SlideShare a Scribd company logo

Dual stack IPv4 / IPv6 Security Issues - A simple proof of concept

Eduardo Coelho
Eduardo Coelho

Dual stack IPv4 / IPv6 Security Issues - A simple proof of concept. Slides for a speaking showing a simulated scenario where a regular network have a rogue IPv6 router

Technology
1 of 10
Download to read offline
DUAL STACK SECURITY A simple proof of concept on IPv4/IPv6 stacks Some thoughts about current dual stack setups Eduardo Coelho http://coelho.pro.br
SCENARIO • virtual •2 simulated environment linux vms, 1 windows8 vm • vmware built-in IPv4 DHCP server, host-only network • simulated rogue IPv6 ra/dhcp/dns with regular linux software
DEMO
DUAL STACK MAY NOT BE SMOOTH FROM A SECURITY STAND POINT
IPV6 ADDRESSING • global • link unicast local • unique local • others: anycast, multicast, reserved and special
AUTOCONF IS A BIG THING • lets try to understand how it works: • stateless • router • IPv6 autoconf advertisement and prefix distribution routing
DNS SETTINGS DELIVERY • llmnr • stateless • dns-ra dhcp6 (problem:windows non-compliance to rfc6106) • remember naming is now more important than with ipv4, due to human difficulty manually handling ipv6 addresses
AUTOCONF CONCERNS • rogue routers • rogue dhcp servers • sniffing • spoofing (man in the middle attacks)
CONCLUSIONS • we have provided a simple proof of concept for a rogue ra/ dns server on a dual-stack ipv4/ipv6 environment • ipv6 technologies should be very well understood, specially on dual-stack setups, which is how most of networks are set • some of the security issues are not ipv6 specific, but have a greater impact due to current lack of precautions • most issues are due to stack implementation or by design, which makes it difficult to mitigate
REFERENCES Unique Local Address http://en.wikipedia.org/wiki/ Unique_local_address ! Unique Local Unicast Addresses http://tools.ietf.org/html/rfc4193 ! Deprecating Site Local Addresses http://tools.ietf.org/rfc/rfc3879.txt ! IPv6 Support in Home Routers http://msdn.microsoft.com/en-us/ library/windows/hardware/ gg463251.aspx ! Prefix delegation http://en.wikipedia.org/wiki/ Prefix_delegation ! Requirements for IPv6 Prefix Delegation http://tools.ietf.org/html/rfc3769 Internet powers flip the IPv6 switch (FAQ) http://news.cnet.com/ 8301-1001_3-57445316-92/internetpowers-flip-the-ipv6-switch-faq/ ! IPv6-capable devices: Make sure they are ready http://www.techrepublic.com/blog/ networking/ipv6-capable-devicesmake-sure-they-are-ready/2522 ! IPv6 Ready Logo Program https://www.ipv6ready.org Router Advertisement (radvd) configuration http://wiki.openwrt.org/doc/uci/radvd ! ! ! IPv6: When do you really need to switch? http://www.zdnet.com/blog/networking/ ipv6-when-do-you-really-need-toswitch/2444 ! ! Portal IPv6 NIC.br http://ipv6.br ! IPv6 http://en.wikipedia.org/wiki/IPv6 ! IPv6 transition mechanisms http://en.wikipedia.org/wiki/ IPv6_transition_mechanisms IPv6 Prefix Options for DHCP version 6 http://www.ietf.org/rfc/rfc3633.txt ! IP Version 6 Addressing Architecture http://tools.ietf.org/html/rfc4291 ! Comparison of IPv6 support in operating systems http://en.wikipedia.org/wiki/ Comparison_of_IPv6_support_in_oper ating_systems Internet Protocol Version 6 Address Space http://www.iana.org/assignments/ipv6address-space/ipv6-address-space.xml ! ! Does Win7 or W2K8 server support RFC 6106? http://social.technet.microsoft.com/ Forums/en-US/ipv6/thread/ 5757980a-5983-4efca5f3-27687b90fe41/ ! Delivering DNS via IPv6 Router http://www.itdojo.com/2011/05/02/ delivering-dns-via-ipv6-routeradvertisements/

Recommended

You Call that Micro, Mr. Docker? How OSv and Unikernels Help Micro-services S...
You Call that Micro, Mr. Docker? How OSv and Unikernels Help Micro-services S...You Call that Micro, Mr. Docker? How OSv and Unikernels Help Micro-services S...
You Call that Micro, Mr. Docker? How OSv and Unikernels Help Micro-services S...
rhatr
 
This one goes to 11!
This one goes to 11!This one goes to 11!
This one goes to 11!
APNIC
 
FreeBSD: The Next 10 Years (MeetBSD 2014)
FreeBSD: The Next 10 Years (MeetBSD 2014)FreeBSD: The Next 10 Years (MeetBSD 2014)
FreeBSD: The Next 10 Years (MeetBSD 2014)
iXsystems
 
