SlideShare a Scribd company logo

IPv6 for Pentester

A
Amish Patadiya

- Basics of IPv6 - How to use IPv6 for network penetration test. - How to configure network security with respect to IPv6 - Tools of the trade for IPv6

Technology
1 of 45
Download to read offline
IPv6 for Pentester
Introduction Amish Patadiya: Designation & Company: ● Senior Security Consultant, NotSoSecure India Pvt. Ltd. Relevant Experience in Infosec: ● More than 7 years Contact: ● Email: amish.patadiya@gmail.com ● Twitter: @AmishPatadiya ● LinkedIn: https://in.linkedin.com/in/amish-patadiya
Topics covered ● What is IPv6? ● Text Representation of Address ● Address Types ● Pentester Scenario-1 ● Pentester Scenario-2 ● Pentester Scenario-3 ● Securing Network ● Tools of the trade
What is IPv6?
What is IPv6? ● Internet Protocol version 6 developed by the Internet Engineering Task Force (IETF) ● 128 bit address, theoretically allowing 2^128, or approximately 3.4×10^38 addresses ● Divided into 8 groups of 4 hexadecimal digits with group being separated by colons ○ For e.g. 2001:0db8:0000:0042:0000:8a2e:0370:7334 ● The IPv6 subnet size is standardized by fixing the size of the host identifier portion of an address to 64 bits.
Example of IPv6
Text Representation of Address
Text Representation of Address ● There are three conventional forms for representing IPv6 addresses as text strings:
Text Representation of Address 1) The preferred form is x:x:x:x:x:x:x:x, where the 'x's are one to four hexadecimal digits of the eight 16-bit pieces of the address. Examples: a) ABCD:EF01:2345:6789:ABCD:EF01:2345:6789 b) 2001:DB8:0:0:8:800:200C:417A
Text Representation of Address 2) The use of "::" indicates one or more groups of 16 bits of zeros. The "::" can only appear once in an address. The "::" can also be used to compress leading or trailing zeros in an address. a) For example, the following addresses i) 2001:DB8:0:0:8:800:200C:417A ii) FF01:0:0:0:0:0:0:101 iii) 0:0:0:0:0:0:0:1 iv) 0:0:0:0:0:0:0:0 b) may be represented as i) 2001:DB8::8:800:200C:417A ii) FF01::101 iii) ::1 iv) ::
Text Representation of Address 3) An alternative form that is sometimes more convenient when dealing with a mixed environment of IPv4 and IPv6 nodes is x:x:x:x:x:x:d.d.d.d, where the 'x's are the hexadecimal values of the six high-order 16-bit pieces of the address, and the 'd's are 8-bit pieces of the address (standard IPv4 representation). a) Examples: i) 0:0:0:0:0:0:13.1.68.3 ii) 0:0:0:0:0:FFFF:129.144.52.38 b) or in compressed form: i) ::13.1.68.3 ii) ::FFFF:129.144.52.38
Text Representation of Address Prefix ● Similar to the way IPv4 address prefixes are written in Classless Inter-Domain Routing (CIDR) notation [CIDR]. ipv6-address/prefix-length Where, ○ Ipv6-address - is an IPv6 address ○ Prefix-length - is a decimal value specifying how many of the leftmost contiguous bits of the address comprise the prefix.
Text Representation of Address Prefix ● For example, the following are legal representations of the 60-bit prefix 20010DB80000CD3 (hexadecimal): ○ 2001:0DB8:0000:CD30:0000:0000:0000:0000/60 ○ 2001:0DB8::CD30:0:0:0:0/60 ○ 2001:0DB8:0:CD30::/60
Address Types
Address Types Address type Binary prefix IPv6 notation Unspecified 00...0 (128 bits) ::/128 Loopback 00...1 (128 bits) ::1/128 Multicast 11111111 FF00::/8 Link-Local unicast 1111111010 FE80::/10 Unique-Local unicast 11111110 FC00::/7 Global Unicast (everything else) e.g. 00100000 [block for current assignment] 2000::/3
Address Types ● Link Local Unicast ○ Starts with FE80::/10 ○ Non Routable ○ Auto Assigned ○ Required ○ It is the first address ● Global Unicast ○ Starts with 2000::/3 ○ Globally Routable ○ Assigned by Internet Service Provider (ISP) / Regional Internet Registry (RIR) ● Unique Local Unicast ○ Starts with FC00::/7 ○ Internally Routable ○ Typically starts with FD00::/8
Pentester Scenario - 1
Pentester Scenario - 1 ● Services running on the server
Pentester Scenario - 1 ● Attacker machine
Pentester Scenario - 1 ● Services are accessible from attacker machine ○ SSH: ○ SNMP
Pentester Scenario - 1 ● Blocking attacker’s IP ‘192.168.1.117’
Pentester Scenario - 1 ● Services are no more accessible from attacker’s IP ‘192.168.1.117’
Pentester Scenario - 1
Pentester Scenario - 1 ● Services are accessible from attacker’s IPv6
Pentester Scenario - 2
Pentester Scenario - 2 ● What if a service running over IPv4 only?
Pentester Scenario - 2 ● Use socat to make it available over IPv6
Pentester Scenario - 2 ● Blocking attacker for IPv4 only service
Pentester Scenario - 2 ● IPv4 only service was still accessible using IPv6
Pentester Scenario - 3
Pentester Scenario - 3 ● Not many tools which supports IPv6 ● What to do if service is running on IPv6? ○ SNMP service running over IPv6
Pentester Scenario - 3 ● Think of scenario 2 in reverse.
Pentester Scenario - 3 ● Run IPv4 tools on ‘127.0.0.1’ address
Securing Network
Securing Network ● For Ubuntu (Linux):
Securing Network ● For Windows:
Tools of the trade
Tools of the trade ● Ping: ○ ping6 -I <interface> <IPv6 address>
Tools of the trade ● SSH: ○ ssh <user>@<IPv6 address>
Tools of the trade ● Telnet: ○ telnet <IPv6 address> <port number>
Tools of the trade ● Assigning an IPv6 address to an interface: ○ ip -6 addr add <IPv6 address/prefix> dev <interface>
Tools of the trade ● Assigning an IPv6 address to an interface: ○ ifconfig <interface> inet6 add <IPv6 address/prefix>
References ● IPv6 RFCs ● https://www.youtube.com/watch?v=DJSuLcw7zB0 ● http://www.infosec.gov.hk/english/technical/files/ipv6s.pdf ● http://www.dest-unreach.org/socat/doc/socat.html ● https://www.youtube.com/watch?v=O0mniyVioJk
IPv6 for Pentester

