SlideShare a Scribd company logo

IPv6 for Pentester

A
Amish Patadiya

- Basics of IPv6 - How to use IPv6 for network penetration test. - How to configure network security with respect to IPv6 - Tools of the trade for IPv6

Technology
1 of 45
Download to read offline
IPv6 for Pentester
Introduction Amish Patadiya: Designation & Company: ● Senior Security Consultant, NotSoSecure India Pvt. Ltd. Relevant Experience in Infosec: ● More than 7 years Contact: ● Email: amish.patadiya@gmail.com ● Twitter: @AmishPatadiya ● LinkedIn: https://in.linkedin.com/in/amish-patadiya
Topics covered ● What is IPv6? ● Text Representation of Address ● Address Types ● Pentester Scenario-1 ● Pentester Scenario-2 ● Pentester Scenario-3 ● Securing Network ● Tools of the trade
What is IPv6?
What is IPv6? ● Internet Protocol version 6 developed by the Internet Engineering Task Force (IETF) ● 128 bit address, theoretically allowing 2^128, or approximately 3.4×10^38 addresses ● Divided into 8 groups of 4 hexadecimal digits with group being separated by colons ○ For e.g. 2001:0db8:0000:0042:0000:8a2e:0370:7334 ● The IPv6 subnet size is standardized by fixing the size of the host identifier portion of an address to 64 bits.
Example of IPv6
Text Representation of Address
Text Representation of Address ● There are three conventional forms for representing IPv6 addresses as text strings:
Text Representation of Address 1) The preferred form is x:x:x:x:x:x:x:x, where the 'x's are one to four hexadecimal digits of the eight 16-bit pieces of the address. Examples: a) ABCD:EF01:2345:6789:ABCD:EF01:2345:6789 b) 2001:DB8:0:0:8:800:200C:417A
Text Representation of Address 2) The use of "::" indicates one or more groups of 16 bits of zeros. The "::" can only appear once in an address. The "::" can also be used to compress leading or trailing zeros in an address. a) For example, the following addresses i) 2001:DB8:0:0:8:800:200C:417A ii) FF01:0:0:0:0:0:0:101 iii) 0:0:0:0:0:0:0:1 iv) 0:0:0:0:0:0:0:0 b) may be represented as i) 2001:DB8::8:800:200C:417A ii) FF01::101 iii) ::1 iv) ::
Text Representation of Address 3) An alternative form that is sometimes more convenient when dealing with a mixed environment of IPv4 and IPv6 nodes is x:x:x:x:x:x:d.d.d.d, where the 'x's are the hexadecimal values of the six high-order 16-bit pieces of the address, and the 'd's are 8-bit pieces of the address (standard IPv4 representation). a) Examples: i) 0:0:0:0:0:0:13.1.68.3 ii) 0:0:0:0:0:FFFF:129.144.52.38 b) or in compressed form: i) ::13.1.68.3 ii) ::FFFF:129.144.52.38
Text Representation of Address Prefix ● Similar to the way IPv4 address prefixes are written in Classless Inter-Domain Routing (CIDR) notation [CIDR]. ipv6-address/prefix-length Where, ○ Ipv6-address - is an IPv6 address ○ Prefix-length - is a decimal value specifying how many of the leftmost contiguous bits of the address comprise the prefix.
Text Representation of Address Prefix ● For example, the following are legal representations of the 60-bit prefix 20010DB80000CD3 (hexadecimal): ○ 2001:0DB8:0000:CD30:0000:0000:0000:0000/60 ○ 2001:0DB8::CD30:0:0:0:0/60 ○ 2001:0DB8:0:CD30::/60
Address Types
Address Types Address type Binary prefix IPv6 notation Unspecified 00...0 (128 bits) ::/128 Loopback 00...1 (128 bits) ::1/128 Multicast 11111111 FF00::/8 Link-Local unicast 1111111010 FE80::/10 Unique-Local unicast 11111110 FC00::/7 Global Unicast (everything else) e.g. 00100000 [block for current assignment] 2000::/3
Address Types ● Link Local Unicast ○ Starts with FE80::/10 ○ Non Routable ○ Auto Assigned ○ Required ○ It is the first address ● Global Unicast ○ Starts with 2000::/3 ○ Globally Routable ○ Assigned by Internet Service Provider (ISP) / Regional Internet Registry (RIR) ● Unique Local Unicast ○ Starts with FC00::/7 ○ Internally Routable ○ Typically starts with FD00::/8
Pentester Scenario - 1
Pentester Scenario - 1 ● Services running on the server
Pentester Scenario - 1 ● Attacker machine
Pentester Scenario - 1 ● Services are accessible from attacker machine ○ SSH: ○ SNMP
Pentester Scenario - 1 ● Blocking attacker’s IP ‘192.168.1.117’
Pentester Scenario - 1 ● Services are no more accessible from attacker’s IP ‘192.168.1.117’
Pentester Scenario - 1
Pentester Scenario - 1 ● Services are accessible from attacker’s IPv6
Pentester Scenario - 2
Pentester Scenario - 2 ● What if a service running over IPv4 only?
Pentester Scenario - 2 ● Use socat to make it available over IPv6
Pentester Scenario - 2 ● Blocking attacker for IPv4 only service
Pentester Scenario - 2 ● IPv4 only service was still accessible using IPv6
Pentester Scenario - 3
Pentester Scenario - 3 ● Not many tools which supports IPv6 ● What to do if service is running on IPv6? ○ SNMP service running over IPv6
Pentester Scenario - 3 ● Think of scenario 2 in reverse.
Pentester Scenario - 3 ● Run IPv4 tools on ‘127.0.0.1’ address
Securing Network
Securing Network ● For Ubuntu (Linux):
Securing Network ● For Windows:
Tools of the trade
Tools of the trade ● Ping: ○ ping6 -I <interface> <IPv6 address>
Tools of the trade ● SSH: ○ ssh <user>@<IPv6 address>
Tools of the trade ● Telnet: ○ telnet <IPv6 address> <port number>
Tools of the trade ● Assigning an IPv6 address to an interface: ○ ip -6 addr add <IPv6 address/prefix> dev <interface>
Tools of the trade ● Assigning an IPv6 address to an interface: ○ ifconfig <interface> inet6 add <IPv6 address/prefix>
References ● IPv6 RFCs ● https://www.youtube.com/watch?v=DJSuLcw7zB0 ● http://www.infosec.gov.hk/english/technical/files/ipv6s.pdf ● http://www.dest-unreach.org/socat/doc/socat.html ● https://www.youtube.com/watch?v=O0mniyVioJk
IPv6 for Pentester

