[ipv6hackers] thc-ipv6 v3.0, IPv6 complexity and evasions

Marc Heuse mh at mh-sec.de
Fri Oct 16 08:47:19 CEST 2015

Hi guys,

I just released thc-ipv6 v3.0 at www.thc.org/thc-ipv6 and

Two new tools are included:
 - fragrouter6: an IDS evasion toolkit which allows you to transparenter
use nmap -6, thc-ipv6, ipv6 toolkit, OpenVAS etc. transparently while
evading IDS
 - connsplit6: splitting up a connection to make analysis more
difficult. just a proof of concept to show how this is easily done.
Plus a lot of other new options and features, the CHANGES list is long.

I released that for the my presentation at GSEC Singapore, "Hiding in
Complexity". Slides are here:

There you also get a list of bypass attacks per IDS product.
spoiler alert: surricata is pretty good (but still fails for a few
cases), snort is not very good, and tippingpoint seems just to do the
basics to get an "IPv6 ready" sticker.

btw - I did not report these to the respective IDS developers (basically
too busy with customer projects and no contacts to the developers).
If someone wants to point them to slides and tool, they might be happy.


Marc Heuse

PGP: AF3D 1D4C D810 F0BB 977D  3807 C7EE D0A0 6BE9 F573

More information about the Ipv6hackers mailing list