TECH TRAINING 6 – RECENT ADVANCES IN IPV6 INSECURITIES

OVERVIEW

This workshop shows you how to perform penetration testing on IPv6 networks locally and remote – in theory and hands-on. It is the only workshop which supplies you with the necessary tools – especially for remote tests – which are nowhere else available.

Today IPv6 is available on every desktop and every server, as all operating systems since Windows XP and Linux Kernel 2.2 support IPv6. Hosting providers start to offer IPv6 addresses and networking. IPv6 is already available in corporations, e.g. all major mobile providers already support it on their backbones.

This training explains the IPv6 issues, concentrating on the security vulnerabilities inherent in the protocol as well as configuration issues and implementation problems. All so far known vulnerabilities are presented and students will be able to try them out themselves with supplied tools on the test network.

Trainees will not only receive the current unpublished version of the thc-ipv6 protocol attack suite (which has more functionality than the public release) but also receive direct development source code access for the future. Preventive and other security measures will be shown at the 2nd half of the second day.

PREREQUISITES

Trainees must have basic knowledge in Linux, TCP/IP and IT security - the more the better.

HARDWARE / SOFTWARE REQUIREMENTS 

Trainees should have a Laptop with Linux (2.6 kernel) installed (either direct boot or virtual machine) and arrive with an Ethernet cable to be able to participate in the hands-on sessions. Using Backtrack 5R2 is recommended. If using a virtual machine, VMware 8+ must be used.

AGENDA

• Introduction to IPv6 (the mindset behind IPv6, how does it work, what is different to IPv4, new features)

• Vulnerabilities in IPv6 (problems in IP6, problems in ICMP6, mobile IPv6

• How to pentest IPv6 networks remotely

• How to pentest IPv6 networks locally

• Vulnerabilities with tunnel and migration issues (e.g. 6to4, Teredo,ISATAP), configuation issues, implementation problems)

• Hands-on time (scanning local and remote networks, performing various man-in-the-middle attacks based on ICMP6, attacking dual stack systems, etc.)

• Securing IPv6 systems and networks

WHAT TO BRING:

A working laptop with the following hardware/software requirements:

Hardware Requirements

• Intel 64-bit machine.

  Hardware must be able to run a 64-bit VM

  If you can only get an Intel 32-bit machine you will still be able to do 85% of the labs, so don’t fret.

• MINIMUM 2048 MB RAM required.

  If you can only get 1GB then you will get by but just slowly.

• Wireless network card – no wired network provided

• 20 GB free Hard disk space

• USB 2.0 port to copy lab VMs

Operating Systems (one of the following)

• Windows XP SP2/SP3 or Windows 7 (I don’t trust Vista so you are on your own, but go for it)

• Administrator access mandatory

• If it’s a company laptop with user access only, get your administrator to allow USB and install the latest version of VMWare Player

  • Ability to disable Anti-virus / Anti-spyware programs

  • Ability to disable Windows Firewall or personal firewalls

  • An SSH client, such as PuTTY

  • OR

  • Linux kernel 2.4 or 2.6

  • Kernel 2.4 or 2.6 required

  • Root access mandatory

  • Ability to use an X-windows based GUI environment

  • SSH should be available

ABOUT THE TRAINER

Marc ‘van Hauser’ Heuse

Marc “van Hauser” Heuse is performing security research since 1993, having found vulnerabilities in software like firewalls, DNS servers, SAP middleware, etc. and is the author of various well known security and pentest tools like hydra, amap, THC-Scan, secure_delete, SuSEFirewall and many more. He is performing security research on IPv6 since 2005 and has spoken on many conferences on this topic since then, and additionally has programmed the solely available pentest toolkit for ipv6: the thc-ipv6 protocol attack suite.

In 1995 he founded the renowned security research group “The Hacker’s Choice”, which was the first group to e.g. crack A5 GSM in 2006 within a minute. Since 1997 he is working as a security consultant in the top-5 enterprise consultant companies, since 2007 he is working as an independant security consultant.