Recommended

社労士的に思うAmazon S3魅力と文書管理についての考察
社労士的に思うAmazon S3魅力と文書管理についての考察社労士的に思うAmazon S3魅力と文書管理についての考察
社労士的に思うAmazon S3魅力と文書管理についての考察Takashi Uchibe
 
Unique ID generation in distributed systems
Unique ID generation in distributed systemsUnique ID generation in distributed systems
Unique ID generation in distributed systemsDave Gardner
 
MariaDB MaxScale: an Intelligent Database Proxy
MariaDB MaxScale: an Intelligent Database ProxyMariaDB MaxScale: an Intelligent Database Proxy
MariaDB MaxScale: an Intelligent Database ProxyMarkus Mäkelä
 
Improving fault tolerance and scaling out in Kafka Streams with Bill Bejeck |...
Improving fault tolerance and scaling out in Kafka Streams with Bill Bejeck |...Improving fault tolerance and scaling out in Kafka Streams with Bill Bejeck |...
Improving fault tolerance and scaling out in Kafka Streams with Bill Bejeck |...HostedbyConfluent
 
Apache BookKeeper State Store: A Durable Key-Value Store - Pulsar Summit NA 2021
Apache BookKeeper State Store: A Durable Key-Value Store - Pulsar Summit NA 2021Apache BookKeeper State Store: A Durable Key-Value Store - Pulsar Summit NA 2021
Apache BookKeeper State Store: A Durable Key-Value Store - Pulsar Summit NA 2021StreamNative
 
ProxySQL High Availability (Clustering)
ProxySQL High Availability (Clustering)ProxySQL High Availability (Clustering)
ProxySQL High Availability (Clustering)Mydbops
 
How pulsar stores data at Pulsar-na-summit-2021.pptx (1)
How pulsar stores data at Pulsar-na-summit-2021.pptx (1)How pulsar stores data at Pulsar-na-summit-2021.pptx (1)
How pulsar stores data at Pulsar-na-summit-2021.pptx (1)Shivji Kumar Jha
 
Improving Kafka at-least-once performance at Uber
Improving Kafka at-least-once performance at UberImproving Kafka at-least-once performance at Uber
Improving Kafka at-least-once performance at UberYing Zheng
 

Recommended

社労士的に思うAmazon S3魅力と文書管理についての考察
社労士的に思うAmazon S3魅力と文書管理についての考察社労士的に思うAmazon S3魅力と文書管理についての考察
社労士的に思うAmazon S3魅力と文書管理についての考察Takashi Uchibe
 
Unique ID generation in distributed systems
Unique ID generation in distributed systemsUnique ID generation in distributed systems
Unique ID generation in distributed systemsDave Gardner
 
MariaDB MaxScale: an Intelligent Database Proxy
MariaDB MaxScale: an Intelligent Database ProxyMariaDB MaxScale: an Intelligent Database Proxy
MariaDB MaxScale: an Intelligent Database ProxyMarkus Mäkelä
 
