SlideShare a Scribd company logo
1 of 35
Download to read offline
Joe Klein, CISSP
Cybersecurity Fellow, IPv6 Forum
Consultant, Researcher & Trainer, Longboat, LLC
May 2018
Observations from
the lab, field &
executive suite
1
About me: Joe Klein <many certs>
• Spoken at: DefCon, Black Hat, Torcon, SecTor, Security
Days, Hackers on Planet Earth, SANS, IEEE, IoT,…

• Roles: Photographer, Electronics Engineer, Robotics
Engineer, Entrepreneur, CEO, CTO, CSO, ISP, Security
Architect, Developer, Pentester, Incident Handler, Professor,
Policy Writer, Auditor, Assure, Firewall/Network Engineer,
Integrator, Data Scientist, ML experimenter, Threat Intel,
Computer Scientist, Hacker

• Timeline:
• 70’s: Electronics, Radios, Gamer, Magic, Mainframe &
Micro Computers, First ‘Hack’

• 80’s: BBS’s, Game Hacker, Robots, Unix/c/FORTH/Basic/
COBOL/LISP/c++, DEC, SNA Networks, Internet
connected, CyberForensics, Routers/Switches

• 90’s: ISP, IPv6, Penetrations Testing, Network Defender,
Web Developer, Teaching Internet/Web Dev, IETF

• 2000’s: CSO, Linux, Audits, Assessments, Car/IOT/
Building Controls, SCADA Hacking, Teaching
Cybersecurity + SANS, Patents, International Speaking

• 2010’s: DARPA, Policies, Startup, Honeypots, Deception
Networks, IPv6 Fellow, GoLang, IEEE, Sprint Triathlon

Recent Focus: Attacked Forced Time Scoped D&D
2
How to Prepare To Implement IPv6!
It’s Complex…
3
Observation 1 - Establish your IPv6 Standard for all Procurement!
• Why?
• Establish a baseline of technology standards, during technology refresh
• Ensure you are ready to move to IPv6, without big purchases!
• How?
1. Can the Product vender support IPv6? “Eating their own dog Food!”
• Internet Facing Services (Dual Stack) https://ip6.nl/#
• IPv6 only clients behind 6xlt & NAT64/DNS64 https://nat64check.ipv6-
lab.net/v6score
4
Observation 1 - Establish your IPv6 standard for all Procurement!
• How?
1. The Supplier's Declaration of Conformity (SDOC)
• Product suppliers declare product capabilities to buyers, as advertised
• Buyer is responsible for providing specifications
• Seller is responsible to fix, if it does not meet specifications
• https://www-x.antd.nist.gov/usgv6/sdoc.html
5
IPv6 Standards Touch Every Protocol!
6
What does IPv6 compliant mean to me?
IPv6 Standard 86 (RFC 8200) First Order Dependencies
Current IPv6 Standard
Changes to Path MTU
References from
Newer standards (12)
Updates to
older standards (29)
7
IPv6 Standard 86 (RFC 8200)
First & Second Order Path MTU Dependencies
• October 1989 - Updated - Requirements for Internet Hosts -- Communication Layers
• November 1990 - Path MTU Discovery
• November 1996 - Path MTU Discovery for IP version 6 - Obsoleted by 8201 July 2017
• November 1997 - Key words for use in RFCs to Indicate Requirement Levels
• September 2000 - TCP Problems with Path MTU Discovery
• March 2006 - Datagram Congestion Control Protocol (DCCP)
• March 2006 - Internet Control Message Protocol (ICMPv6) for the Internet Protocol
Version 6 (IPv6) Specification - Obsoletes RFC 2463
• March 2007 - Packetization Layer Path MTU Discovery
• September 2007- Neighbor Discovery for IP version 6 (IPv6)- Obsoletes 2461
• May 2007- Neighbor Discovery for IP version 6 (IPv6)- Obsoletes 2461
• September 2007 - Stream Control Transmission Protocol- Obsoletes 2960. 3309
• December 2007 - Deprecation of Type 0 Routing Headers in IPv6 - Obsoletes 2960
• July 2012 - TCP Options and Maximum Segment Size (MSS)
• March 2015- Network File System (NFS) Version 4 Protocol- Obsoletes 3530
• May 2016- RFC Streams, Headers, and Boilerplates - Obsoletes 5741
• March 2017 - UDP Usage Guideline - Obsoletes 5405
• March 2017 - Path MTU Discovery for IP version 6 - Obsoletes 1981
IPv6 Standard
July 2017
Updates to
older standards (17))8
IPv6 will not solve cybersecurity problems, right?
9
Fundamental of
Cyber Security & Privacy
❖ “Remote-access, multi-user resource- sharing
computer system”
❖ Attackers Exploit
❖ Systems
❖ Hardware|Software|Data
❖ Networks
❖ People
❖ Users
❖ Operators
❖ Systems Programmers
❖ Maintenance Man (Person)
April 1967
Reference: https://www.rand.org/pubs/authors/w/ware_willis_h.html
10
First Cybersecurity
Threats Diagram
Willis H. Ware, RAND Corporation
April 1967
Reference: https://www.rand.org/pubs/authors/w/ware_willis_h.html
11
SO why is this happening?
Technical Supply-Chain Debt —
The real problem!
Technical Debt Powerpoint
12
What Does Winning Defender Look Like?
13
Defender's Dilemma
“The intruder only needs to exploit one of the victims in order to
compromise the enterprise.”
Intruder's Dilemma
“The defender only needs to detect one of the indicators of the intruder’s
presence in order 

to initiate incident response within the enterprise.”
Reference: https://taosecurity.blogspot.com/2009/05/defenders-dilemma-and-intruders-dilemma.html
14
The Intruder Game
Tactic - Technical goal of the intruder
Technique - How intruder achieves the goal
The Intruder Chooses Time and Goal, Not You!
The Defender Choose Confidence level of the Detection!
15
How do I Remove the Noise to Find the Attackers and increase
confidence levels?
Reduce False Positives and Negatives!
16
Defenders Game: ATT&CK: Deconstructs the Lifecycle
Freely available, curated knowledge based on
observed adversary behavior
Higher fidelity on right-of-exploit,
post-access phases
Describes behavior and not adversary tools
Built for the “Public Good”
Right of the Boom!
17
MITRE Pre-ATT&CK
Adversarial Tactics, Techniques & Common Knowledge
• Blacklist IP, Hash Domains are fungible, quickly replaceable
• Pre-compromise activities are largely executed outside the
enterprise’s field of view
• Data Brokers (Free and for pay),
• Websites (Partners, Yours, Government),
• Search Engines and Bots
• Social Network Bots
Left-of-the-Boom
18
MITRE ATT&CK Enterprise
Perimeter Defense
• Items in yellow are the only attributes
detectable by tuned perimeter security

• Items in red, address requirements on hosts
and first hop networks.