IITCC15: The Bare-Metal Hypervisor as a Platform for Innovation
IITCC15: The Bare-Metal Hypervisor as a Platform for InnovationIITCC15: The Bare-Metal Hypervisor as a Platform for Innovation
IITCC15: The Bare-Metal Hypervisor as a Platform for Innovation
The Linux Foundation
 
Unifi'd Ownage
Unifi'd OwnageUnifi'd Ownage
Unifi'd Ownage
Tim N
 
Introduction to Open Mano
Introduction to Open ManoIntroduction to Open Mano
Introduction to Open Mano
videos
 
The new AMD EPYC solutions from OVHcloud: what benefits?
The new AMD EPYC solutions from OVHcloud: what benefits?The new AMD EPYC solutions from OVHcloud: what benefits?
The new AMD EPYC solutions from OVHcloud: what benefits?
OVHcloud
 
ViFX Tech Connect: Containers & VMs
ViFX Tech Connect: Containers & VMsViFX Tech Connect: Containers & VMs
ViFX Tech Connect: Containers & VMs
ViFX
 

Recommended

You Call that Micro, Mr. Docker? How OSv and Unikernels Help Micro-services S...
You Call that Micro, Mr. Docker? How OSv and Unikernels Help Micro-services S...You Call that Micro, Mr. Docker? How OSv and Unikernels Help Micro-services S...
You Call that Micro, Mr. Docker? How OSv and Unikernels Help Micro-services S...
rhatr
 
This one goes to 11!
This one goes to 11!This one goes to 11!
This one goes to 11!
APNIC
 
FreeBSD: The Next 10 Years (MeetBSD 2014)
FreeBSD: The Next 10 Years (MeetBSD 2014)FreeBSD: The Next 10 Years (MeetBSD 2014)
FreeBSD: The Next 10 Years (MeetBSD 2014)
iXsystems
 
IITCC15: The Bare-Metal Hypervisor as a Platform for Innovation
IITCC15: The Bare-Metal Hypervisor as a Platform for InnovationIITCC15: The Bare-Metal Hypervisor as a Platform for Innovation
IITCC15: The Bare-Metal Hypervisor as a Platform for Innovation
The Linux Foundation
 
Unifi'd Ownage
Unifi'd OwnageUnifi'd Ownage
Unifi'd Ownage
Tim N
 
Introduction to Open Mano
Introduction to Open ManoIntroduction to Open Mano
Introduction to Open Mano
videos
 
The new AMD EPYC solutions from OVHcloud: what benefits?
The new AMD EPYC solutions from OVHcloud: what benefits?The new AMD EPYC solutions from OVHcloud: what benefits?
The new AMD EPYC solutions from OVHcloud: what benefits?
OVHcloud
 
ViFX Tech Connect: Containers & VMs
ViFX Tech Connect: Containers & VMsViFX Tech Connect: Containers & VMs
ViFX Tech Connect: Containers & VMs
ViFX
 
XPDS14: Xen 4.5 Roadmap - Konrad Wilk, Oracle
XPDS14: Xen 4.5 Roadmap - Konrad Wilk, OracleXPDS14: Xen 4.5 Roadmap - Konrad Wilk, Oracle
XPDS14: Xen 4.5 Roadmap - Konrad Wilk, Oracle
The Linux Foundation
 
[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensions
[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensions[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensions
[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensions
Zoltan Balazs
 
Xen Project CI for OpenStack Overview
Xen Project CI for OpenStack OverviewXen Project CI for OpenStack Overview
Xen Project CI for OpenStack Overview
The Linux Foundation
 
Simplifying Ceph Management with Virtual Storage Manager (VSM)
Simplifying Ceph Management with Virtual Storage Manager (VSM)Simplifying Ceph Management with Virtual Storage Manager (VSM)
Simplifying Ceph Management with Virtual Storage Manager (VSM)
Ceph Community
 
Midwest php 2013 deploying php on paas- why & how
Midwest php 2013 deploying php on paas- why & howMidwest php 2013 deploying php on paas- why & how
Midwest php 2013 deploying php on paas- why & how
dotCloud
 
OSv presentation from Linux Foundation Collaboration Summit
OSv presentation from Linux Foundation Collaboration SummitOSv presentation from Linux Foundation Collaboration Summit
OSv presentation from Linux Foundation Collaboration Summit
Don Marti
 
Zabbix Performance Tuning
Zabbix Performance TuningZabbix Performance Tuning
Zabbix Performance Tuning
Ricardo Santos
 
QEMU Disk IO Which performs Better: Native or threads?
QEMU Disk IO Which performs Better: Native or threads?QEMU Disk IO Which performs Better: Native or threads?
QEMU Disk IO Which performs Better: Native or threads?
Pradeep Kumar
 