Improving fault tolerance and scaling out in Kafka Streams with Bill Bejeck |...
Improving fault tolerance and scaling out in Kafka Streams with Bill Bejeck |...Improving fault tolerance and scaling out in Kafka Streams with Bill Bejeck |...
Improving fault tolerance and scaling out in Kafka Streams with Bill Bejeck |...HostedbyConfluent
 
Apache BookKeeper State Store: A Durable Key-Value Store - Pulsar Summit NA 2021
Apache BookKeeper State Store: A Durable Key-Value Store - Pulsar Summit NA 2021Apache BookKeeper State Store: A Durable Key-Value Store - Pulsar Summit NA 2021
Apache BookKeeper State Store: A Durable Key-Value Store - Pulsar Summit NA 2021StreamNative
 
ProxySQL High Availability (Clustering)
ProxySQL High Availability (Clustering)ProxySQL High Availability (Clustering)
ProxySQL High Availability (Clustering)Mydbops
 
How pulsar stores data at Pulsar-na-summit-2021.pptx (1)
How pulsar stores data at Pulsar-na-summit-2021.pptx (1)How pulsar stores data at Pulsar-na-summit-2021.pptx (1)
How pulsar stores data at Pulsar-na-summit-2021.pptx (1)Shivji Kumar Jha
 
Improving Kafka at-least-once performance at Uber
Improving Kafka at-least-once performance at UberImproving Kafka at-least-once performance at Uber
Improving Kafka at-least-once performance at UberYing Zheng
 
CI/CD with an Idempotent Kafka Producer & Consumer | Kafka Summit London 2022
CI/CD with an Idempotent Kafka Producer & Consumer | Kafka Summit London 2022CI/CD with an Idempotent Kafka Producer & Consumer | Kafka Summit London 2022
CI/CD with an Idempotent Kafka Producer & Consumer | Kafka Summit London 2022HostedbyConfluent
 
Database Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best PracticesDatabase Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best PracticesMariaDB plc
 
From cache to in-memory data grid. Introduction to Hazelcast.
From cache to in-memory data grid. Introduction to Hazelcast.From cache to in-memory data grid. Introduction to Hazelcast.
From cache to in-memory data grid. Introduction to Hazelcast.Taras Matyashovsky
 
Fauna DB - Functional NoSQL
Fauna DB - Functional NoSQLFauna DB - Functional NoSQL
Fauna DB - Functional NoSQLConor Farrell
 
Introduction to Apache ZooKeeper
Introduction to Apache ZooKeeperIntroduction to Apache ZooKeeper
Introduction to Apache ZooKeeperSaurav Haloi
 
Expose your event-driven data to the outside world using webhooks powered by ...
Expose your event-driven data to the outside world using webhooks powered by ...Expose your event-driven data to the outside world using webhooks powered by ...
Expose your event-driven data to the outside world using webhooks powered by ...HostedbyConfluent
 
From Message to Cluster: A Realworld Introduction to Kafka Capacity Planning
From Message to Cluster: A Realworld Introduction to Kafka Capacity PlanningFrom Message to Cluster: A Realworld Introduction to Kafka Capacity Planning
From Message to Cluster: A Realworld Introduction to Kafka Capacity Planningconfluent
 
Kafka PPT.pptx
Kafka PPT.pptxKafka PPT.pptx
Kafka PPT.pptxSRIRAMKIRAN9
 
webservice scaling for newbie
webservice scaling for newbiewebservice scaling for newbie
webservice scaling for newbieDaeMyung Kang
 
Running MariaDB in multiple data centers
Running MariaDB in multiple data centersRunning MariaDB in multiple data centers
Running MariaDB in multiple data centersMariaDB plc
 
A Technical Introduction to WiredTiger
A Technical Introduction to WiredTigerA Technical Introduction to WiredTiger
A Technical Introduction to WiredTigerMongoDB
 
Keep Calm And Serilog Elasticsearch Kibana on .NET Core
Keep Calm And Serilog Elasticsearch Kibana on .NET CoreKeep Calm And Serilog Elasticsearch Kibana on .NET Core
Keep Calm And Serilog Elasticsearch Kibana on .NET CoreMaciej Szymczyk
 
HAProxy 1.9
HAProxy 1.9HAProxy 1.9
HAProxy 1.9HAProxy Technologies
 
Amazon Aurora: Under the Hood
Amazon Aurora: Under the HoodAmazon Aurora: Under the Hood
Amazon Aurora: Under the HoodAmazon Web Services
 
Square Engineering's "Fail Fast, Retry Soon" Performance Optimization Technique
Square Engineering's "Fail Fast, Retry Soon" Performance Optimization TechniqueSquare Engineering's "Fail Fast, Retry Soon" Performance Optimization Technique
Square Engineering's "Fail Fast, Retry Soon" Performance Optimization TechniqueScyllaDB
 