Recommended

IPv6 Address Planning
IPv6 Address PlanningIPv6 Address Planning
IPv6 Address PlanningAPNIC
 
Comparison of SRv6 Extensions uSID, SRv6+, C-SRH
Comparison of SRv6 Extensions uSID, SRv6+, C-SRHComparison of SRv6 Extensions uSID, SRv6+, C-SRH
Comparison of SRv6 Extensions uSID, SRv6+, C-SRHKentaro Ebisawa
 
DDoS Saldırıları ve Korunma Yolları
DDoS Saldırıları ve Korunma YollarıDDoS Saldırıları ve Korunma Yolları
DDoS Saldırıları ve Korunma YollarıBGA Cyber Security
 
ISP Load Balancing with Mikrotik ECMP
ISP Load Balancing with Mikrotik ECMPISP Load Balancing with Mikrotik ECMP
ISP Load Balancing with Mikrotik ECMPGLC Networks
 
Monitoring pfSense 2.4 with SNMP - pfSense Hangout March 2018
Monitoring pfSense 2.4 with SNMP - pfSense Hangout March 2018Monitoring pfSense 2.4 with SNMP - pfSense Hangout March 2018
Monitoring pfSense 2.4 with SNMP - pfSense Hangout March 2018Netgate
 
Migrating from OSPF to IS-IS by Philip Smith
Migrating from OSPF to IS-IS by Philip SmithMigrating from OSPF to IS-IS by Philip Smith
Migrating from OSPF to IS-IS by Philip SmithMyNOG
 
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You ArePutting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You AreKatie Nickels
 
