Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

IPv6 for Pentester

271 views

Published on

- Basics of IPv6
- How to use IPv6 for network penetration test.
- How to configure network security with respect to IPv6
- Tools of the trade for IPv6

Published in: Technology
  • Be the first to comment

IPv6 for Pentester

  1. 1. IPv6 for Pentester
  2. 2. Introduction Amish Patadiya: Designation & Company: ● Senior Security Consultant, NotSoSecure India Pvt. Ltd. Relevant Experience in Infosec: ● More than 7 years Contact: ● Email: amish.patadiya@gmail.com ● Twitter: @AmishPatadiya ● LinkedIn: https://in.linkedin.com/in/amish-patadiya
  3. 3. Topics covered ● What is IPv6? ● Text Representation of Address ● Address Types ● Pentester Scenario-1 ● Pentester Scenario-2 ● Pentester Scenario-3 ● Securing Network ● Tools of the trade
  4. 4. What is IPv6?
  5. 5. What is IPv6? ● Internet Protocol version 6 developed by the Internet Engineering Task Force (IETF) ● 128 bit address, theoretically allowing 2^128, or approximately 3.4×10^38 addresses ● Divided into 8 groups of 4 hexadecimal digits with group being separated by colons ○ For e.g. 2001:0db8:0000:0042:0000:8a2e:0370:7334 ● The IPv6 subnet size is standardized by fixing the size of the host identifier portion of an address to 64 bits.
  6. 6. Example of IPv6
  7. 7. Text Representation of Address
  8. 8. Text Representation of Address ● There are three conventional forms for representing IPv6 addresses as text strings:
  9. 9. Text Representation of Address 1) The preferred form is x:x:x:x:x:x:x:x, where the 'x's are one to four hexadecimal digits of the eight 16-bit pieces of the address. Examples: a) ABCD:EF01:2345:6789:ABCD:EF01:2345:6789 b) 2001:DB8:0:0:8:800:200C:417A
  10. 10. Text Representation of Address 2) The use of "::" indicates one or more groups of 16 bits of zeros. The "::" can only appear once in an address. The "::" can also be used to compress leading or trailing zeros in an address. a) For example, the following addresses i) 2001:DB8:0:0:8:800:200C:417A ii) FF01:0:0:0:0:0:0:101 iii) 0:0:0:0:0:0:0:1 iv) 0:0:0:0:0:0:0:0 b) may be represented as i) 2001:DB8::8:800:200C:417A ii) FF01::101 iii) ::1 iv) ::
  11. 11. Text Representation of Address 3) An alternative form that is sometimes more convenient when dealing with a mixed environment of IPv4 and IPv6 nodes is x:x:x:x:x:x:d.d.d.d, where the 'x's are the hexadecimal values of the six high-order 16-bit pieces of the address, and the 'd's are 8-bit pieces of the address (standard IPv4 representation). a) Examples: i) 0:0:0:0:0:0:13.1.68.3 ii) 0:0:0:0:0:FFFF:129.144.52.38 b) or in compressed form: i) ::13.1.68.3 ii) ::FFFF:129.144.52.38
  12. 12. Text Representation of Address Prefix ● Similar to the way IPv4 address prefixes are written in Classless Inter-Domain Routing (CIDR) notation [CIDR]. ipv6-address/prefix-length Where, ○ Ipv6-address - is an IPv6 address ○ Prefix-length - is a decimal value specifying how many of the leftmost contiguous bits of the address comprise the prefix.
  13. 13. Text Representation of Address Prefix ● For example, the following are legal representations of the 60-bit prefix 20010DB80000CD3 (hexadecimal): ○ 2001:0DB8:0000:CD30:0000:0000:0000:0000/60 ○ 2001:0DB8::CD30:0:0:0:0/60 ○ 2001:0DB8:0:CD30::/60
  14. 14. Address Types
  15. 15. Address Types Address type Binary prefix IPv6 notation Unspecified 00...0 (128 bits) ::/128 Loopback 00...1 (128 bits) ::1/128 Multicast 11111111 FF00::/8 Link-Local unicast 1111111010 FE80::/10 Unique-Local unicast 11111110 FC00::/7 Global Unicast (everything else) e.g. 00100000 [block for current assignment] 2000::/3
  16. 16. Address Types ● Link Local Unicast ○ Starts with FE80::/10 ○ Non Routable ○ Auto Assigned ○ Required ○ It is the first address ● Global Unicast ○ Starts with 2000::/3 ○ Globally Routable ○ Assigned by Internet Service Provider (ISP) / Regional Internet Registry (RIR) ● Unique Local Unicast ○ Starts with FC00::/7 ○ Internally Routable ○ Typically starts with FD00::/8
  17. 17. Pentester Scenario - 1
  18. 18. Pentester Scenario - 1 ● Services running on the server
  19. 19. Pentester Scenario - 1 ● Attacker machine
  20. 20. Pentester Scenario - 1 ● Services are accessible from attacker machine ○ SSH: ○ SNMP
  21. 21. Pentester Scenario - 1 ● Blocking attacker’s IP ‘192.168.1.117’
  22. 22. Pentester Scenario - 1 ● Services are no more accessible from attacker’s IP ‘192.168.1.117’
  23. 23. Pentester Scenario - 1
  24. 24. Pentester Scenario - 1 ● Services are accessible from attacker’s IPv6
  25. 25. Pentester Scenario - 2
  26. 26. Pentester Scenario - 2 ● What if a service running over IPv4 only?
  27. 27. Pentester Scenario - 2 ● Use socat to make it available over IPv6
  28. 28. Pentester Scenario - 2 ● Blocking attacker for IPv4 only service
  29. 29. Pentester Scenario - 2 ● IPv4 only service was still accessible using IPv6
  30. 30. Pentester Scenario - 3
  31. 31. Pentester Scenario - 3 ● Not many tools which supports IPv6 ● What to do if service is running on IPv6? ○ SNMP service running over IPv6
  32. 32. Pentester Scenario - 3 ● Think of scenario 2 in reverse.
  33. 33. Pentester Scenario - 3 ● Run IPv4 tools on ‘127.0.0.1’ address
  34. 34. Securing Network
  35. 35. Securing Network ● For Ubuntu (Linux):
  36. 36. Securing Network ● For Windows:
  37. 37. Tools of the trade
  38. 38. Tools of the trade ● Ping: ○ ping6 -I <interface> <IPv6 address>
  39. 39. Tools of the trade ● SSH: ○ ssh <user>@<IPv6 address>
  40. 40. Tools of the trade ● Telnet: ○ telnet <IPv6 address> <port number>
  41. 41. Tools of the trade ● Assigning an IPv6 address to an interface: ○ ip -6 addr add <IPv6 address/prefix> dev <interface>
  42. 42. Tools of the trade ● Assigning an IPv6 address to an interface: ○ ifconfig <interface> inet6 add <IPv6 address/prefix>
  43. 43. References ● IPv6 RFCs ● https://www.youtube.com/watch?v=DJSuLcw7zB0 ● http://www.infosec.gov.hk/english/technical/files/ipv6s.pdf ● http://www.dest-unreach.org/socat/doc/socat.html ● https://www.youtube.com/watch?v=O0mniyVioJk

×