• Conclusion: 

• Perimeter security has minimal visibility
into attackers insider your environment

• IT slows the attacker, but this is not
measurable

• Tuning the security perimeter security to
detect and alert on pre & post attack items
are critical to catch attackers.
19
The Defenders Goal
• Strong trusted alerts
• Behavior tracking
• Automated response
20
More Detail?
21
Open Source - MITRE Resources
• Interactive Attack Navigator:
• ATT&CK Enterprise: https://mitre.github.io/attack-navigator/enterprise/
• ATT&CK Mobile: https://mitre.github.io/attack-navigator/mobile/
• Source Code: https://github.com/mitre/attack-navigator
• Attacker Groups: https://attack.mitre.org/pre-attack/index.php/Groups
• Attacker Group Tactics: https://attack.mitre.org/pre-attack/index.php/Tactics
• Unfetter Project - Discover and analyze gaps in your security posture
• https://nsacyber.github.io/unfetter/ https://github.com/unfetter-discover/unfetter
• Caldera - An automated adversary emulation system (validate alerts)
• https://github.com/mitre/caldera
22
I understand there is no way of scanning
the IPv6 Internet, is that true?
23
History of Scanning Internet-Facing
IPv6 Devices
• 2^64 or 2^128 - Brute Force - Fails in IPv6!

• May 2005, Marc “van Huser” Heuse, Attacking the
IPv6 Protocol Suite, THC-IPv6 toolkit (1)

• May 2007, Joe Klein, “Scanning and Microsoft
Mobile compromise via 6to4 on SPRINT”,
Responsible Disclosure Notice to Microsoft, Sprint
and US CERT, HOPE 2008 (2)

• March 2008, IETF, RFC 5157, “IPv6 Implications for
Network Scanning” (3)

• May 2012, NMAP for IPv6, version 6 (4)

• March 2016, IETF, RFC 7707, “Network
Reconnaissance in IPv6 Networks” (5)

• December 2018, Joe Klein, “Outbound Initiated
Requests for Passive Scanning of IPv6” (6)

• December 2018, Joe Klein, “Passive IPv6 Scanning
using Certificate Transparency process” (7)
24
So we are safe? Attackers have not used IPv6 in the past?
25
Attacks on IPv6
26
Microsoft Phones are not on IPv6 in 2007
27
Attacks on IPv6
, First DDOS
, Botnet C&C
28
Are their engineering things I can do, to improved detection and
reduce operational complexity?
29
It’s not just 96 more bits
30
It’s not just 96 more bits
31
How long have systems
been compromise via IPv6?
32
Published 2008
33
The opportunity to re-engineer our part of the
Global Internet only happens once in a lifetime!
Ensure it is operational and security!
34
Joe Klein
jsklein@gmail.com
@joeklein
35

More Related Content

What's hot

Beginner’s Guide on How to Start Exploring IoT Security 1st Session
Beginner’s Guide on How to Start Exploring IoT Security 1st SessionBeginner’s Guide on How to Start Exploring IoT Security 1st Session
Beginner’s Guide on How to Start Exploring IoT Security 1st Sessionveerababu penugonda(Mr-IoT)
 
Texas Bitcoin Conference: Are Privacy Coins Private Enough?
Texas Bitcoin Conference: Are Privacy Coins Private Enough?Texas Bitcoin Conference: Are Privacy Coins Private Enough?
Texas Bitcoin Conference: Are Privacy Coins Private Enough?Clare Nelson, CISSP, CIPP-E
 
Beginners guide on how to start exploring IoT 2nd session
Beginners  guide on how to start exploring IoT 2nd sessionBeginners  guide on how to start exploring IoT 2nd session
Beginners guide on how to start exploring IoT 2nd sessionveerababu penugonda(Mr-IoT)
 
How to hide your browser 0-days
How to hide your browser 0-daysHow to hide your browser 0-days
How to hide your browser 0-daysZoltan Balazs
 
Exfiltrating Data through IoT
Exfiltrating Data through IoTExfiltrating Data through IoT
Exfiltrating Data through IoTPriyanka Aash
 
Defcon Crypto Village - OPSEC Concerns in Using Crypto
Defcon Crypto Village - OPSEC Concerns in Using CryptoDefcon Crypto Village - OPSEC Concerns in Using Crypto
Defcon Crypto Village - OPSEC Concerns in Using CryptoJohn Bambenek
 
Stranger Danger (NodeSummit, 2016)
Stranger Danger (NodeSummit, 2016)Stranger Danger (NodeSummit, 2016)
Stranger Danger (NodeSummit, 2016)Guy Podjarny
 
How to hide your browser 0-day @ Disobey
How to hide your browser 0-day @ DisobeyHow to hide your browser 0-day @ Disobey
How to hide your browser 0-day @ DisobeyZoltan Balazs
 
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standardsWebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standardsSecuRing
 
【HITCON FreeTalk 2018 - 從晶片設計角度看硬體安全】
【HITCON FreeTalk 2018 - 從晶片設計角度看硬體安全】【HITCON FreeTalk 2018 - 從晶片設計角度看硬體安全】
【HITCON FreeTalk 2018 - 從晶片設計角度看硬體安全】Hacks in Taiwan (HITCON)
 
GreyNoise - Lowering Signal To Noise
GreyNoise - Lowering Signal To NoiseGreyNoise - Lowering Signal To Noise
GreyNoise - Lowering Signal To NoiseAndrew Morris
 
How to be a Hacker (Sut i fod yn Haciwr)
How to be a Hacker (Sut i fod yn Haciwr)How to be a Hacker (Sut i fod yn Haciwr)
How to be a Hacker (Sut i fod yn Haciwr)Martin Hamilton
 