Open Ethernet: an open-source approach to modern network design
Open Ethernet: an open-source approach to modern network designOpen Ethernet: an open-source approach to modern network design
Open Ethernet: an open-source approach to modern network designAlexander Petrovskiy
 

Recommended

IPv6 Address Planning
IPv6 Address PlanningIPv6 Address Planning
IPv6 Address PlanningAPNIC
 
Comparison of SRv6 Extensions uSID, SRv6+, C-SRH
Comparison of SRv6 Extensions uSID, SRv6+, C-SRHComparison of SRv6 Extensions uSID, SRv6+, C-SRH
Comparison of SRv6 Extensions uSID, SRv6+, C-SRHKentaro Ebisawa
 
DDoS Saldırıları ve Korunma Yolları
DDoS Saldırıları ve Korunma YollarıDDoS Saldırıları ve Korunma Yolları
DDoS Saldırıları ve Korunma YollarıBGA Cyber Security
 
ISP Load Balancing with Mikrotik ECMP
ISP Load Balancing with Mikrotik ECMPISP Load Balancing with Mikrotik ECMP
ISP Load Balancing with Mikrotik ECMPGLC Networks
 
Monitoring pfSense 2.4 with SNMP - pfSense Hangout March 2018
Monitoring pfSense 2.4 with SNMP - pfSense Hangout March 2018Monitoring pfSense 2.4 with SNMP - pfSense Hangout March 2018
Monitoring pfSense 2.4 with SNMP - pfSense Hangout March 2018Netgate
 
Migrating from OSPF to IS-IS by Philip Smith
Migrating from OSPF to IS-IS by Philip SmithMigrating from OSPF to IS-IS by Philip Smith
Migrating from OSPF to IS-IS by Philip SmithMyNOG
 
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You ArePutting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You AreKatie Nickels
 
Open Ethernet: an open-source approach to modern network design
Open Ethernet: an open-source approach to modern network designOpen Ethernet: an open-source approach to modern network design
Open Ethernet: an open-source approach to modern network designAlexander Petrovskiy
 
OVS Hardware Offload with TC Flower
OVS Hardware Offload with TC FlowerOVS Hardware Offload with TC Flower
OVS Hardware Offload with TC FlowerNetronome
 
Using mikrotik with radius
Using mikrotik with radiusUsing mikrotik with radius
Using mikrotik with radiusAchmad Mardiansyah
 
DOS, DDOS Atakları ve Korunma Yöntemleri
DOS, DDOS Atakları ve Korunma YöntemleriDOS, DDOS Atakları ve Korunma Yöntemleri
DOS, DDOS Atakları ve Korunma YöntemleriBGA Cyber Security
 
Splunk Distributed Management Console
Splunk Distributed Management Console Splunk Distributed Management Console
Splunk Distributed Management Console Splunk
 
Using MikroTik routers for BGP transit and IX points
Using MikroTik routers for BGP transit and IX points Using MikroTik routers for BGP transit and IX points
Using MikroTik routers for BGP transit and IX points Pavel Odintsov
 
What is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda SecurityWhat is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda SecurityPanda Security
 
Leveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageLeveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageErik Van Buggenhout
 
Traffic Engineering Using Segment Routing
Traffic Engineering Using Segment Routing Traffic Engineering Using Segment Routing
Traffic Engineering Using Segment Routing Cisco Canada
 
Building and Scaling the Fastly Network - João Taveira at Fastly Altitude 2015
Building and Scaling the Fastly Network - João Taveira at Fastly Altitude 2015Building and Scaling the Fastly Network - João Taveira at Fastly Altitude 2015
Building and Scaling the Fastly Network - João Taveira at Fastly Altitude 2015Fastly
 
Graylog for open stack 3 steps to know why
Graylog for open stack 3 steps to know whyGraylog for open stack 3 steps to know why
Graylog for open stack 3 steps to know whyVietnam Open Infrastructure User Group
 
BGP and Traffic Engineering with Akamai
BGP and Traffic Engineering with AkamaiBGP and Traffic Engineering with Akamai
BGP and Traffic Engineering with AkamaiInternet Society
 
Ospf area types
Ospf area typesOspf area types
Ospf area typesCoderGenie Technologies
 
