Hachetetepé dos puntos    SLAAC SLACC      Chema Alonso chema@informatica64.com
IPv6 Basics & Attacks• Watch NCN’12 video  – http://www.elladodelmal.com/2012/11/fc    001-algunos-ataques-en-ipv6.html
IPv6 is on your box!
And it works!: ipconfig
And it works!: route print
And it works!: ping
And it works!: ping
LLMNR
And it works!: Neightbors
ICMPv6• No ARP  – No ARP Spoofing  – Tools anti-ARP Spoofing are useless• Neighbor Discover uses ICPMv6  – NS: Neighbor So...
NS/NA
NA Spoofing
NA Spoofing
Demo 1: Mitm using NA Spoofing
ICMPv6: SLAAC•   Stateless Address Auto Configuration•   Devices ask for routers•   Routers public their IPv6 Address•   D...
DNS Autodiscovery
And it works!: Web Browser
Windows Behavior• IPv4 & IPv6  – DNSv4 queries A & AAAA• IPv6 Only  – DNSv6 queries A• IPv6 & IPv4 Local Link  – DNSv6 que...
DNS64 & NAT64
HTTP-s Connections• SSL Strip  – Remove “S” from HTTP-s links• SSL Sniff  – Use a Fake CA to create dynamicly Fake CA• Evi...
Demo 2: hachetetepé dos puntos        SLAAC SLACC
SLAAC D.O.S.
Conclusions• IPv6 is on your box  – Configure it or kill it (if possible)• IPv6 is on your network  – IPv4 security contro...
ConclusionsFEAR (the EVIL) FOCA!
Thanks to• THC (The Hacking Choice)  –   Included in Back Track  –   Parasite6  –   Redir6  –   Flood_router6  –   …..• Sc...
…and some last words
Upcoming SlideShare
Loading in …5
×

Chema Alonso - Hachetetepe dospuntos slaac slaac [Rooted CON 2013]

1,678 views

Published on

El protocolo IPv6 está por defecto instalado y configurado en todos los Windows con kernel 6.x, es decir, desde Windows Vista a Windows Server 2012, y entre los muchos protocolos y estándares que rodean a IPv6 SLAAC es quizá el que más juego puede dar en una organización. En esta sesión se verán algunos ejemplos de uso de SLAAC que harán que tus auditorías de seguridad sean mucho más divertidas.

Published in: Technology
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,678
On SlideShare
0
From Embeds
0
Number of Embeds
7
Actions
Shares
0
Downloads
34
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide

Chema Alonso - Hachetetepe dospuntos slaac slaac [Rooted CON 2013]

  1. 1. Hachetetepé dos puntos SLAAC SLACC Chema Alonso chema@informatica64.com
  2. 2. IPv6 Basics & Attacks• Watch NCN’12 video – http://www.elladodelmal.com/2012/11/fc 001-algunos-ataques-en-ipv6.html
  3. 3. IPv6 is on your box!
  4. 4. And it works!: ipconfig
  5. 5. And it works!: route print
  6. 6. And it works!: ping
  7. 7. And it works!: ping
  8. 8. LLMNR
  9. 9. And it works!: Neightbors
  10. 10. ICMPv6• No ARP – No ARP Spoofing – Tools anti-ARP Spoofing are useless• Neighbor Discover uses ICPMv6 – NS: Neighbor Solicitation – NA: Neighbor Advertisement
  11. 11. NS/NA
  12. 12. NA Spoofing
  13. 13. NA Spoofing
  14. 14. Demo 1: Mitm using NA Spoofing
  15. 15. ICMPv6: SLAAC• Stateless Address Auto Configuration• Devices ask for routers• Routers public their IPv6 Address• Devices auto-configure IPv6 and Gateway – RS: Router Solicitation – RA: Router Advertisement
  16. 16. DNS Autodiscovery
  17. 17. And it works!: Web Browser
  18. 18. Windows Behavior• IPv4 & IPv6 – DNSv4 queries A & AAAA• IPv6 Only – DNSv6 queries A• IPv6 & IPv4 Local Link – DNSv6 queries AAAA
  19. 19. DNS64 & NAT64
  20. 20. HTTP-s Connections• SSL Strip – Remove “S” from HTTP-s links• SSL Sniff – Use a Fake CA to create dynamicly Fake CA• Evil FOCA does SSL Strip (so far)
  21. 21. Demo 2: hachetetepé dos puntos SLAAC SLACC
  22. 22. SLAAC D.O.S.
  23. 23. Conclusions• IPv6 is on your box – Configure it or kill it (if possible)• IPv6 is on your network – IPv4 security controls are not enough – Topera
  24. 24. ConclusionsFEAR (the EVIL) FOCA!
  25. 25. Thanks to• THC (The Hacking Choice) – Included in Back Track – Parasite6 – Redir6 – Flood_router6 – …..• Scappy
  26. 26. …and some last words

×