"Giving the bad guys no sleep"
"Giving the bad guys no sleep""Giving the bad guys no sleep"
"Giving the bad guys no sleep"Christiaan Beek
 
Offensive malware usage and defense
Offensive malware usage and defenseOffensive malware usage and defense
Offensive malware usage and defenseChristiaan Beek
 

What's hot (19)

Beginner’s Guide on How to Start Exploring IoT Security 1st Session
Beginner’s Guide on How to Start Exploring IoT Security 1st SessionBeginner’s Guide on How to Start Exploring IoT Security 1st Session
Beginner’s Guide on How to Start Exploring IoT Security 1st Session
 
Texas Bitcoin Conference: Are Privacy Coins Private Enough?
Texas Bitcoin Conference: Are Privacy Coins Private Enough?Texas Bitcoin Conference: Are Privacy Coins Private Enough?
Texas Bitcoin Conference: Are Privacy Coins Private Enough?
 
Beginners guide on how to start exploring IoT 2nd session
Beginners  guide on how to start exploring IoT 2nd sessionBeginners  guide on how to start exploring IoT 2nd session
Beginners guide on how to start exploring IoT 2nd session
 
How to hide your browser 0-days
How to hide your browser 0-daysHow to hide your browser 0-days
How to hide your browser 0-days
 
Exfiltrating Data through IoT
Exfiltrating Data through IoTExfiltrating Data through IoT
Exfiltrating Data through IoT
 
Firmware analysis 101
Firmware analysis 101Firmware analysis 101
Firmware analysis 101
 
Malware Analysis
Malware AnalysisMalware Analysis
Malware Analysis
 
How to assign a CVE to yourself?
How to assign a CVE to yourself?How to assign a CVE to yourself?
How to assign a CVE to yourself?
 
Defcon Crypto Village - OPSEC Concerns in Using Crypto
Defcon Crypto Village - OPSEC Concerns in Using CryptoDefcon Crypto Village - OPSEC Concerns in Using Crypto
Defcon Crypto Village - OPSEC Concerns in Using Crypto
 
Stranger Danger (NodeSummit, 2016)
Stranger Danger (NodeSummit, 2016)Stranger Danger (NodeSummit, 2016)
Stranger Danger (NodeSummit, 2016)
 
How to hide your browser 0-day @ Disobey
How to hide your browser 0-day @ DisobeyHow to hide your browser 0-day @ Disobey
How to hide your browser 0-day @ Disobey
 
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standardsWebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
 
【HITCON FreeTalk 2018 - 從晶片設計角度看硬體安全】
【HITCON FreeTalk 2018 - 從晶片設計角度看硬體安全】【HITCON FreeTalk 2018 - 從晶片設計角度看硬體安全】
【HITCON FreeTalk 2018 - 從晶片設計角度看硬體安全】
 
IOT Exploitation
IOT Exploitation	IOT Exploitation
IOT Exploitation
 
Shamoon
ShamoonShamoon
Shamoon
 
GreyNoise - Lowering Signal To Noise
GreyNoise - Lowering Signal To NoiseGreyNoise - Lowering Signal To Noise
GreyNoise - Lowering Signal To Noise
 
How to be a Hacker (Sut i fod yn Haciwr)
How to be a Hacker (Sut i fod yn Haciwr)How to be a Hacker (Sut i fod yn Haciwr)
How to be a Hacker (Sut i fod yn Haciwr)
 
"Giving the bad guys no sleep"
"Giving the bad guys no sleep""Giving the bad guys no sleep"
"Giving the bad guys no sleep"
 
Offensive malware usage and defense
Offensive malware usage and defenseOffensive malware usage and defense
Offensive malware usage and defense
 

Similar to IPv6 Security Talk mit Joe Klein

Soc analyst course content v3
Soc analyst course content v3Soc analyst course content v3
Soc analyst course content v3ShivamSharma909
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course contentShivamSharma909
 
Securing your Cloud Environment v2
Securing your Cloud Environment v2Securing your Cloud Environment v2
Securing your Cloud Environment v2ShapeBlue
 
Introduction to web security @ confess 2012
Introduction to web security @ confess 2012Introduction to web security @ confess 2012
Introduction to web security @ confess 2012jakobkorherr
 
Offensive cyber security engineer pragram course agenda
Offensive cyber security engineer pragram course agendaOffensive cyber security engineer pragram course agenda
Offensive cyber security engineer pragram course agendaShivamSharma909
 
Offensive cyber security engineer updated
Offensive cyber security engineer updatedOffensive cyber security engineer updated
Offensive cyber security engineer updatedInfosecTrain
 
Offensive cyber security engineer
Offensive cyber security engineerOffensive cyber security engineer
Offensive cyber security engineerShivamSharma909
 
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar Santhosh Kumar
 
Nomura UCCSC 2009
Nomura UCCSC 2009Nomura UCCSC 2009
Nomura UCCSC 2009dnomura
 
Luiz eduardo. introduction to mobile snitch
Luiz eduardo. introduction to mobile snitchLuiz eduardo. introduction to mobile snitch
Luiz eduardo. introduction to mobile snitchYury Chemerkin
 
Securing your Cloud Environment
Securing your Cloud EnvironmentSecuring your Cloud Environment
Securing your Cloud EnvironmentShapeBlue
 
Why defensive research is sexy too.. … and a real sign of skill
Why defensive research is sexy too.. … and a real sign of skillWhy defensive research is sexy too.. … and a real sign of skill
Why defensive research is sexy too.. … and a real sign of skillOllie Whitehouse
 
Defcon through the_eyes_of_the_attacker_2018_slides
Defcon through the_eyes_of_the_attacker_2018_slidesDefcon through the_eyes_of_the_attacker_2018_slides
Defcon through the_eyes_of_the_attacker_2018_slidesMarina Krotofil
 
Avast @ Machine Learning
Avast @ Machine LearningAvast @ Machine Learning
Avast @ Machine LearningAvast
 
Automated Malware Analysis and Cyber Security Intelligence
Automated Malware Analysis and Cyber Security IntelligenceAutomated Malware Analysis and Cyber Security Intelligence
Automated Malware Analysis and Cyber Security IntelligenceJason Choi
 