XPDS16: libvirt and Tools: What's New and What's Next - James Fehlig, SUSE
XPDS16: libvirt and Tools: What's New and What's Next - James Fehlig, SUSEXPDS16: libvirt and Tools: What's New and What's Next - James Fehlig, SUSE
XPDS16: libvirt and Tools: What's New and What's Next - James Fehlig, SUSE
The Linux Foundation
 
XPDS14 - Towards Massive Server Consolidation - Filipe Manco, NEC
XPDS14 - Towards Massive Server Consolidation - Filipe Manco, NECXPDS14 - Towards Massive Server Consolidation - Filipe Manco, NEC
XPDS14 - Towards Massive Server Consolidation - Filipe Manco, NEC
The Linux Foundation
 
Xen Virtualization 2008
Xen Virtualization 2008Xen Virtualization 2008
Xen Virtualization 2008
mwlang88
 
Nexenta at VMworld Hands-on Lab
Nexenta at VMworld Hands-on LabNexenta at VMworld Hands-on Lab
Nexenta at VMworld Hands-on Lab
Nexenta Systems
 
UEFI HTTP/HTTPS Boot
UEFI HTTP/HTTPS BootUEFI HTTP/HTTPS Boot
UEFI HTTP/HTTPS Boot
LinuxCon ContainerCon CloudOpen China
 
5. hands on - building local development environment with Open Mano
5. hands on - building local development environment with Open Mano5. hands on - building local development environment with Open Mano
5. hands on - building local development environment with Open Mano
videos
 
ONIE: Open Network Install Environment @ OSDC 2014 Netways, Berlin
ONIE: Open Network Install Environment @ OSDC 2014 Netways, BerlinONIE: Open Network Install Environment @ OSDC 2014 Netways, Berlin
ONIE: Open Network Install Environment @ OSDC 2014 Netways, Berlin
Nat Morris
 
Recent Developments in Donard
Recent Developments in DonardRecent Developments in Donard
Recent Developments in Donard
PMC-Sierra Inc.
 
4. open mano set up and usage
4. open mano set up and usage4. open mano set up and usage
4. open mano set up and usage
videos
 
OSv – The OS designed for the Cloud
OSv – The OS designed for the CloudOSv – The OS designed for the Cloud
OSv – The OS designed for the Cloud
Yandex
 
IPv6 Deployment in Japan
IPv6 Deployment in JapanIPv6 Deployment in Japan
IPv6 Deployment in Japan
Akira Nakagawa
 
Operational Experience of MAP-E
Operational Experience of MAP-EOperational Experience of MAP-E
Operational Experience of MAP-E
Akira Nakagawa
 
JPNE MAP-E Deployment (IETF92@Dallas)
JPNE MAP-E Deployment (IETF92@Dallas)JPNE MAP-E Deployment (IETF92@Dallas)
JPNE MAP-E Deployment (IETF92@Dallas)
Akira Nakagawa
 
MAP-E as IPv4 over IPv6 Technology
MAP-E as IPv4 over IPv6 TechnologyMAP-E as IPv4 over IPv6 Technology
MAP-E as IPv4 over IPv6 Technology
Akira Nakagawa
 

More Related Content

What's hot

[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensions
[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensions[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensions
[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensions
Zoltan Balazs
 
Midwest php 2013 deploying php on paas- why & how
Midwest php 2013 deploying php on paas- why & howMidwest php 2013 deploying php on paas- why & how
Midwest php 2013 deploying php on paas- why & how
dotCloud
 
XPDS16: libvirt and Tools: What's New and What's Next - James Fehlig, SUSE
XPDS16: libvirt and Tools: What's New and What's Next - James Fehlig, SUSEXPDS16: libvirt and Tools: What's New and What's Next - James Fehlig, SUSE
XPDS16: libvirt and Tools: What's New and What's Next - James Fehlig, SUSE
The Linux Foundation
 
XPDS14 - Towards Massive Server Consolidation - Filipe Manco, NEC
XPDS14 - Towards Massive Server Consolidation - Filipe Manco, NECXPDS14 - Towards Massive Server Consolidation - Filipe Manco, NEC
XPDS14 - Towards Massive Server Consolidation - Filipe Manco, NEC
The Linux Foundation
 

What's hot (18)

XPDS14: Xen 4.5 Roadmap - Konrad Wilk, Oracle
XPDS14: Xen 4.5 Roadmap - Konrad Wilk, OracleXPDS14: Xen 4.5 Roadmap - Konrad Wilk, Oracle
XPDS14: Xen 4.5 Roadmap - Konrad Wilk, Oracle
 
[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensions
[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensions[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensions
[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensions
 
Xen Project CI for OpenStack Overview
Xen Project CI for OpenStack OverviewXen Project CI for OpenStack Overview
Xen Project CI for OpenStack Overview
 