Room 1 - 5 - Thủy Đặng - Load balancing k8s services on baremetal with Cilium...
Room 1 - 5 - Thủy Đặng - Load balancing k8s services on baremetal with Cilium...Room 1 - 5 - Thủy Đặng - Load balancing k8s services on baremetal with Cilium...
Room 1 - 5 - Thủy Đặng - Load balancing k8s services on baremetal with Cilium...Vietnam Open Infrastructure User Group
 
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010Priyanka Aash
 
F5 DDoS Protection
F5 DDoS ProtectionF5 DDoS Protection
F5 DDoS ProtectionMarketingArrowECS_CZ
 
Snort IPS
Snort IPSSnort IPS
Snort IPSSimone Tino
 
Network Access Control as a Network Security Solution
Network Access Control as a Network Security SolutionNetwork Access Control as a Network Security Solution
Network Access Control as a Network Security SolutionConor Ryan
 
Segment Routing Advanced Use Cases - Cisco Live 2016 USA
Segment Routing Advanced Use Cases - Cisco Live 2016 USASegment Routing Advanced Use Cases - Cisco Live 2016 USA
Segment Routing Advanced Use Cases - Cisco Live 2016 USAJose Liste
 
DDoS Attack Detection & Mitigation in SDN
DDoS Attack Detection & Mitigation in SDNDDoS Attack Detection & Mitigation in SDN
DDoS Attack Detection & Mitigation in SDNChao Chen
 
Ceh v5 module 19 evading ids firewall and honeypot
Ceh v5 module 19 evading ids firewall and honeypotCeh v5 module 19 evading ids firewall and honeypot
Ceh v5 module 19 evading ids firewall and honeypotVi Tính Hoàng Nam
 
4 ipv6
4 ipv64 ipv6
4 ipv6Jadavsejal
 
CN 5151(15) Module II part 2 13082020.pdf
CN 5151(15) Module II part 2 13082020.pdfCN 5151(15) Module II part 2 13082020.pdf
CN 5151(15) Module II part 2 13082020.pdfADARSHN40
 

More Related Content

What's hot

OVS Hardware Offload with TC Flower
OVS Hardware Offload with TC FlowerOVS Hardware Offload with TC Flower
OVS Hardware Offload with TC FlowerNetronome
 
DOS, DDOS Atakları ve Korunma Yöntemleri
DOS, DDOS Atakları ve Korunma YöntemleriDOS, DDOS Atakları ve Korunma Yöntemleri
DOS, DDOS Atakları ve Korunma YöntemleriBGA Cyber Security
 
Splunk Distributed Management Console
Splunk Distributed Management Console Splunk Distributed Management Console
Splunk Distributed Management Console Splunk
 
Using MikroTik routers for BGP transit and IX points
Using MikroTik routers for BGP transit and IX points Using MikroTik routers for BGP transit and IX points
Using MikroTik routers for BGP transit and IX points Pavel Odintsov
 
What is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda SecurityWhat is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda SecurityPanda Security
 
Leveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageLeveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageErik Van Buggenhout
 
Traffic Engineering Using Segment Routing
Traffic Engineering Using Segment Routing Traffic Engineering Using Segment Routing
Traffic Engineering Using Segment Routing Cisco Canada
 
Building and Scaling the Fastly Network - João Taveira at Fastly Altitude 2015
Building and Scaling the Fastly Network - João Taveira at Fastly Altitude 2015Building and Scaling the Fastly Network - João Taveira at Fastly Altitude 2015
Building and Scaling the Fastly Network - João Taveira at Fastly Altitude 2015Fastly
 
BGP and Traffic Engineering with Akamai
BGP and Traffic Engineering with AkamaiBGP and Traffic Engineering with Akamai
BGP and Traffic Engineering with AkamaiInternet Society
 
Room 1 - 5 - Thủy Đặng - Load balancing k8s services on baremetal with Cilium...
Room 1 - 5 - Thủy Đặng - Load balancing k8s services on baremetal with Cilium...Room 1 - 5 - Thủy Đặng - Load balancing k8s services on baremetal with Cilium...
Room 1 - 5 - Thủy Đặng - Load balancing k8s services on baremetal with Cilium...Vietnam Open Infrastructure User Group
 