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud ThreatsBeyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud ThreatsSBWebinars
 
IoTNEXT 2016 - SafeNation Track
IoTNEXT 2016 - SafeNation TrackIoTNEXT 2016 - SafeNation Track
IoTNEXT 2016 - SafeNation TrackPriyanka Aash
 
TALK Cybersecurity Summit 2017: Kevin Hofstra of Metova CyberCENTS
TALK Cybersecurity Summit 2017: Kevin Hofstra of Metova CyberCENTSTALK Cybersecurity Summit 2017: Kevin Hofstra of Metova CyberCENTS
TALK Cybersecurity Summit 2017: Kevin Hofstra of Metova CyberCENTSDawn Yankeelov
 

Similar to IPv6 Security Talk mit Joe Klein (20)

Soc analyst course content v3
Soc analyst course content v3Soc analyst course content v3
Soc analyst course content v3
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course content
 
Securing your Cloud Environment v2
Securing your Cloud Environment v2Securing your Cloud Environment v2
Securing your Cloud Environment v2
 
Introduction to web security @ confess 2012
Introduction to web security @ confess 2012Introduction to web security @ confess 2012
Introduction to web security @ confess 2012
 
Offensive cyber security engineer pragram course agenda
Offensive cyber security engineer pragram course agendaOffensive cyber security engineer pragram course agenda
Offensive cyber security engineer pragram course agenda
 
Offensive cyber security engineer updated
Offensive cyber security engineer updatedOffensive cyber security engineer updated
Offensive cyber security engineer updated
 
Offensive cyber security engineer
Offensive cyber security engineerOffensive cyber security engineer
Offensive cyber security engineer
 
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
 
Nomura UCCSC 2009
Nomura UCCSC 2009Nomura UCCSC 2009
Nomura UCCSC 2009
 
Luiz eduardo. introduction to mobile snitch
Luiz eduardo. introduction to mobile snitchLuiz eduardo. introduction to mobile snitch
Luiz eduardo. introduction to mobile snitch
 
G3t R00t at IUT
G3t R00t at IUTG3t R00t at IUT
G3t R00t at IUT
 
Open Source & Cybersecurity
Open Source & CybersecurityOpen Source & Cybersecurity
Open Source & Cybersecurity
 
Securing your Cloud Environment
Securing your Cloud EnvironmentSecuring your Cloud Environment
Securing your Cloud Environment
 
Why defensive research is sexy too.. … and a real sign of skill
Why defensive research is sexy too.. … and a real sign of skillWhy defensive research is sexy too.. … and a real sign of skill
Why defensive research is sexy too.. … and a real sign of skill
 
Defcon through the_eyes_of_the_attacker_2018_slides
Defcon through the_eyes_of_the_attacker_2018_slidesDefcon through the_eyes_of_the_attacker_2018_slides
Defcon through the_eyes_of_the_attacker_2018_slides
 
Avast @ Machine Learning
Avast @ Machine LearningAvast @ Machine Learning
Avast @ Machine Learning
 
Automated Malware Analysis and Cyber Security Intelligence
Automated Malware Analysis and Cyber Security IntelligenceAutomated Malware Analysis and Cyber Security Intelligence
Automated Malware Analysis and Cyber Security Intelligence
 
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud ThreatsBeyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
 
IoTNEXT 2016 - SafeNation Track
IoTNEXT 2016 - SafeNation TrackIoTNEXT 2016 - SafeNation Track
IoTNEXT 2016 - SafeNation Track
 
TALK Cybersecurity Summit 2017: Kevin Hofstra of Metova CyberCENTS
TALK Cybersecurity Summit 2017: Kevin Hofstra of Metova CyberCENTSTALK Cybersecurity Summit 2017: Kevin Hofstra of Metova CyberCENTS
TALK Cybersecurity Summit 2017: Kevin Hofstra of Metova CyberCENTS
 

More from Digicomp Academy AG

Becoming Agile von Christian Botta – Personal Swiss Vortrag 2019
Becoming Agile von Christian Botta – Personal Swiss Vortrag 2019Becoming Agile von Christian Botta – Personal Swiss Vortrag 2019
Becoming Agile von Christian Botta – Personal Swiss Vortrag 2019Digicomp Academy AG
 
Swiss IPv6 Council – Case Study - Deployment von IPv6 in einer Container Plat...
Swiss IPv6 Council – Case Study - Deployment von IPv6 in einer Container Plat...Swiss IPv6 Council – Case Study - Deployment von IPv6 in einer Container Plat...
Swiss IPv6 Council – Case Study - Deployment von IPv6 in einer Container Plat...Digicomp Academy AG
 
Innovation durch kollaboration gennex 2018
Innovation durch kollaboration gennex 2018Innovation durch kollaboration gennex 2018
Innovation durch kollaboration gennex 2018Digicomp Academy AG
 
Roger basler meetup_digitale-geschaeftsmodelle-entwickeln_handout
Roger basler meetup_digitale-geschaeftsmodelle-entwickeln_handoutRoger basler meetup_digitale-geschaeftsmodelle-entwickeln_handout
Roger basler meetup_digitale-geschaeftsmodelle-entwickeln_handoutDigicomp Academy AG
 
Roger basler meetup_21082018_work-smarter-not-harder_handout
Roger basler meetup_21082018_work-smarter-not-harder_handoutRoger basler meetup_21082018_work-smarter-not-harder_handout
Roger basler meetup_21082018_work-smarter-not-harder_handoutDigicomp Academy AG
 
Xing expertendialog zu nudge unit x
Xing expertendialog zu nudge unit xXing expertendialog zu nudge unit x
Xing expertendialog zu nudge unit xDigicomp Academy AG
 
Responsive Organisation auf Basis der Holacracy – nur ein Hype oder die Zukunft?
Responsive Organisation auf Basis der Holacracy – nur ein Hype oder die Zukunft?Responsive Organisation auf Basis der Holacracy – nur ein Hype oder die Zukunft?
Responsive Organisation auf Basis der Holacracy – nur ein Hype oder die Zukunft?Digicomp Academy AG
 
Agiles Management - Wie geht das?
Agiles Management - Wie geht das?Agiles Management - Wie geht das?
Agiles Management - Wie geht das?Digicomp Academy AG
 