Simplifying Ceph Management with Virtual Storage Manager (VSM)
Simplifying Ceph Management with Virtual Storage Manager (VSM)Simplifying Ceph Management with Virtual Storage Manager (VSM)
Simplifying Ceph Management with Virtual Storage Manager (VSM)
 
Midwest php 2013 deploying php on paas- why & how
Midwest php 2013 deploying php on paas- why & howMidwest php 2013 deploying php on paas- why & how
Midwest php 2013 deploying php on paas- why & how
 
OSv presentation from Linux Foundation Collaboration Summit
OSv presentation from Linux Foundation Collaboration SummitOSv presentation from Linux Foundation Collaboration Summit
OSv presentation from Linux Foundation Collaboration Summit
 
Zabbix Performance Tuning
Zabbix Performance TuningZabbix Performance Tuning
Zabbix Performance Tuning
 
QEMU Disk IO Which performs Better: Native or threads?
QEMU Disk IO Which performs Better: Native or threads?QEMU Disk IO Which performs Better: Native or threads?
QEMU Disk IO Which performs Better: Native or threads?
 
XPDS16: libvirt and Tools: What's New and What's Next - James Fehlig, SUSE
XPDS16: libvirt and Tools: What's New and What's Next - James Fehlig, SUSEXPDS16: libvirt and Tools: What's New and What's Next - James Fehlig, SUSE
XPDS16: libvirt and Tools: What's New and What's Next - James Fehlig, SUSE
 
XPDS14 - Towards Massive Server Consolidation - Filipe Manco, NEC
XPDS14 - Towards Massive Server Consolidation - Filipe Manco, NECXPDS14 - Towards Massive Server Consolidation - Filipe Manco, NEC
XPDS14 - Towards Massive Server Consolidation - Filipe Manco, NEC
 
Xen Virtualization 2008
Xen Virtualization 2008Xen Virtualization 2008
Xen Virtualization 2008
 
Nexenta at VMworld Hands-on Lab
Nexenta at VMworld Hands-on LabNexenta at VMworld Hands-on Lab
Nexenta at VMworld Hands-on Lab
 
UEFI HTTP/HTTPS Boot
UEFI HTTP/HTTPS BootUEFI HTTP/HTTPS Boot
UEFI HTTP/HTTPS Boot
 
5. hands on - building local development environment with Open Mano
5. hands on - building local development environment with Open Mano5. hands on - building local development environment with Open Mano
5. hands on - building local development environment with Open Mano
 
ONIE: Open Network Install Environment @ OSDC 2014 Netways, Berlin
ONIE: Open Network Install Environment @ OSDC 2014 Netways, BerlinONIE: Open Network Install Environment @ OSDC 2014 Netways, Berlin
ONIE: Open Network Install Environment @ OSDC 2014 Netways, Berlin
 
Recent Developments in Donard
Recent Developments in DonardRecent Developments in Donard
Recent Developments in Donard
 
4. open mano set up and usage
4. open mano set up and usage4. open mano set up and usage
4. open mano set up and usage
 
OSv – The OS designed for the Cloud
OSv – The OS designed for the CloudOSv – The OS designed for the Cloud
OSv – The OS designed for the Cloud
 

Viewers also liked

Look at ipv6 security advantages over ipv4
Look at ipv6 security advantages over ipv4Look at ipv6 security advantages over ipv4
Look at ipv6 security advantages over ipv4
Alexander Decker
 
IPv6-Networking-Referat: «Mapping of Address and Port (MAP) – Deep Dive»
IPv6-Networking-Referat: «Mapping of Address and Port (MAP) – Deep Dive»IPv6-Networking-Referat: «Mapping of Address and Port (MAP) – Deep Dive»
IPv6-Networking-Referat: «Mapping of Address and Port (MAP) – Deep Dive»
Digicomp Academy AG
 

Viewers also liked (20)

IPv6 Deployment in Japan
IPv6 Deployment in JapanIPv6 Deployment in Japan
IPv6 Deployment in Japan
 
Operational Experience of MAP-E
Operational Experience of MAP-EOperational Experience of MAP-E
Operational Experience of MAP-E
 
JPNE MAP-E Deployment (IETF92@Dallas)
JPNE MAP-E Deployment (IETF92@Dallas)JPNE MAP-E Deployment (IETF92@Dallas)
JPNE MAP-E Deployment (IETF92@Dallas)
 
MAP-E as IPv4 over IPv6 Technology
MAP-E as IPv4 over IPv6 TechnologyMAP-E as IPv4 over IPv6 Technology
MAP-E as IPv4 over IPv6 Technology
 
MAP-E as IPv4 over IPv6 Technology - with some operational experiences
MAP-E as IPv4 over IPv6 Technology - with some operational experiencesMAP-E as IPv4 over IPv6 Technology - with some operational experiences
MAP-E as IPv4 over IPv6 Technology - with some operational experiences
 