Introduction and Overview of Apache Kafka, TriHUG July 23, 2013
Introduction and Overview of Apache Kafka, TriHUG July 23, 2013Introduction and Overview of Apache Kafka, TriHUG July 23, 2013
Introduction and Overview of Apache Kafka, TriHUG July 23, 2013mumrah
 
Fundamentals of Apache Kafka
Fundamentals of Apache KafkaFundamentals of Apache Kafka
Fundamentals of Apache KafkaChhavi Parasher
 
APACHE KAFKA / Kafka Connect / Kafka Streams
APACHE KAFKA / Kafka Connect / Kafka StreamsAPACHE KAFKA / Kafka Connect / Kafka Streams
APACHE KAFKA / Kafka Connect / Kafka StreamsKetan Gote
 
Dissecting the rabbit: RabbitMQ Internal Architecture
Dissecting the rabbit: RabbitMQ Internal ArchitectureDissecting the rabbit: RabbitMQ Internal Architecture
Dissecting the rabbit: RabbitMQ Internal ArchitectureAlvaro Videla
 
Using Modular Topologies in Kafka Streams to scale ksqlDB’s persistent querie...
Using Modular Topologies in Kafka Streams to scale ksqlDB’s persistent querie...Using Modular Topologies in Kafka Streams to scale ksqlDB’s persistent querie...
Using Modular Topologies in Kafka Streams to scale ksqlDB’s persistent querie...HostedbyConfluent
 
4 ipv6
4 ipv64 ipv6
4 ipv6Jadavsejal
 
CN 5151(15) Module II part 2 13082020.pdf
CN 5151(15) Module II part 2 13082020.pdfCN 5151(15) Module II part 2 13082020.pdf
CN 5151(15) Module II part 2 13082020.pdfADARSHN40
 

More Related Content

What's hot

CI/CD with an Idempotent Kafka Producer & Consumer | Kafka Summit London 2022
CI/CD with an Idempotent Kafka Producer & Consumer | Kafka Summit London 2022CI/CD with an Idempotent Kafka Producer & Consumer | Kafka Summit London 2022
CI/CD with an Idempotent Kafka Producer & Consumer | Kafka Summit London 2022HostedbyConfluent
 
Database Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best PracticesDatabase Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best PracticesMariaDB plc
 
From cache to in-memory data grid. Introduction to Hazelcast.
From cache to in-memory data grid. Introduction to Hazelcast.From cache to in-memory data grid. Introduction to Hazelcast.
From cache to in-memory data grid. Introduction to Hazelcast.Taras Matyashovsky
 
Fauna DB - Functional NoSQL
Fauna DB - Functional NoSQLFauna DB - Functional NoSQL
Fauna DB - Functional NoSQLConor Farrell
 
Introduction to Apache ZooKeeper
Introduction to Apache ZooKeeperIntroduction to Apache ZooKeeper
Introduction to Apache ZooKeeperSaurav Haloi
 
Expose your event-driven data to the outside world using webhooks powered by ...
Expose your event-driven data to the outside world using webhooks powered by ...Expose your event-driven data to the outside world using webhooks powered by ...
Expose your event-driven data to the outside world using webhooks powered by ...HostedbyConfluent
 
From Message to Cluster: A Realworld Introduction to Kafka Capacity Planning
From Message to Cluster: A Realworld Introduction to Kafka Capacity PlanningFrom Message to Cluster: A Realworld Introduction to Kafka Capacity Planning
From Message to Cluster: A Realworld Introduction to Kafka Capacity Planningconfluent
 
webservice scaling for newbie
webservice scaling for newbiewebservice scaling for newbie
webservice scaling for newbieDaeMyung Kang
 
Running MariaDB in multiple data centers
Running MariaDB in multiple data centersRunning MariaDB in multiple data centers
Running MariaDB in multiple data centersMariaDB plc
 
A Technical Introduction to WiredTiger
A Technical Introduction to WiredTigerA Technical Introduction to WiredTiger
A Technical Introduction to WiredTigerMongoDB
 
Keep Calm And Serilog Elasticsearch Kibana on .NET Core
Keep Calm And Serilog Elasticsearch Kibana on .NET CoreKeep Calm And Serilog Elasticsearch Kibana on .NET Core
Keep Calm And Serilog Elasticsearch Kibana on .NET CoreMaciej Szymczyk
 
Square Engineering's "Fail Fast, Retry Soon" Performance Optimization Technique
Square Engineering's "Fail Fast, Retry Soon" Performance Optimization TechniqueSquare Engineering's "Fail Fast, Retry Soon" Performance Optimization Technique
Square Engineering's "Fail Fast, Retry Soon" Performance Optimization TechniqueScyllaDB
 