Gewinnen Sie Menschen und Ziele - Referat von Andi Odermatt
Gewinnen Sie Menschen und Ziele - Referat von Andi OdermattGewinnen Sie Menschen und Ziele - Referat von Andi Odermatt
Gewinnen Sie Menschen und Ziele - Referat von Andi OdermattDigicomp Academy AG
 
Querdenken mit Kreativitätsmethoden – XING Expertendialog
Querdenken mit Kreativitätsmethoden – XING ExpertendialogQuerdenken mit Kreativitätsmethoden – XING Expertendialog
Querdenken mit Kreativitätsmethoden – XING ExpertendialogDigicomp Academy AG
 
Xing LearningZ: Digitale Geschäftsmodelle entwickeln
Xing LearningZ: Digitale Geschäftsmodelle entwickelnXing LearningZ: Digitale Geschäftsmodelle entwickeln
Xing LearningZ: Digitale Geschäftsmodelle entwickelnDigicomp Academy AG
 
Swiss IPv6 Council: The Cisco-Journey to an IPv6-only Building
Swiss IPv6 Council: The Cisco-Journey to an IPv6-only BuildingSwiss IPv6 Council: The Cisco-Journey to an IPv6-only Building
Swiss IPv6 Council: The Cisco-Journey to an IPv6-only BuildingDigicomp Academy AG
 
UX – Schlüssel zum Erfolg im Digital Business
UX – Schlüssel zum Erfolg im Digital BusinessUX – Schlüssel zum Erfolg im Digital Business
UX – Schlüssel zum Erfolg im Digital BusinessDigicomp Academy AG
 
Die IPv6 Journey der ETH Zürich
Die IPv6 Journey der ETH Zürich Die IPv6 Journey der ETH Zürich
Die IPv6 Journey der ETH Zürich Digicomp Academy AG
 
Xing LearningZ: Die 10 + 1 Trends im (E-)Commerce
Xing LearningZ: Die 10 + 1 Trends im (E-)CommerceXing LearningZ: Die 10 + 1 Trends im (E-)Commerce
Xing LearningZ: Die 10 + 1 Trends im (E-)CommerceDigicomp Academy AG
 
Zahlen Battle: klassische werbung vs.online-werbung-somexcloud
Zahlen Battle: klassische werbung vs.online-werbung-somexcloudZahlen Battle: klassische werbung vs.online-werbung-somexcloud
Zahlen Battle: klassische werbung vs.online-werbung-somexcloudDigicomp Academy AG
 
General data protection regulation-slides
General data protection regulation-slidesGeneral data protection regulation-slides
General data protection regulation-slidesDigicomp Academy AG
 
Möglichkeiten der Online-Werbung - Referat von Matteo Schürch
Möglichkeiten der Online-Werbung - Referat von Matteo SchürchMöglichkeiten der Online-Werbung - Referat von Matteo Schürch
Möglichkeiten der Online-Werbung - Referat von Matteo SchürchDigicomp Academy AG
 

More from Digicomp Academy AG (20)

Becoming Agile von Christian Botta – Personal Swiss Vortrag 2019
Becoming Agile von Christian Botta – Personal Swiss Vortrag 2019Becoming Agile von Christian Botta – Personal Swiss Vortrag 2019
Becoming Agile von Christian Botta – Personal Swiss Vortrag 2019
 
Swiss IPv6 Council – Case Study - Deployment von IPv6 in einer Container Plat...
Swiss IPv6 Council – Case Study - Deployment von IPv6 in einer Container Plat...Swiss IPv6 Council – Case Study - Deployment von IPv6 in einer Container Plat...
Swiss IPv6 Council – Case Study - Deployment von IPv6 in einer Container Plat...
 
Innovation durch kollaboration gennex 2018
Innovation durch kollaboration gennex 2018Innovation durch kollaboration gennex 2018
Innovation durch kollaboration gennex 2018
 
Roger basler meetup_digitale-geschaeftsmodelle-entwickeln_handout
Roger basler meetup_digitale-geschaeftsmodelle-entwickeln_handoutRoger basler meetup_digitale-geschaeftsmodelle-entwickeln_handout
Roger basler meetup_digitale-geschaeftsmodelle-entwickeln_handout
 
Roger basler meetup_21082018_work-smarter-not-harder_handout
Roger basler meetup_21082018_work-smarter-not-harder_handoutRoger basler meetup_21082018_work-smarter-not-harder_handout
Roger basler meetup_21082018_work-smarter-not-harder_handout
 
Xing expertendialog zu nudge unit x
Xing expertendialog zu nudge unit xXing expertendialog zu nudge unit x
Xing expertendialog zu nudge unit x
 
Responsive Organisation auf Basis der Holacracy – nur ein Hype oder die Zukunft?
Responsive Organisation auf Basis der Holacracy – nur ein Hype oder die Zukunft?Responsive Organisation auf Basis der Holacracy – nur ein Hype oder die Zukunft?
Responsive Organisation auf Basis der Holacracy – nur ein Hype oder die Zukunft?
 
Agiles Management - Wie geht das?
Agiles Management - Wie geht das?Agiles Management - Wie geht das?
Agiles Management - Wie geht das?
 
Gewinnen Sie Menschen und Ziele - Referat von Andi Odermatt
Gewinnen Sie Menschen und Ziele - Referat von Andi OdermattGewinnen Sie Menschen und Ziele - Referat von Andi Odermatt
Gewinnen Sie Menschen und Ziele - Referat von Andi Odermatt
 
Querdenken mit Kreativitätsmethoden – XING Expertendialog
Querdenken mit Kreativitätsmethoden – XING ExpertendialogQuerdenken mit Kreativitätsmethoden – XING Expertendialog
Querdenken mit Kreativitätsmethoden – XING Expertendialog
 
Xing LearningZ: Digitale Geschäftsmodelle entwickeln
Xing LearningZ: Digitale Geschäftsmodelle entwickelnXing LearningZ: Digitale Geschäftsmodelle entwickeln
Xing LearningZ: Digitale Geschäftsmodelle entwickeln
 