Look at ipv6 security advantages over ipv4
Look at ipv6 security advantages over ipv4Look at ipv6 security advantages over ipv4
Look at ipv6 security advantages over ipv4
 
IPv4 vs IPv6
IPv4 vs IPv6IPv4 vs IPv6
IPv4 vs IPv6
 
IPv6-Networking-Referat: «Mapping of Address and Port (MAP) – Deep Dive»
IPv6-Networking-Referat: «Mapping of Address and Port (MAP) – Deep Dive»IPv6-Networking-Referat: «Mapping of Address and Port (MAP) – Deep Dive»
IPv6-Networking-Referat: «Mapping of Address and Port (MAP) – Deep Dive»
 
資訊安全規劃
資訊安全規劃資訊安全規劃
資訊安全規劃
 
Presentation of ipv4 disadvantage,ipv6 advantage and transation from ipv4 to ...
Presentation of ipv4 disadvantage,ipv6 advantage and transation from ipv4 to ...Presentation of ipv4 disadvantage,ipv6 advantage and transation from ipv4 to ...
Presentation of ipv4 disadvantage,ipv6 advantage and transation from ipv4 to ...
 
安全程式設計 C語言
安全程式設計 C語言安全程式設計 C語言
安全程式設計 C語言
 
Ipv4 & ipv6
Ipv4 & ipv6Ipv4 & ipv6
Ipv4 & ipv6
 
超越敏捷开发(成就敏捷企业之道)
超越敏捷开发(成就敏捷企业之道)超越敏捷开发(成就敏捷企业之道)
超越敏捷开发(成就敏捷企业之道)
 
電路學 - [第六章] 二階RLC電路
電路學 - [第六章] 二階RLC電路電路學 - [第六章] 二階RLC電路
電路學 - [第六章] 二階RLC電路
 
Comparison between ipv4 and ipv6
Comparison between ipv4 and ipv6Comparison between ipv4 and ipv6
Comparison between ipv4 and ipv6
 
Linux firewall-201503
Linux firewall-201503Linux firewall-201503
Linux firewall-201503
 
[嵌入式系統] 嵌入式系統進階
[嵌入式系統] 嵌入式系統進階[嵌入式系統] 嵌入式系統進階
[嵌入式系統] 嵌入式系統進階
 
IPv6
IPv6IPv6
IPv6
 
Linux 的檔案系統格式介紹
Linux 的檔案系統格式介紹Linux 的檔案系統格式介紹
Linux 的檔案系統格式介紹
 
IPV6 ppt
IPV6 pptIPV6 ppt
IPV6 ppt
 

Similar to Dual stack IPv4 / IPv6 Security Issues - A simple proof of concept

Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...
gogo6
 
Rmll Virtualization As Is Tool 20090707 V1.0
Rmll Virtualization As Is Tool 20090707 V1.0Rmll Virtualization As Is Tool 20090707 V1.0
Rmll Virtualization As Is Tool 20090707 V1.0
guest72e8c1
 
IPv6 at CSCS
IPv6 at CSCSIPv6 at CSCS
IPv6 at CSCS
Swiss IPv6 Council
 
Fernando Gont - The Hack Summit 2021 - State of the Art in IPv6 Security
Fernando Gont - The Hack Summit 2021 - State of the Art in IPv6 SecurityFernando Gont - The Hack Summit 2021 - State of the Art in IPv6 Security
Fernando Gont - The Hack Summit 2021 - State of the Art in IPv6 Security
EdgeUno
 
The age of orchestration: from Docker basics to cluster management
The age of orchestration: from Docker basics to cluster managementThe age of orchestration: from Docker basics to cluster management
The age of orchestration: from Docker basics to cluster management
Nicola Paolucci
 
2012 11-09 facex - i pv6 transition planning-
2012 11-09 facex - i pv6 transition planning-2012 11-09 facex - i pv6 transition planning-
2012 11-09 facex - i pv6 transition planning-
Eduardo Coelho
 
Ron Broersma dren-stavanger-22 nov2011
Ron Broersma dren-stavanger-22 nov2011Ron Broersma dren-stavanger-22 nov2011
Ron Broersma dren-stavanger-22 nov2011
IPv6no
 
Oracle Sandbox
Oracle SandboxOracle Sandbox
Oracle Sandbox
Datavail
 

Similar to Dual stack IPv4 / IPv6 Security Issues - A simple proof of concept (20)

DevopsItalia2015 - DHCP at Facebook - Evolution of an infrastructure
DevopsItalia2015 - DHCP at Facebook - Evolution of an infrastructureDevopsItalia2015 - DHCP at Facebook - Evolution of an infrastructure
DevopsItalia2015 - DHCP at Facebook - Evolution of an infrastructure
 
CAv6TF Meeting - 2014-05-27 - IPv6@ VMware Integration Engineering
CAv6TF Meeting - 2014-05-27 - IPv6@ VMware Integration EngineeringCAv6TF Meeting - 2014-05-27 - IPv6@ VMware Integration Engineering
CAv6TF Meeting - 2014-05-27 - IPv6@ VMware Integration Engineering
 
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...
 