Introduction and Overview of Apache Kafka, TriHUG July 23, 2013
Introduction and Overview of Apache Kafka, TriHUG July 23, 2013Introduction and Overview of Apache Kafka, TriHUG July 23, 2013
Introduction and Overview of Apache Kafka, TriHUG July 23, 2013mumrah
 
Fundamentals of Apache Kafka
Fundamentals of Apache KafkaFundamentals of Apache Kafka
Fundamentals of Apache KafkaChhavi Parasher
 
APACHE KAFKA / Kafka Connect / Kafka Streams
APACHE KAFKA / Kafka Connect / Kafka StreamsAPACHE KAFKA / Kafka Connect / Kafka Streams
APACHE KAFKA / Kafka Connect / Kafka StreamsKetan Gote
 
Dissecting the rabbit: RabbitMQ Internal Architecture
Dissecting the rabbit: RabbitMQ Internal ArchitectureDissecting the rabbit: RabbitMQ Internal Architecture
Dissecting the rabbit: RabbitMQ Internal ArchitectureAlvaro Videla
 
Using Modular Topologies in Kafka Streams to scale ksqlDB’s persistent querie...
Using Modular Topologies in Kafka Streams to scale ksqlDB’s persistent querie...Using Modular Topologies in Kafka Streams to scale ksqlDB’s persistent querie...
Using Modular Topologies in Kafka Streams to scale ksqlDB’s persistent querie...HostedbyConfluent
 

What's hot (20)

CI/CD with an Idempotent Kafka Producer & Consumer | Kafka Summit London 2022
CI/CD with an Idempotent Kafka Producer & Consumer | Kafka Summit London 2022CI/CD with an Idempotent Kafka Producer & Consumer | Kafka Summit London 2022
CI/CD with an Idempotent Kafka Producer & Consumer | Kafka Summit London 2022
 
Database Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best PracticesDatabase Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best Practices
 
From cache to in-memory data grid. Introduction to Hazelcast.
From cache to in-memory data grid. Introduction to Hazelcast.From cache to in-memory data grid. Introduction to Hazelcast.
From cache to in-memory data grid. Introduction to Hazelcast.
 
Fauna DB - Functional NoSQL
Fauna DB - Functional NoSQLFauna DB - Functional NoSQL
Fauna DB - Functional NoSQL
 
Introduction to Apache ZooKeeper
Introduction to Apache ZooKeeperIntroduction to Apache ZooKeeper
Introduction to Apache ZooKeeper
 
Expose your event-driven data to the outside world using webhooks powered by ...
Expose your event-driven data to the outside world using webhooks powered by ...Expose your event-driven data to the outside world using webhooks powered by ...
Expose your event-driven data to the outside world using webhooks powered by ...
 
From Message to Cluster: A Realworld Introduction to Kafka Capacity Planning
From Message to Cluster: A Realworld Introduction to Kafka Capacity PlanningFrom Message to Cluster: A Realworld Introduction to Kafka Capacity Planning
From Message to Cluster: A Realworld Introduction to Kafka Capacity Planning
 
Kafka PPT.pptx
Kafka PPT.pptxKafka PPT.pptx
Kafka PPT.pptx
 
webservice scaling for newbie
webservice scaling for newbiewebservice scaling for newbie
webservice scaling for newbie
 
Running MariaDB in multiple data centers
Running MariaDB in multiple data centersRunning MariaDB in multiple data centers
Running MariaDB in multiple data centers
 
A Technical Introduction to WiredTiger
A Technical Introduction to WiredTigerA Technical Introduction to WiredTiger
A Technical Introduction to WiredTiger
 
Keep Calm And Serilog Elasticsearch Kibana on .NET Core
Keep Calm And Serilog Elasticsearch Kibana on .NET CoreKeep Calm And Serilog Elasticsearch Kibana on .NET Core
Keep Calm And Serilog Elasticsearch Kibana on .NET Core
 
HAProxy 1.9
HAProxy 1.9HAProxy 1.9
HAProxy 1.9
 
Amazon Aurora: Under the Hood
Amazon Aurora: Under the HoodAmazon Aurora: Under the Hood
Amazon Aurora: Under the Hood
 
Square Engineering's "Fail Fast, Retry Soon" Performance Optimization Technique
Square Engineering's "Fail Fast, Retry Soon" Performance Optimization TechniqueSquare Engineering's "Fail Fast, Retry Soon" Performance Optimization Technique
Square Engineering's "Fail Fast, Retry Soon" Performance Optimization Technique
 
Introduction and Overview of Apache Kafka, TriHUG July 23, 2013
Introduction and Overview of Apache Kafka, TriHUG July 23, 2013Introduction and Overview of Apache Kafka, TriHUG July 23, 2013
Introduction and Overview of Apache Kafka, TriHUG July 23, 2013
 
Fundamentals of Apache Kafka
Fundamentals of Apache KafkaFundamentals of Apache Kafka
Fundamentals of Apache Kafka
 