Swiss IPv6 Council: The Cisco-Journey to an IPv6-only Building
Swiss IPv6 Council: The Cisco-Journey to an IPv6-only BuildingSwiss IPv6 Council: The Cisco-Journey to an IPv6-only Building
Swiss IPv6 Council: The Cisco-Journey to an IPv6-only Building
 
UX – Schlüssel zum Erfolg im Digital Business
UX – Schlüssel zum Erfolg im Digital BusinessUX – Schlüssel zum Erfolg im Digital Business
UX – Schlüssel zum Erfolg im Digital Business
 
Minenfeld IPv6
Minenfeld IPv6Minenfeld IPv6
Minenfeld IPv6
 
Was ist design thinking
Was ist design thinkingWas ist design thinking
Was ist design thinking
 
Die IPv6 Journey der ETH Zürich
Die IPv6 Journey der ETH Zürich Die IPv6 Journey der ETH Zürich
Die IPv6 Journey der ETH Zürich
 
Xing LearningZ: Die 10 + 1 Trends im (E-)Commerce
Xing LearningZ: Die 10 + 1 Trends im (E-)CommerceXing LearningZ: Die 10 + 1 Trends im (E-)Commerce
Xing LearningZ: Die 10 + 1 Trends im (E-)Commerce
 
Zahlen Battle: klassische werbung vs.online-werbung-somexcloud
Zahlen Battle: klassische werbung vs.online-werbung-somexcloudZahlen Battle: klassische werbung vs.online-werbung-somexcloud
Zahlen Battle: klassische werbung vs.online-werbung-somexcloud
 
General data protection regulation-slides
General data protection regulation-slidesGeneral data protection regulation-slides
General data protection regulation-slides
 
Möglichkeiten der Online-Werbung - Referat von Matteo Schürch
Möglichkeiten der Online-Werbung - Referat von Matteo SchürchMöglichkeiten der Online-Werbung - Referat von Matteo Schürch
Möglichkeiten der Online-Werbung - Referat von Matteo Schürch
 

Recently uploaded

Pvtaan Social media marketing proposal.pdf
Pvtaan Social media marketing proposal.pdfPvtaan Social media marketing proposal.pdf
Pvtaan Social media marketing proposal.pdfPvtaan
 
Article writing on excessive use of internet.pptx
Article writing on excessive use of internet.pptxArticle writing on excessive use of internet.pptx
Article writing on excessive use of internet.pptxabhinandnam9997
 
Production 2024 sunderland culture final - Copy.pptx
Production 2024 sunderland culture final - Copy.pptxProduction 2024 sunderland culture final - Copy.pptx
Production 2024 sunderland culture final - Copy.pptxChloeMeadows1
 
How Do I Begin the Linksys Velop Setup Process?
How Do I Begin the Linksys Velop Setup Process?How Do I Begin the Linksys Velop Setup Process?
How Do I Begin the Linksys Velop Setup Process?Linksys Velop Login
 
Thank You Luv I’ll Never Walk Alone Again T shirts
Thank You Luv I’ll Never Walk Alone Again T shirtsThank You Luv I’ll Never Walk Alone Again T shirts
Thank You Luv I’ll Never Walk Alone Again T shirtsrahman018755
 
Reggie miller choke t shirtsReggie miller choke t shirts
Reggie miller choke t shirtsReggie miller choke t shirtsReggie miller choke t shirtsReggie miller choke t shirts
Reggie miller choke t shirtsReggie miller choke t shirtsrahman018755
 
Premier Mobile App Development Agency in USA.pdf
Premier Mobile App Development Agency in USA.pdfPremier Mobile App Development Agency in USA.pdf
Premier Mobile App Development Agency in USA.pdfappinfoedgeca
 
The Use of AI in Indonesia Election 2024: A Case Study
The Use of AI in Indonesia Election 2024: A Case StudyThe Use of AI in Indonesia Election 2024: A Case Study
The Use of AI in Indonesia Election 2024: A Case StudyDamar Juniarto
 
Statistical Analysis of DNS Latencies.pdf
Statistical Analysis of DNS Latencies.pdfStatistical Analysis of DNS Latencies.pdf
Statistical Analysis of DNS Latencies.pdfOndejSur
 
Cyber Security Services Unveiled: Strategies to Secure Your Digital Presence
Cyber Security Services Unveiled: Strategies to Secure Your Digital PresenceCyber Security Services Unveiled: Strategies to Secure Your Digital Presence
Cyber Security Services Unveiled: Strategies to Secure Your Digital PresencePC Doctors NET
 
Development Lifecycle.pptx for the secure development of apps
Development Lifecycle.pptx for the secure development of appsDevelopment Lifecycle.pptx for the secure development of apps
Development Lifecycle.pptx for the secure development of appscristianmanaila2
 
Topology of the Network class 8 .ppt pdf
Topology of the Network class 8 .ppt pdfTopology of the Network class 8 .ppt pdf
Topology of the Network class 8 .ppt pdfAnushkaTripathi61
 
Bug Bounty Blueprint : A Beginner's Guide
Bug Bounty Blueprint : A Beginner's GuideBug Bounty Blueprint : A Beginner's Guide
Bug Bounty Blueprint : A Beginner's GuideVarun Mithran
 
Case study on merger of Vodafone and Idea (VI).pptx
Case study on merger of Vodafone and Idea (VI).pptxCase study on merger of Vodafone and Idea (VI).pptx
Case study on merger of Vodafone and Idea (VI).pptxAnkitscribd
 
iThome_CYBERSEC2024_Drive_Into_the_DarkWeb
iThome_CYBERSEC2024_Drive_Into_the_DarkWebiThome_CYBERSEC2024_Drive_Into_the_DarkWeb
iThome_CYBERSEC2024_Drive_Into_the_DarkWebJie Liau
 
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkkaudience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkklolsDocherty
 

Recently uploaded (16)

Pvtaan Social media marketing proposal.pdf
Pvtaan Social media marketing proposal.pdfPvtaan Social media marketing proposal.pdf
Pvtaan Social media marketing proposal.pdf
 
Article writing on excessive use of internet.pptx
Article writing on excessive use of internet.pptxArticle writing on excessive use of internet.pptx
Article writing on excessive use of internet.pptx
 
Production 2024 sunderland culture final - Copy.pptx
Production 2024 sunderland culture final - Copy.pptxProduction 2024 sunderland culture final - Copy.pptx
Production 2024 sunderland culture final - Copy.pptx
 
How Do I Begin the Linksys Velop Setup Process?
How Do I Begin the Linksys Velop Setup Process?How Do I Begin the Linksys Velop Setup Process?
How Do I Begin the Linksys Velop Setup Process?
 