Microsoft IT's IPv6 Killer App
Microsoft IT's IPv6 Killer AppMicrosoft IT's IPv6 Killer App
Microsoft IT's IPv6 Killer App
 
RMLL / LSM 2009
RMLL / LSM 2009RMLL / LSM 2009
RMLL / LSM 2009
 
Rmll Virtualization As Is Tool 20090707 V1.0
Rmll Virtualization As Is Tool 20090707 V1.0Rmll Virtualization As Is Tool 20090707 V1.0
Rmll Virtualization As Is Tool 20090707 V1.0
 
IPv6 at CSCS
IPv6 at CSCSIPv6 at CSCS
IPv6 at CSCS
 
fgont-h2hc-2020-ipv6-security.pdf
fgont-h2hc-2020-ipv6-security.pdffgont-h2hc-2020-ipv6-security.pdf
fgont-h2hc-2020-ipv6-security.pdf
 
Fernando Gont - The Hack Summit 2021 - State of the Art in IPv6 Security
Fernando Gont - The Hack Summit 2021 - State of the Art in IPv6 SecurityFernando Gont - The Hack Summit 2021 - State of the Art in IPv6 Security
Fernando Gont - The Hack Summit 2021 - State of the Art in IPv6 Security
 
IPv6 networking training sduffy v3
IPv6 networking training sduffy v3IPv6 networking training sduffy v3
IPv6 networking training sduffy v3
 
The age of orchestration: from Docker basics to cluster management
The age of orchestration: from Docker basics to cluster managementThe age of orchestration: from Docker basics to cluster management
The age of orchestration: from Docker basics to cluster management
 
2012 11-09 facex - i pv6 transition planning-
2012 11-09 facex - i pv6 transition planning-2012 11-09 facex - i pv6 transition planning-
2012 11-09 facex - i pv6 transition planning-
 
High performace network of Cloud Native Taiwan User Group
High performace network of Cloud Native Taiwan User GroupHigh performace network of Cloud Native Taiwan User Group
High performace network of Cloud Native Taiwan User Group
 
7 slaac-rick graziani
7 slaac-rick graziani7 slaac-rick graziani
7 slaac-rick graziani
 
Big Data in Container; Hadoop Spark in Docker and Mesos
Big Data in Container; Hadoop Spark in Docker and MesosBig Data in Container; Hadoop Spark in Docker and Mesos
Big Data in Container; Hadoop Spark in Docker and Mesos
 
Integrate Kubernetes into CORD(Central Office Re-architected as a Datacenter)
Integrate Kubernetes into CORD(Central Office Re-architected as a Datacenter)Integrate Kubernetes into CORD(Central Office Re-architected as a Datacenter)
Integrate Kubernetes into CORD(Central Office Re-architected as a Datacenter)
 
Implementing an IPv6 Enabled Environment for a Public Cloud Tenant
Implementing an IPv6 Enabled Environment for a Public Cloud TenantImplementing an IPv6 Enabled Environment for a Public Cloud Tenant
Implementing an IPv6 Enabled Environment for a Public Cloud Tenant
 
Network Stack in Userspace (NUSE)
Network Stack in Userspace (NUSE)Network Stack in Userspace (NUSE)
Network Stack in Userspace (NUSE)
 
Ron Broersma dren-stavanger-22 nov2011
Ron Broersma dren-stavanger-22 nov2011Ron Broersma dren-stavanger-22 nov2011
Ron Broersma dren-stavanger-22 nov2011
 
Oracle Sandbox
Oracle SandboxOracle Sandbox
Oracle Sandbox
 

More from Eduardo Coelho

2013 09-21 e-learning, moodle and opensource - what do i have to do with it
2013 09-21 e-learning, moodle and opensource - what do i have to do with it 2013 09-21 e-learning, moodle and opensource - what do i have to do with it
2013 09-21 e-learning, moodle and opensource - what do i have to do with it
Eduardo Coelho
 
Speaking - cloud computing and the sysop professional - how to get ready
Speaking - cloud computing and the sysop professional - how to get readySpeaking - cloud computing and the sysop professional - how to get ready
Speaking - cloud computing and the sysop professional - how to get ready
Eduardo Coelho
 
2012 07-05 eduardo coelho - revolução tecnológica - a influencia dos jogos
2012 07-05 eduardo coelho - revolução tecnológica - a influencia dos jogos2012 07-05 eduardo coelho - revolução tecnológica - a influencia dos jogos
2012 07-05 eduardo coelho - revolução tecnológica - a influencia dos jogos
Eduardo Coelho
 