APACHE KAFKA / Kafka Connect / Kafka Streams
APACHE KAFKA / Kafka Connect / Kafka StreamsAPACHE KAFKA / Kafka Connect / Kafka Streams
APACHE KAFKA / Kafka Connect / Kafka Streams
 
Dissecting the rabbit: RabbitMQ Internal Architecture
Dissecting the rabbit: RabbitMQ Internal ArchitectureDissecting the rabbit: RabbitMQ Internal Architecture
Dissecting the rabbit: RabbitMQ Internal Architecture
 
Using Modular Topologies in Kafka Streams to scale ksqlDB’s persistent querie...
Using Modular Topologies in Kafka Streams to scale ksqlDB’s persistent querie...Using Modular Topologies in Kafka Streams to scale ksqlDB’s persistent querie...
Using Modular Topologies in Kafka Streams to scale ksqlDB’s persistent querie...
 

Similar to IPv6 for Pentester

CN 5151(15) Module II part 2 13082020.pdf
CN 5151(15) Module II part 2 13082020.pdfCN 5151(15) Module II part 2 13082020.pdf
CN 5151(15) Module II part 2 13082020.pdfADARSHN40
 
Ppt fnr arbitrary length small domain block cipher proposal
Ppt fnr arbitrary length small domain block cipher proposalPpt fnr arbitrary length small domain block cipher proposal
Ppt fnr arbitrary length small domain block cipher proposalKarunakar Saroj
 
Design and Implementation of Ipv6 Address Using Cryptographically Generated A...
Design and Implementation of Ipv6 Address Using Cryptographically Generated A...Design and Implementation of Ipv6 Address Using Cryptographically Generated A...
Design and Implementation of Ipv6 Address Using Cryptographically Generated A...IJERA Editor
 
IP Address
IP AddressIP Address
IP AddressRahul P
 
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...Alexandre Moneger
 
ipv6 presentation by Rahul uit BU
ipv6 presentation by Rahul uit BUipv6 presentation by Rahul uit BU
ipv6 presentation by Rahul uit BURahul Singh
 
Network Test Automation - Net Ops Coding 2015
Network Test Automation - Net Ops Coding 2015Network Test Automation - Net Ops Coding 2015
Network Test Automation - Net Ops Coding 2015Hiroshi Ota
 
File 10 - CSX 334 _VRA NBO.ppsx
File 10 - CSX 334 _VRA NBO.ppsxFile 10 - CSX 334 _VRA NBO.ppsx
File 10 - CSX 334 _VRA NBO.ppsxgaurav201196
 
IPv4 & IPv6 .pptx
IPv4 & IPv6 .pptxIPv4 & IPv6 .pptx
IPv4 & IPv6 .pptxhakxcore
 
Why We Need IPv6
Why We Need IPv6Why We Need IPv6
Why We Need IPv6Netwax Lab
 
[CB19] New threats are already around you, the IPV6 attack must be understood...
[CB19] New threats are already around you, the IPV6 attack must be understood...[CB19] New threats are already around you, the IPV6 attack must be understood...
[CB19] New threats are already around you, the IPV6 attack must be understood...CODE BLUE
 
Networking essentials lect2
Networking essentials lect2Networking essentials lect2
Networking essentials lect2Roman Brovko
 
IPv6 - The Next next generation protocol
IPv6 - The Next next generation protocolIPv6 - The Next next generation protocol
IPv6 - The Next next generation protocolMohit Sharma
 

Similar to IPv6 for Pentester (20)

4 ipv6
4 ipv64 ipv6
4 ipv6
 
CN 5151(15) Module II part 2 13082020.pdf
CN 5151(15) Module II part 2 13082020.pdfCN 5151(15) Module II part 2 13082020.pdf
CN 5151(15) Module II part 2 13082020.pdf
 
Ppt fnr arbitrary length small domain block cipher proposal
Ppt fnr arbitrary length small domain block cipher proposalPpt fnr arbitrary length small domain block cipher proposal
Ppt fnr arbitrary length small domain block cipher proposal
 
Design and Implementation of Ipv6 Address Using Cryptographically Generated A...
Design and Implementation of Ipv6 Address Using Cryptographically Generated A...Design and Implementation of Ipv6 Address Using Cryptographically Generated A...
Design and Implementation of Ipv6 Address Using Cryptographically Generated A...
 