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010Priyanka Aash
 
Network Access Control as a Network Security Solution
Network Access Control as a Network Security SolutionNetwork Access Control as a Network Security Solution
Network Access Control as a Network Security SolutionConor Ryan
 
Segment Routing Advanced Use Cases - Cisco Live 2016 USA
Segment Routing Advanced Use Cases - Cisco Live 2016 USASegment Routing Advanced Use Cases - Cisco Live 2016 USA
Segment Routing Advanced Use Cases - Cisco Live 2016 USAJose Liste
 
DDoS Attack Detection & Mitigation in SDN
DDoS Attack Detection & Mitigation in SDNDDoS Attack Detection & Mitigation in SDN
DDoS Attack Detection & Mitigation in SDNChao Chen
 
Ceh v5 module 19 evading ids firewall and honeypot
Ceh v5 module 19 evading ids firewall and honeypotCeh v5 module 19 evading ids firewall and honeypot
Ceh v5 module 19 evading ids firewall and honeypotVi Tính Hoàng Nam
 

What's hot (20)

OVS Hardware Offload with TC Flower
OVS Hardware Offload with TC FlowerOVS Hardware Offload with TC Flower
OVS Hardware Offload with TC Flower
 
Using mikrotik with radius
Using mikrotik with radiusUsing mikrotik with radius
Using mikrotik with radius
 
DOS, DDOS Atakları ve Korunma Yöntemleri
DOS, DDOS Atakları ve Korunma YöntemleriDOS, DDOS Atakları ve Korunma Yöntemleri
DOS, DDOS Atakları ve Korunma Yöntemleri
 
Splunk Distributed Management Console
Splunk Distributed Management Console Splunk Distributed Management Console
Splunk Distributed Management Console
 
Using MikroTik routers for BGP transit and IX points
Using MikroTik routers for BGP transit and IX points Using MikroTik routers for BGP transit and IX points
Using MikroTik routers for BGP transit and IX points
 
What is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda SecurityWhat is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda Security
 
Leveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageLeveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common Language
 
Traffic Engineering Using Segment Routing
Traffic Engineering Using Segment Routing Traffic Engineering Using Segment Routing
Traffic Engineering Using Segment Routing
 
Building and Scaling the Fastly Network - João Taveira at Fastly Altitude 2015
Building and Scaling the Fastly Network - João Taveira at Fastly Altitude 2015Building and Scaling the Fastly Network - João Taveira at Fastly Altitude 2015
Building and Scaling the Fastly Network - João Taveira at Fastly Altitude 2015
 
Graylog for open stack 3 steps to know why
Graylog for open stack 3 steps to know whyGraylog for open stack 3 steps to know why
Graylog for open stack 3 steps to know why
 
BGP and Traffic Engineering with Akamai
BGP and Traffic Engineering with AkamaiBGP and Traffic Engineering with Akamai
BGP and Traffic Engineering with Akamai
 
Ospf area types
Ospf area typesOspf area types
Ospf area types
 
Room 1 - 5 - Thủy Đặng - Load balancing k8s services on baremetal with Cilium...
Room 1 - 5 - Thủy Đặng - Load balancing k8s services on baremetal with Cilium...Room 1 - 5 - Thủy Đặng - Load balancing k8s services on baremetal with Cilium...
Room 1 - 5 - Thủy Đặng - Load balancing k8s services on baremetal with Cilium...
 
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010
 
F5 DDoS Protection
F5 DDoS ProtectionF5 DDoS Protection
F5 DDoS Protection
 
Snort IPS
Snort IPSSnort IPS
Snort IPS
 
Network Access Control as a Network Security Solution
Network Access Control as a Network Security SolutionNetwork Access Control as a Network Security Solution
Network Access Control as a Network Security Solution
 
Segment Routing Advanced Use Cases - Cisco Live 2016 USA
Segment Routing Advanced Use Cases - Cisco Live 2016 USASegment Routing Advanced Use Cases - Cisco Live 2016 USA
Segment Routing Advanced Use Cases - Cisco Live 2016 USA
 