2012 06-27 imersão academia de redes itcursos
2012 06-27 imersão academia de redes itcursos2012 06-27 imersão academia de redes itcursos
2012 06-27 imersão academia de redes itcursos
Eduardo Coelho
 
2012 06-05 porque voce precisa ser fera em linux.pdf
2012 06-05 porque voce precisa ser fera em linux.pdf2012 06-05 porque voce precisa ser fera em linux.pdf
2012 06-05 porque voce precisa ser fera em linux.pdf
Eduardo Coelho
 
2011 11-05 csi - valores pessoais
2011 11-05 csi - valores pessoais2011 11-05 csi - valores pessoais
2011 11-05 csi - valores pessoais
Eduardo Coelho
 
2011 09-22 responsabilidade social, o profissional e a empresa.pdf
2011 09-22 responsabilidade social, o profissional e a empresa.pdf2011 09-22 responsabilidade social, o profissional e a empresa.pdf
2011 09-22 responsabilidade social, o profissional e a empresa.pdf
Eduardo Coelho
 
2011 04-26 estacio fcc - palestra cloud computing para o profissional de ti
2011 04-26 estacio fcc - palestra cloud computing para o profissional de ti2011 04-26 estacio fcc - palestra cloud computing para o profissional de ti
2011 04-26 estacio fcc - palestra cloud computing para o profissional de ti
Eduardo Coelho
 
2010 10-16 workshop gestão de projetos 2010 - palestra gestão de tempo de g...
2010 10-16 workshop gestão de projetos 2010 - palestra gestão de tempo de g...2010 10-16 workshop gestão de projetos 2010 - palestra gestão de tempo de g...
2010 10-16 workshop gestão de projetos 2010 - palestra gestão de tempo de g...
Eduardo Coelho
 
2010 09-22 infra rn security meeting - palestra firewalls opensource
2010 09-22 infra rn security meeting - palestra firewalls opensource2010 09-22 infra rn security meeting - palestra firewalls opensource
2010 09-22 infra rn security meeting - palestra firewalls opensource
Eduardo Coelho
 
2010 09-17 farn sistemas de informação 6o periodo - palestra e-commerce
2010 09-17 farn sistemas de informação 6o periodo - palestra e-commerce2010 09-17 farn sistemas de informação 6o periodo - palestra e-commerce
2010 09-17 farn sistemas de informação 6o periodo - palestra e-commerce
Eduardo Coelho
 

More from Eduardo Coelho (12)

2013 09-21 e-learning, moodle and opensource - what do i have to do with it
2013 09-21 e-learning, moodle and opensource - what do i have to do with it 2013 09-21 e-learning, moodle and opensource - what do i have to do with it
2013 09-21 e-learning, moodle and opensource - what do i have to do with it
 
Speaking - cloud computing and the sysop professional - how to get ready
Speaking - cloud computing and the sysop professional - how to get readySpeaking - cloud computing and the sysop professional - how to get ready
Speaking - cloud computing and the sysop professional - how to get ready
 
2012 07-05 eduardo coelho - revolução tecnológica - a influencia dos jogos
2012 07-05 eduardo coelho - revolução tecnológica - a influencia dos jogos2012 07-05 eduardo coelho - revolução tecnológica - a influencia dos jogos
2012 07-05 eduardo coelho - revolução tecnológica - a influencia dos jogos
 
2012 06-27 imersão academia de redes itcursos
2012 06-27 imersão academia de redes itcursos2012 06-27 imersão academia de redes itcursos
2012 06-27 imersão academia de redes itcursos
 
2012 06-05 porque voce precisa ser fera em linux.pdf
2012 06-05 porque voce precisa ser fera em linux.pdf2012 06-05 porque voce precisa ser fera em linux.pdf
2012 06-05 porque voce precisa ser fera em linux.pdf
 
2011 11-05 csi - valores pessoais
2011 11-05 csi - valores pessoais2011 11-05 csi - valores pessoais
2011 11-05 csi - valores pessoais
 
2011 09-22 responsabilidade social, o profissional e a empresa.pdf
2011 09-22 responsabilidade social, o profissional e a empresa.pdf2011 09-22 responsabilidade social, o profissional e a empresa.pdf
2011 09-22 responsabilidade social, o profissional e a empresa.pdf
 
2011 04-26 estacio fcc - palestra cloud computing para o profissional de ti
2011 04-26 estacio fcc - palestra cloud computing para o profissional de ti2011 04-26 estacio fcc - palestra cloud computing para o profissional de ti
2011 04-26 estacio fcc - palestra cloud computing para o profissional de ti
 
2010 10-16 workshop gestão de projetos 2010 - palestra gestão de tempo de g...
2010 10-16 workshop gestão de projetos 2010 - palestra gestão de tempo de g...2010 10-16 workshop gestão de projetos 2010 - palestra gestão de tempo de g...
2010 10-16 workshop gestão de projetos 2010 - palestra gestão de tempo de g...
 