IPv4 and IPv6
IPv4 and IPv6IPv4 and IPv6
IPv4 and IPv6
 
Ipv6
Ipv6Ipv6
Ipv6
 
I pv4 and ipv6
I pv4 and ipv6I pv4 and ipv6
I pv4 and ipv6
 
Introduction to IPv6
Introduction to IPv6Introduction to IPv6
Introduction to IPv6
 
IP Address
IP AddressIP Address
IP Address
 
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...
 
ipv6 presentation by Rahul uit BU
ipv6 presentation by Rahul uit BUipv6 presentation by Rahul uit BU
ipv6 presentation by Rahul uit BU
 
Network.pptx
Network.pptxNetwork.pptx
Network.pptx
 
Network Layer And I Pv6
Network Layer And I Pv6Network Layer And I Pv6
Network Layer And I Pv6
 
Network Test Automation - Net Ops Coding 2015
Network Test Automation - Net Ops Coding 2015Network Test Automation - Net Ops Coding 2015
Network Test Automation - Net Ops Coding 2015
 
File 10 - CSX 334 _VRA NBO.ppsx
File 10 - CSX 334 _VRA NBO.ppsxFile 10 - CSX 334 _VRA NBO.ppsx
File 10 - CSX 334 _VRA NBO.ppsx
 
IPv4 & IPv6 .pptx
IPv4 & IPv6 .pptxIPv4 & IPv6 .pptx
IPv4 & IPv6 .pptx
 
Why We Need IPv6
Why We Need IPv6Why We Need IPv6
Why We Need IPv6
 
[CB19] New threats are already around you, the IPV6 attack must be understood...
[CB19] New threats are already around you, the IPV6 attack must be understood...[CB19] New threats are already around you, the IPV6 attack must be understood...
[CB19] New threats are already around you, the IPV6 attack must be understood...
 
Networking essentials lect2
Networking essentials lect2Networking essentials lect2
Networking essentials lect2
 
IPv6 - The Next next generation protocol
IPv6 - The Next next generation protocolIPv6 - The Next next generation protocol
IPv6 - The Next next generation protocol
 

Recently uploaded

Top 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTop 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTopCSSGallery
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityVictorSzoltysek
 
Working together SRE & Platform Engineering
Working together SRE & Platform EngineeringWorking together SRE & Platform Engineering
Working together SRE & Platform EngineeringMarcus Vechiato
 
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties ReimaginedEasier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties Reimaginedpanagenda
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceSamy Fodil
 
Introduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxIntroduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxFIDO Alliance
 
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdfMuhammad Subhan
 
الأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهلهالأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهلهMohamed Sweelam
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfSrushith Repakula
 
Design Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxDesign Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxFIDO Alliance
 
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdfFrisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdfAnubhavMangla3
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data SciencePaolo Missier
 
ADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxFIDO Alliance
 
Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftshyamraj55
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard37
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...FIDO Alliance
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsLeah Henrickson
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfdanishmna97
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe中 央社
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctBrainSell Technologies
 

Recently uploaded (20)

Top 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTop 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development Companies
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps Productivity
 
Working together SRE & Platform Engineering
Working together SRE & Platform EngineeringWorking together SRE & Platform Engineering
Working together SRE & Platform Engineering
 
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties ReimaginedEasier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM Performance
 
Introduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxIntroduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptx
 
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
 
الأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهلهالأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهله
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
 
Design Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxDesign Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptx
 
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdfFrisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data Science
 
ADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptx
 
Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoft
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cf
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage Intacct
 