DDoS Attack Detection & Mitigation in SDN
DDoS Attack Detection & Mitigation in SDNDDoS Attack Detection & Mitigation in SDN
DDoS Attack Detection & Mitigation in SDN
 
Ceh v5 module 19 evading ids firewall and honeypot
Ceh v5 module 19 evading ids firewall and honeypotCeh v5 module 19 evading ids firewall and honeypot
Ceh v5 module 19 evading ids firewall and honeypot
 

Similar to IPv6 for Pentester

CN 5151(15) Module II part 2 13082020.pdf
CN 5151(15) Module II part 2 13082020.pdfCN 5151(15) Module II part 2 13082020.pdf
CN 5151(15) Module II part 2 13082020.pdfADARSHN40
 
Ppt fnr arbitrary length small domain block cipher proposal
Ppt fnr arbitrary length small domain block cipher proposalPpt fnr arbitrary length small domain block cipher proposal
Ppt fnr arbitrary length small domain block cipher proposalKarunakar Saroj
 
Design and Implementation of Ipv6 Address Using Cryptographically Generated A...
Design and Implementation of Ipv6 Address Using Cryptographically Generated A...Design and Implementation of Ipv6 Address Using Cryptographically Generated A...
Design and Implementation of Ipv6 Address Using Cryptographically Generated A...IJERA Editor
 
IP Address
IP AddressIP Address
IP AddressRahul P
 
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...Alexandre Moneger
 
ipv6 presentation by Rahul uit BU
ipv6 presentation by Rahul uit BUipv6 presentation by Rahul uit BU
ipv6 presentation by Rahul uit BURahul Singh
 
Network Test Automation - Net Ops Coding 2015
Network Test Automation - Net Ops Coding 2015Network Test Automation - Net Ops Coding 2015
Network Test Automation - Net Ops Coding 2015Hiroshi Ota
 
File 10 - CSX 334 _VRA NBO.ppsx
File 10 - CSX 334 _VRA NBO.ppsxFile 10 - CSX 334 _VRA NBO.ppsx
File 10 - CSX 334 _VRA NBO.ppsxgaurav201196
 
IPv4 & IPv6 .pptx
IPv4 & IPv6 .pptxIPv4 & IPv6 .pptx
IPv4 & IPv6 .pptxhakxcore
 
Why We Need IPv6
Why We Need IPv6Why We Need IPv6
Why We Need IPv6Netwax Lab
 
[CB19] New threats are already around you, the IPV6 attack must be understood...
[CB19] New threats are already around you, the IPV6 attack must be understood...[CB19] New threats are already around you, the IPV6 attack must be understood...
[CB19] New threats are already around you, the IPV6 attack must be understood...CODE BLUE
 
Networking essentials lect2
Networking essentials lect2Networking essentials lect2
Networking essentials lect2Roman Brovko
 
IPv6 - The Next next generation protocol
IPv6 - The Next next generation protocolIPv6 - The Next next generation protocol
IPv6 - The Next next generation protocolMohit Sharma
 

Similar to IPv6 for Pentester (20)

4 ipv6
4 ipv64 ipv6
4 ipv6
 
CN 5151(15) Module II part 2 13082020.pdf
CN 5151(15) Module II part 2 13082020.pdfCN 5151(15) Module II part 2 13082020.pdf
CN 5151(15) Module II part 2 13082020.pdf
 
Ppt fnr arbitrary length small domain block cipher proposal
Ppt fnr arbitrary length small domain block cipher proposalPpt fnr arbitrary length small domain block cipher proposal
Ppt fnr arbitrary length small domain block cipher proposal
 
Design and Implementation of Ipv6 Address Using Cryptographically Generated A...
Design and Implementation of Ipv6 Address Using Cryptographically Generated A...Design and Implementation of Ipv6 Address Using Cryptographically Generated A...
Design and Implementation of Ipv6 Address Using Cryptographically Generated A...
 
