Hachetetepé dos puntos SLAAC SLAAC

17,456 views

Published on

Diapositivas utilizadas durante la última RootedCON 2012 para presentar ataques SLAAC en esquemas de man in the middle

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
17,456
On SlideShare
0
From Embeds
0
Number of Embeds
15,317
Actions
Shares
0
Downloads
73
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Hachetetepé dos puntos SLAAC SLAAC

  1. 1. Hachetetepé dos puntos SLAAC SLACC Chema Alonso chema@informatica64.com
  2. 2. IPv6 Basics & Attacks• Watch NCN’12 video – http://www.elladodelmal.com/2012/11/fc 001-algunos-ataques-en-ipv6.html
  3. 3. IPv6 is on your box!
  4. 4. And it works!: ipconfig
  5. 5. And it works!: route print
  6. 6. And it works!: ping
  7. 7. And it works!: ping
  8. 8. LLMNR
  9. 9. And it works!: Neightbors
  10. 10. ICMPv6• No ARP – No ARP Spoofing – Tools anti-ARP Spoofing are useless• Neighbor Discover uses ICPMv6 – NS: Neighbor Solicitation – NA: Neighbor Advertisement
  11. 11. NS/NA
  12. 12. NA Spoofing
  13. 13. NA Spoofing
  14. 14. Demo 1: Mitm using NA Spoofing
  15. 15. ICMPv6: SLAAC• Stateless Address Auto Configuration• Devices ask for routers• Routers public their IPv6 Address• Devices auto-configure IPv6 and Gateway – RS: Router Solicitation – RA: Router Advertisement
  16. 16. DNS Autodiscovery
  17. 17. And it works!: Web Browser
  18. 18. Windows Behavior• IPv4 & IPv6 – DNSv4 queries A & AAAA• IPv6 Only – DNSv6 queries A• IPv6 & IPv4 Local Link – DNSv6 queries AAAA
  19. 19. DNS64 & NAT64
  20. 20. HTTP-s Connections• SSL Strip – Remove “S” from HTTP-s links• SSL Sniff – Use a Fake CA to create dynamicly Fake CA• Evil FOCA does SSL Strip (so far)
  21. 21. Demo 2: hachetetepé dos puntos SLAAC SLAAC
  22. 22. SLAAC D.O.S.
  23. 23. Conclusions• IPv6 is on your box – Configure it or kill it (if possible)• IPv6 is on your network – IPv4 security controls are not enough – Topera
  24. 24. ConclusionsFEAR (the EVIL) FOCA!
  25. 25. Thanks to• THC (The Hacking Choice) – Included in Back Track – Parasite6 – Redir6 – Flood_router6 – …..• Scappy
  26. 26. …and some last words

×