
>> Marc
>>
>> [1] http://www.potaroo.net/tools/ipv4/index.html
>> [2]
>>
>> https://media.blackhat.com/bh-eu-12/Atlasis/bh-eu-12-Atlasis-Attacking_IPv6-Slides.pdf
>> [3] http://code.google.com/p/topera/
>> [4] http://www.networecon.com/tools/sinfp/
>>
>> --
>> Marc Heuse
>> www.mh-sec.de
>>
>> PGP: FEDD 5B50 C087 F8DF 5CB9  876F 7FDD E533 BF4F 891A
>> _______________________________________________
>> Ipv6hackers mailing list
>> Ipv6hackers at lists.si6networks.com
>> http://lists.si6networks.com/listinfo/ipv6hackers
>>
> _______________________________________________
> Ipv6hackers mailing list
> Ipv6hackers at lists.si6networks.com
> http://lists.si6networks.com/listinfo/ipv6hackers



More information about the Ipv6hackers mailing list