[ipv6hackers] IPS/WAF and combined IPv6-IPv4 attacks
merike at doubleshotsecurity.com
Mon Jul 22 15:05:20 CEST 2013
This is something I've been socializing privately for a while - just asking folks if they've seen
or are even aware of these kinds of potential attempts to fly under the radar. So far I have not
heard of anything that's been realized.
The IDS vendors all need more work.
I didn't have time to reply earlier. But did want to say that over
a year ago I tested a device that was really great at fuzzing and checking all kinds of IPv4 attacks. They
'supported' IPv6 but when I asked for details they said they replaced the IPv4 headers with IPv6 and that
was it. Hmmmmmm.....no testing with extension headers or anything else. I expect most IDS vendors with signatures
do the same thing.
On Mon 22/07/13 2:53 AM , "ZAMANI Omar" <Omar.ZAMANI at solucom.fr> wrote:
> Hello everybody !
> Following my IPv6 security investigations, I'm looking at a particular
> breed of attacks : those that combine IPv4 and IPv6.
> I don't know if such attacks are very common, but I was thinking that
> now that we have two network protocols working, some attacks targeting
> the application layer may choose to alternate for example IPv4
> encapsulated HTTP requests and IPv6 encapsulated HTTP requests in order
> to fly under the radar. For such attacks to succeed, WAFs and IPS must
> be designed to analyze IPv4 and IPv6 traffic independently as two
> different streams even at the application layer.
> Is that the case of the available solutions on the market ? Has the
> hacker community ever tried to achieve an attack of this kind ?
> Thank you for your replies.
> Omar ZAMANI
> Ipv6hackers mailing list
> Ipv6hackers at lists.si6networks.com
> http://lists.si6networks.com/listinfo/ipv6hackers 
More information about the Ipv6hackers