IPv6 for Pentester

  • 2. Introduction Amish Patadiya: Designation & Company: ● Senior Security Consultant, NotSoSecure India Pvt. Ltd. Relevant Experience in Infosec: ● More than 7 years Contact: ● Email: amish.patadiya@gmail.com ● Twitter: @AmishPatadiya ● LinkedIn: https://in.linkedin.com/in/amish-patadiya
  • 3. Topics covered ● What is IPv6? ● Text Representation of Address ● Address Types ● Pentester Scenario-1 ● Pentester Scenario-2 ● Pentester Scenario-3 ● Securing Network ● Tools of the trade
  • 5. What is IPv6? ● Internet Protocol version 6 developed by the Internet Engineering Task Force (IETF) ● 128 bit address, theoretically allowing 2^128, or approximately 3.4×10^38 addresses ● Divided into 8 groups of 4 hexadecimal digits with group being separated by colons ○ For e.g. 2001:0db8:0000:0042:0000:8a2e:0370:7334 ● The IPv6 subnet size is standardized by fixing the size of the host identifier portion of an address to 64 bits.
  • 8. Text Representation of Address ● There are three conventional forms for representing IPv6 addresses as text strings:
  • 9. Text Representation of Address 1) The preferred form is x:x:x:x:x:x:x:x, where the 'x's are one to four hexadecimal digits of the eight 16-bit pieces of the address. Examples: a) ABCD:EF01:2345:6789:ABCD:EF01:2345:6789 b) 2001:DB8:0:0:8:800:200C:417A
  • 10. Text Representation of Address 2) The use of "::" indicates one or more groups of 16 bits of zeros. The "::" can only appear once in an address. The "::" can also be used to compress leading or trailing zeros in an address. a) For example, the following addresses i) 2001:DB8:0:0:8:800:200C:417A ii) FF01:0:0:0:0:0:0:101 iii) 0:0:0:0:0:0:0:1 iv) 0:0:0:0:0:0:0:0 b) may be represented as i) 2001:DB8::8:800:200C:417A ii) FF01::101 iii) ::1 iv) ::
  • 11. Text Representation of Address 3) An alternative form that is sometimes more convenient when dealing with a mixed environment of IPv4 and IPv6 nodes is x:x:x:x:x:x:d.d.d.d, where the 'x's are the hexadecimal values of the six high-order 16-bit pieces of the address, and the 'd's are 8-bit pieces of the address (standard IPv4 representation). a) Examples: i) 0:0:0:0:0:0:13.1.68.3 ii) 0:0:0:0:0:FFFF:129.144.52.38 b) or in compressed form: i) ::13.1.68.3 ii) ::FFFF:129.144.52.38
  • 12. Text Representation of Address Prefix ● Similar to the way IPv4 address prefixes are written in Classless Inter-Domain Routing (CIDR) notation [CIDR]. ipv6-address/prefix-length Where, ○ Ipv6-address - is an IPv6 address ○ Prefix-length - is a decimal value specifying how many of the leftmost contiguous bits of the address comprise the prefix.
  • 13. Text Representation of Address Prefix ● For example, the following are legal representations of the 60-bit prefix 20010DB80000CD3 (hexadecimal): ○ 2001:0DB8:0000:CD30:0000:0000:0000:0000/60 ○ 2001:0DB8::CD30:0:0:0:0/60 ○ 2001:0DB8:0:CD30::/60
  • 15. Address Types Address type Binary prefix IPv6 notation Unspecified 00...0 (128 bits) ::/128 Loopback 00...1 (128 bits) ::1/128 Multicast 11111111 FF00::/8 Link-Local unicast 1111111010 FE80::/10 Unique-Local unicast 11111110 FC00::/7 Global Unicast (everything else) e.g. 00100000 [block for current assignment] 2000::/3
  • 16. Address Types ● Link Local Unicast ○ Starts with FE80::/10 ○ Non Routable ○ Auto Assigned ○ Required ○ It is the first address ● Global Unicast ○ Starts with 2000::/3 ○ Globally Routable ○ Assigned by Internet Service Provider (ISP) / Regional Internet Registry (RIR) ● Unique Local Unicast ○ Starts with FC00::/7 ○ Internally Routable ○ Typically starts with FD00::/8
  • 18. Pentester Scenario - 1 ● Services running on the server
  • 19. Pentester Scenario - 1 ● Attacker machine
  • 20. Pentester Scenario - 1 ● Services are accessible from attacker machine ○ SSH: ○ SNMP
  • 21. Pentester Scenario - 1 ● Blocking attacker’s IP ‘192.168.1.117’
  • 22. Pentester Scenario - 1 ● Services are no more accessible from attacker’s IP ‘192.168.1.117’
  • 24. Pentester Scenario - 1 ● Services are accessible from attacker’s IPv6
  • 26. Pentester Scenario - 2 ● What if a service running over IPv4 only?
  • 27. Pentester Scenario - 2 ● Use socat to make it available over IPv6
  • 28. Pentester Scenario - 2 ● Blocking attacker for IPv4 only service
  • 29. Pentester Scenario - 2 ● IPv4 only service was still accessible using IPv6
  • 31. Pentester Scenario - 3 ● Not many tools which supports IPv6 ● What to do if service is running on IPv6? ○ SNMP service running over IPv6
  • 32. Pentester Scenario - 3 ● Think of scenario 2 in reverse.
  • 33. Pentester Scenario - 3 ● Run IPv4 tools on ‘127.0.0.1’ address
  • 35. Securing Network ● For Ubuntu (Linux):
  • 37. Tools of the trade
  • 38. Tools of the trade ● Ping: ○ ping6 -I <interface> <IPv6 address>
  • 39. Tools of the trade ● SSH: ○ ssh <user>@<IPv6 address>
  • 40. Tools of the trade ● Telnet: ○ telnet <IPv6 address> <port number>
  • 41. Tools of the trade ● Assigning an IPv6 address to an interface: ○ ip -6 addr add <IPv6 address/prefix> dev <interface>
  • 42. Tools of the trade ● Assigning an IPv6 address to an interface: ○ ifconfig <interface> inet6 add <IPv6 address/prefix>
  • 43.
  • 44. References ● IPv6 RFCs ● https://www.youtube.com/watch?v=DJSuLcw7zB0 ● http://www.infosec.gov.hk/english/technical/files/ipv6s.pdf ● http://www.dest-unreach.org/socat/doc/socat.html ● https://www.youtube.com/watch?v=O0mniyVioJk