Thank You Luv I’ll Never Walk Alone Again T shirts
Thank You Luv I’ll Never Walk Alone Again T shirtsThank You Luv I’ll Never Walk Alone Again T shirts
Thank You Luv I’ll Never Walk Alone Again T shirts
 
Reggie miller choke t shirtsReggie miller choke t shirts
Reggie miller choke t shirtsReggie miller choke t shirtsReggie miller choke t shirtsReggie miller choke t shirts
Reggie miller choke t shirtsReggie miller choke t shirts
 
Premier Mobile App Development Agency in USA.pdf
Premier Mobile App Development Agency in USA.pdfPremier Mobile App Development Agency in USA.pdf
Premier Mobile App Development Agency in USA.pdf
 
The Use of AI in Indonesia Election 2024: A Case Study
The Use of AI in Indonesia Election 2024: A Case StudyThe Use of AI in Indonesia Election 2024: A Case Study
The Use of AI in Indonesia Election 2024: A Case Study
 
Statistical Analysis of DNS Latencies.pdf
Statistical Analysis of DNS Latencies.pdfStatistical Analysis of DNS Latencies.pdf
Statistical Analysis of DNS Latencies.pdf
 
Cyber Security Services Unveiled: Strategies to Secure Your Digital Presence
Cyber Security Services Unveiled: Strategies to Secure Your Digital PresenceCyber Security Services Unveiled: Strategies to Secure Your Digital Presence
Cyber Security Services Unveiled: Strategies to Secure Your Digital Presence
 
Development Lifecycle.pptx for the secure development of apps
Development Lifecycle.pptx for the secure development of appsDevelopment Lifecycle.pptx for the secure development of apps
Development Lifecycle.pptx for the secure development of apps
 
Topology of the Network class 8 .ppt pdf
Topology of the Network class 8 .ppt pdfTopology of the Network class 8 .ppt pdf
Topology of the Network class 8 .ppt pdf
 
Bug Bounty Blueprint : A Beginner's Guide
Bug Bounty Blueprint : A Beginner's GuideBug Bounty Blueprint : A Beginner's Guide
Bug Bounty Blueprint : A Beginner's Guide
 
Case study on merger of Vodafone and Idea (VI).pptx
Case study on merger of Vodafone and Idea (VI).pptxCase study on merger of Vodafone and Idea (VI).pptx
Case study on merger of Vodafone and Idea (VI).pptx
 
iThome_CYBERSEC2024_Drive_Into_the_DarkWeb
iThome_CYBERSEC2024_Drive_Into_the_DarkWebiThome_CYBERSEC2024_Drive_Into_the_DarkWeb
iThome_CYBERSEC2024_Drive_Into_the_DarkWeb
 
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkkaudience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
 