IPv4 and IPv6
IPv4 and IPv6IPv4 and IPv6
IPv4 and IPv6
 
Ipv6
Ipv6Ipv6
Ipv6
 
I pv4 and ipv6
I pv4 and ipv6I pv4 and ipv6
I pv4 and ipv6
 
Introduction to IPv6
Introduction to IPv6Introduction to IPv6
Introduction to IPv6
 
IP Address
IP AddressIP Address
IP Address
 
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...
 
ipv6 presentation by Rahul uit BU
ipv6 presentation by Rahul uit BUipv6 presentation by Rahul uit BU
ipv6 presentation by Rahul uit BU
 
Network.pptx
Network.pptxNetwork.pptx
Network.pptx
 
Network Layer And I Pv6
Network Layer And I Pv6Network Layer And I Pv6
Network Layer And I Pv6
 
Network Test Automation - Net Ops Coding 2015
Network Test Automation - Net Ops Coding 2015Network Test Automation - Net Ops Coding 2015
Network Test Automation - Net Ops Coding 2015
 
File 10 - CSX 334 _VRA NBO.ppsx
File 10 - CSX 334 _VRA NBO.ppsxFile 10 - CSX 334 _VRA NBO.ppsx
File 10 - CSX 334 _VRA NBO.ppsx
 
IPv4 & IPv6 .pptx
IPv4 & IPv6 .pptxIPv4 & IPv6 .pptx
IPv4 & IPv6 .pptx
 
Why We Need IPv6
Why We Need IPv6Why We Need IPv6
Why We Need IPv6
 
[CB19] New threats are already around you, the IPV6 attack must be understood...
[CB19] New threats are already around you, the IPV6 attack must be understood...[CB19] New threats are already around you, the IPV6 attack must be understood...
[CB19] New threats are already around you, the IPV6 attack must be understood...
 
Networking essentials lect2
Networking essentials lect2Networking essentials lect2
Networking essentials lect2
 
IPv6 - The Next next generation protocol
IPv6 - The Next next generation protocolIPv6 - The Next next generation protocol
IPv6 - The Next next generation protocol
 

Recently uploaded

🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 

Recently uploaded (20)

🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 

IPv6 for Pentester

  • 2. Introduction Amish Patadiya: Designation & Company: ● Senior Security Consultant, NotSoSecure India Pvt. Ltd. Relevant Experience in Infosec: ● More than 7 years Contact: ● Email: amish.patadiya@gmail.com ● Twitter: @AmishPatadiya ● LinkedIn: https://in.linkedin.com/in/amish-patadiya
  • 3. Topics covered ● What is IPv6? ● Text Representation of Address ● Address Types ● Pentester Scenario-1 ● Pentester Scenario-2 ● Pentester Scenario-3 ● Securing Network ● Tools of the trade
  • 5. What is IPv6? ● Internet Protocol version 6 developed by the Internet Engineering Task Force (IETF) ● 128 bit address, theoretically allowing 2^128, or approximately 3.4×10^38 addresses ● Divided into 8 groups of 4 hexadecimal digits with group being separated by colons ○ For e.g. 2001:0db8:0000:0042:0000:8a2e:0370:7334 ● The IPv6 subnet size is standardized by fixing the size of the host identifier portion of an address to 64 bits.
  • 8. Text Representation of Address ● There are three conventional forms for representing IPv6 addresses as text strings:
  • 9. Text Representation of Address 1) The preferred form is x:x:x:x:x:x:x:x, where the 'x's are one to four hexadecimal digits of the eight 16-bit pieces of the address. Examples: a) ABCD:EF01:2345:6789:ABCD:EF01:2345:6789 b) 2001:DB8:0:0:8:800:200C:417A
  • 10. Text Representation of Address 2) The use of "::" indicates one or more groups of 16 bits of zeros. The "::" can only appear once in an address. The "::" can also be used to compress leading or trailing zeros in an address. a) For example, the following addresses i) 2001:DB8:0:0:8:800:200C:417A ii) FF01:0:0:0:0:0:0:101 iii) 0:0:0:0:0:0:0:1 iv) 0:0:0:0:0:0:0:0 b) may be represented as i) 2001:DB8::8:800:200C:417A ii) FF01::101 iii) ::1 iv) ::
  • 11. Text Representation of Address 3) An alternative form that is sometimes more convenient when dealing with a mixed environment of IPv4 and IPv6 nodes is x:x:x:x:x:x:d.d.d.d, where the 'x's are the hexadecimal values of the six high-order 16-bit pieces of the address, and the 'd's are 8-bit pieces of the address (standard IPv4 representation). a) Examples: i) 0:0:0:0:0:0:13.1.68.3 ii) 0:0:0:0:0:FFFF:129.144.52.38 b) or in compressed form: i) ::13.1.68.3 ii) ::FFFF:129.144.52.38
  • 12. Text Representation of Address Prefix ● Similar to the way IPv4 address prefixes are written in Classless Inter-Domain Routing (CIDR) notation [CIDR]. ipv6-address/prefix-length Where, ○ Ipv6-address - is an IPv6 address ○ Prefix-length - is a decimal value specifying how many of the leftmost contiguous bits of the address comprise the prefix.
  • 13. Text Representation of Address Prefix ● For example, the following are legal representations of the 60-bit prefix 20010DB80000CD3 (hexadecimal): ○ 2001:0DB8:0000:CD30:0000:0000:0000:0000/60 ○ 2001:0DB8::CD30:0:0:0:0/60 ○ 2001:0DB8:0:CD30::/60
  • 15. Address Types Address type Binary prefix IPv6 notation Unspecified 00...0 (128 bits) ::/128 Loopback 00...1 (128 bits) ::1/128 Multicast 11111111 FF00::/8 Link-Local unicast 1111111010 FE80::/10 Unique-Local unicast 11111110 FC00::/7 Global Unicast (everything else) e.g. 00100000 [block for current assignment] 2000::/3
  • 16. Address Types ● Link Local Unicast ○ Starts with FE80::/10 ○ Non Routable ○ Auto Assigned ○ Required ○ It is the first address ● Global Unicast ○ Starts with 2000::/3 ○ Globally Routable ○ Assigned by Internet Service Provider (ISP) / Regional Internet Registry (RIR) ● Unique Local Unicast ○ Starts with FC00::/7 ○ Internally Routable ○ Typically starts with FD00::/8
  • 18. Pentester Scenario - 1 ● Services running on the server
  • 19. Pentester Scenario - 1 ● Attacker machine
  • 20. Pentester Scenario - 1 ● Services are accessible from attacker machine ○ SSH: ○ SNMP
  • 21. Pentester Scenario - 1 ● Blocking attacker’s IP ‘192.168.1.117’
  • 22. Pentester Scenario - 1 ● Services are no more accessible from attacker’s IP ‘192.168.1.117’
  • 24. Pentester Scenario - 1 ● Services are accessible from attacker’s IPv6
  • 26. Pentester Scenario - 2 ● What if a service running over IPv4 only?
  • 27. Pentester Scenario - 2 ● Use socat to make it available over IPv6
  • 28. Pentester Scenario - 2 ● Blocking attacker for IPv4 only service
  • 29. Pentester Scenario - 2 ● IPv4 only service was still accessible using IPv6
  • 31. Pentester Scenario - 3 ● Not many tools which supports IPv6 ● What to do if service is running on IPv6? ○ SNMP service running over IPv6
  • 32. Pentester Scenario - 3 ● Think of scenario 2 in reverse.
  • 33. Pentester Scenario - 3 ● Run IPv4 tools on ‘127.0.0.1’ address
  • 35. Securing Network ● For Ubuntu (Linux):
  • 37. Tools of the trade
  • 38. Tools of the trade ● Ping: ○ ping6 -I <interface> <IPv6 address>
  • 39. Tools of the trade ● SSH: ○ ssh <user>@<IPv6 address>
  • 40. Tools of the trade ● Telnet: ○ telnet <IPv6 address> <port number>
  • 41. Tools of the trade ● Assigning an IPv6 address to an interface: ○ ip -6 addr add <IPv6 address/prefix> dev <interface>
  • 42. Tools of the trade ● Assigning an IPv6 address to an interface: ○ ifconfig <interface> inet6 add <IPv6 address/prefix>
  • 43.
  • 44. References ● IPv6 RFCs ● https://www.youtube.com/watch?v=DJSuLcw7zB0 ● http://www.infosec.gov.hk/english/technical/files/ipv6s.pdf ● http://www.dest-unreach.org/socat/doc/socat.html ● https://www.youtube.com/watch?v=O0mniyVioJk