2010 09-22 infra rn security meeting - palestra firewalls opensource
2010 09-22 infra rn security meeting - palestra firewalls opensource2010 09-22 infra rn security meeting - palestra firewalls opensource
2010 09-22 infra rn security meeting - palestra firewalls opensource
 
2010 09-17 farn sistemas de informação 6o periodo - palestra e-commerce
2010 09-17 farn sistemas de informação 6o periodo - palestra e-commerce2010 09-17 farn sistemas de informação 6o periodo - palestra e-commerce
2010 09-17 farn sistemas de informação 6o periodo - palestra e-commerce
 
Firewalls Opensource
Firewalls OpensourceFirewalls Opensource
Firewalls Opensource
 

Recently uploaded

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 

Recently uploaded (20)

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 

Dual stack IPv4 / IPv6 Security Issues - A simple proof of concept

  • 1. DUAL STACK SECURITY A simple proof of concept on IPv4/IPv6 stacks Some thoughts about current dual stack setups Eduardo Coelho http://coelho.pro.br
  • 2. SCENARIO • virtual •2 simulated environment linux vms, 1 windows8 vm • vmware built-in IPv4 DHCP server, host-only network • simulated rogue IPv6 ra/dhcp/dns with regular linux software
  • 4. DUAL STACK MAY NOT BE SMOOTH FROM A SECURITY STAND POINT
  • 5. IPV6 ADDRESSING • global • link unicast local • unique local • others: anycast, multicast, reserved and special
  • 6. AUTOCONF IS A BIG THING • lets try to understand how it works: • stateless • router • IPv6 autoconf advertisement and prefix distribution routing
  • 7. DNS SETTINGS DELIVERY • llmnr • stateless • dns-ra dhcp6 (problem:windows non-compliance to rfc6106) • remember naming is now more important than with ipv4, due to human difficulty manually handling ipv6 addresses
  • 8. AUTOCONF CONCERNS • rogue routers • rogue dhcp servers • sniffing • spoofing (man in the middle attacks)
  • 9. CONCLUSIONS • we have provided a simple proof of concept for a rogue ra/ dns server on a dual-stack ipv4/ipv6 environment • ipv6 technologies should be very well understood, specially on dual-stack setups, which is how most of networks are set • some of the security issues are not ipv6 specific, but have a greater impact due to current lack of precautions • most issues are due to stack implementation or by design, which makes it difficult to mitigate
  • 10. REFERENCES Unique Local Address http://en.wikipedia.org/wiki/ Unique_local_address ! Unique Local Unicast Addresses http://tools.ietf.org/html/rfc4193 ! Deprecating Site Local Addresses http://tools.ietf.org/rfc/rfc3879.txt ! IPv6 Support in Home Routers http://msdn.microsoft.com/en-us/ library/windows/hardware/ gg463251.aspx ! Prefix delegation http://en.wikipedia.org/wiki/ Prefix_delegation ! Requirements for IPv6 Prefix Delegation http://tools.ietf.org/html/rfc3769 Internet powers flip the IPv6 switch (FAQ) http://news.cnet.com/ 8301-1001_3-57445316-92/internetpowers-flip-the-ipv6-switch-faq/ ! IPv6-capable devices: Make sure they are ready http://www.techrepublic.com/blog/ networking/ipv6-capable-devicesmake-sure-they-are-ready/2522 ! IPv6 Ready Logo Program https://www.ipv6ready.org Router Advertisement (radvd) configuration http://wiki.openwrt.org/doc/uci/radvd ! ! ! IPv6: When do you really need to switch? http://www.zdnet.com/blog/networking/ ipv6-when-do-you-really-need-toswitch/2444 ! ! Portal IPv6 NIC.br http://ipv6.br ! IPv6 http://en.wikipedia.org/wiki/IPv6 ! IPv6 transition mechanisms http://en.wikipedia.org/wiki/ IPv6_transition_mechanisms IPv6 Prefix Options for DHCP version 6 http://www.ietf.org/rfc/rfc3633.txt ! IP Version 6 Addressing Architecture http://tools.ietf.org/html/rfc4291 ! Comparison of IPv6 support in operating systems http://en.wikipedia.org/wiki/ Comparison_of_IPv6_support_in_oper ating_systems Internet Protocol Version 6 Address Space http://www.iana.org/assignments/ipv6address-space/ipv6-address-space.xml ! ! Does Win7 or W2K8 server support RFC 6106? http://social.technet.microsoft.com/ Forums/en-US/ipv6/thread/ 5757980a-5983-4efca5f3-27687b90fe41/ ! Delivering DNS via IPv6 Router http://www.itdojo.com/2011/05/02/ delivering-dns-via-ipv6-routeradvertisements/