IPv6 Security Talk mit Joe Klein

  • 1. Joe Klein, CISSP Cybersecurity Fellow, IPv6 Forum Consultant, Researcher & Trainer, Longboat, LLC May 2018 Observations from the lab, field & executive suite 1
  • 2. About me: Joe Klein <many certs> • Spoken at: DefCon, Black Hat, Torcon, SecTor, Security Days, Hackers on Planet Earth, SANS, IEEE, IoT,… • Roles: Photographer, Electronics Engineer, Robotics Engineer, Entrepreneur, CEO, CTO, CSO, ISP, Security Architect, Developer, Pentester, Incident Handler, Professor, Policy Writer, Auditor, Assure, Firewall/Network Engineer, Integrator, Data Scientist, ML experimenter, Threat Intel, Computer Scientist, Hacker • Timeline: • 70’s: Electronics, Radios, Gamer, Magic, Mainframe & Micro Computers, First ‘Hack’ • 80’s: BBS’s, Game Hacker, Robots, Unix/c/FORTH/Basic/ COBOL/LISP/c++, DEC, SNA Networks, Internet connected, CyberForensics, Routers/Switches • 90’s: ISP, IPv6, Penetrations Testing, Network Defender, Web Developer, Teaching Internet/Web Dev, IETF • 2000’s: CSO, Linux, Audits, Assessments, Car/IOT/ Building Controls, SCADA Hacking, Teaching Cybersecurity + SANS, Patents, International Speaking • 2010’s: DARPA, Policies, Startup, Honeypots, Deception Networks, IPv6 Fellow, GoLang, IEEE, Sprint Triathlon Recent Focus: Attacked Forced Time Scoped D&D 2
  • 3. How to Prepare To Implement IPv6! It’s Complex… 3
  • 4. Observation 1 - Establish your IPv6 Standard for all Procurement! • Why? • Establish a baseline of technology standards, during technology refresh • Ensure you are ready to move to IPv6, without big purchases! • How? 1. Can the Product vender support IPv6? “Eating their own dog Food!” • Internet Facing Services (Dual Stack) https://ip6.nl/# • IPv6 only clients behind 6xlt & NAT64/DNS64 https://nat64check.ipv6- lab.net/v6score 4
  • 5. Observation 1 - Establish your IPv6 standard for all Procurement! • How? 1. The Supplier's Declaration of Conformity (SDOC) • Product suppliers declare product capabilities to buyers, as advertised • Buyer is responsible for providing specifications • Seller is responsible to fix, if it does not meet specifications • https://www-x.antd.nist.gov/usgv6/sdoc.html 5
  • 6. IPv6 Standards Touch Every Protocol! 6
  • 7. What does IPv6 compliant mean to me? IPv6 Standard 86 (RFC 8200) First Order Dependencies Current IPv6 Standard Changes to Path MTU References from Newer standards (12) Updates to older standards (29) 7
  • 8. IPv6 Standard 86 (RFC 8200) First & Second Order Path MTU Dependencies • October 1989 - Updated - Requirements for Internet Hosts -- Communication Layers • November 1990 - Path MTU Discovery • November 1996 - Path MTU Discovery for IP version 6 - Obsoleted by 8201 July 2017 • November 1997 - Key words for use in RFCs to Indicate Requirement Levels • September 2000 - TCP Problems with Path MTU Discovery • March 2006 - Datagram Congestion Control Protocol (DCCP) • March 2006 - Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification - Obsoletes RFC 2463 • March 2007 - Packetization Layer Path MTU Discovery • September 2007- Neighbor Discovery for IP version 6 (IPv6)- Obsoletes 2461 • May 2007- Neighbor Discovery for IP version 6 (IPv6)- Obsoletes 2461 • September 2007 - Stream Control Transmission Protocol- Obsoletes 2960. 3309 • December 2007 - Deprecation of Type 0 Routing Headers in IPv6 - Obsoletes 2960 • July 2012 - TCP Options and Maximum Segment Size (MSS) • March 2015- Network File System (NFS) Version 4 Protocol- Obsoletes 3530 • May 2016- RFC Streams, Headers, and Boilerplates - Obsoletes 5741 • March 2017 - UDP Usage Guideline - Obsoletes 5405 • March 2017 - Path MTU Discovery for IP version 6 - Obsoletes 1981 IPv6 Standard July 2017 Updates to older standards (17))8
  • 9. IPv6 will not solve cybersecurity problems, right? 9
  • 10. Fundamental of Cyber Security & Privacy ❖ “Remote-access, multi-user resource- sharing computer system” ❖ Attackers Exploit ❖ Systems ❖ Hardware|Software|Data ❖ Networks ❖ People ❖ Users ❖ Operators ❖ Systems Programmers ❖ Maintenance Man (Person) April 1967 Reference: https://www.rand.org/pubs/authors/w/ware_willis_h.html 10
  • 11. First Cybersecurity Threats Diagram Willis H. Ware, RAND Corporation April 1967 Reference: https://www.rand.org/pubs/authors/w/ware_willis_h.html 11
  • 12. SO why is this happening? Technical Supply-Chain Debt — The real problem! Technical Debt Powerpoint 12
  • 13. What Does Winning Defender Look Like? 13
  • 14. Defender's Dilemma “The intruder only needs to exploit one of the victims in order to compromise the enterprise.” Intruder's Dilemma “The defender only needs to detect one of the indicators of the intruder’s presence in order to initiate incident response within the enterprise.” Reference: https://taosecurity.blogspot.com/2009/05/defenders-dilemma-and-intruders-dilemma.html 14
  • 15. The Intruder Game Tactic - Technical goal of the intruder Technique - How intruder achieves the goal The Intruder Chooses Time and Goal, Not You! The Defender Choose Confidence level of the Detection! 15
  • 16. How do I Remove the Noise to Find the Attackers and increase confidence levels? Reduce False Positives and Negatives! 16
  • 17. Defenders Game: ATT&CK: Deconstructs the Lifecycle Freely available, curated knowledge based on observed adversary behavior Higher fidelity on right-of-exploit, post-access phases Describes behavior and not adversary tools Built for the “Public Good” Right of the Boom! 17
  • 18. MITRE Pre-ATT&CK Adversarial Tactics, Techniques & Common Knowledge • Blacklist IP, Hash Domains are fungible, quickly replaceable • Pre-compromise activities are largely executed outside the enterprise’s field of view • Data Brokers (Free and for pay), • Websites (Partners, Yours, Government), • Search Engines and Bots • Social Network Bots Left-of-the-Boom 18
  • 19. MITRE ATT&CK Enterprise Perimeter Defense • Items in yellow are the only attributes detectable by tuned perimeter security • Items in red, address requirements on hosts and first hop networks. • Conclusion: • Perimeter security has minimal visibility into attackers insider your environment • IT slows the attacker, but this is not measurable • Tuning the security perimeter security to detect and alert on pre & post attack items are critical to catch attackers. 19
  • 20. The Defenders Goal • Strong trusted alerts • Behavior tracking • Automated response 20
  • 22. Open Source - MITRE Resources • Interactive Attack Navigator: • ATT&CK Enterprise: https://mitre.github.io/attack-navigator/enterprise/ • ATT&CK Mobile: https://mitre.github.io/attack-navigator/mobile/ • Source Code: https://github.com/mitre/attack-navigator • Attacker Groups: https://attack.mitre.org/pre-attack/index.php/Groups • Attacker Group Tactics: https://attack.mitre.org/pre-attack/index.php/Tactics • Unfetter Project - Discover and analyze gaps in your security posture • https://nsacyber.github.io/unfetter/ https://github.com/unfetter-discover/unfetter • Caldera - An automated adversary emulation system (validate alerts) • https://github.com/mitre/caldera 22
  • 23. I understand there is no way of scanning the IPv6 Internet, is that true? 23
  • 24. History of Scanning Internet-Facing IPv6 Devices • 2^64 or 2^128 - Brute Force - Fails in IPv6! • May 2005, Marc “van Huser” Heuse, Attacking the IPv6 Protocol Suite, THC-IPv6 toolkit (1) • May 2007, Joe Klein, “Scanning and Microsoft Mobile compromise via 6to4 on SPRINT”, Responsible Disclosure Notice to Microsoft, Sprint and US CERT, HOPE 2008 (2) • March 2008, IETF, RFC 5157, “IPv6 Implications for Network Scanning” (3) • May 2012, NMAP for IPv6, version 6 (4) • March 2016, IETF, RFC 7707, “Network Reconnaissance in IPv6 Networks” (5) • December 2018, Joe Klein, “Outbound Initiated Requests for Passive Scanning of IPv6” (6) • December 2018, Joe Klein, “Passive IPv6 Scanning using Certificate Transparency process” (7) 24
  • 25. So we are safe? Attackers have not used IPv6 in the past? 25
  • 27. Microsoft Phones are not on IPv6 in 2007 27
  • 28. Attacks on IPv6 , First DDOS , Botnet C&C 28
  • 29. Are their engineering things I can do, to improved detection and reduce operational complexity? 29
  • 30. It’s not just 96 more bits 30
  • 31. It’s not just 96 more bits 31
  • 32. How long have systems been compromise via IPv6? 32
  • 34. The opportunity to re-engineer our part of the Global Internet only happens once in a lifetime! Ensure it is operational and security! 34