hachetetepé dos puntos slaac slaac
DESCRIPTION
Diapositivas utilizadas durante la última RootedCON 2012 para presentar ataques SLAAC en esquemas de man in the middleTRANSCRIPT
![Page 2: Hachetetepé dos puntos SLAAC SLAAC](https://reader035.vdocuments.mx/reader035/viewer/2022062706/5575810ad8b42adb7e8b5169/html5/thumbnails/2.jpg)
IPv6 Basics & Attacks
• Watch NCN’12 video– http://
www.elladodelmal.com/2012/11/fc001-algunos-ataques-en-ipv6.html
![Page 3: Hachetetepé dos puntos SLAAC SLAAC](https://reader035.vdocuments.mx/reader035/viewer/2022062706/5575810ad8b42adb7e8b5169/html5/thumbnails/3.jpg)
IPv6 is on your box!
![Page 4: Hachetetepé dos puntos SLAAC SLAAC](https://reader035.vdocuments.mx/reader035/viewer/2022062706/5575810ad8b42adb7e8b5169/html5/thumbnails/4.jpg)
And it works!: ipconfig
![Page 5: Hachetetepé dos puntos SLAAC SLAAC](https://reader035.vdocuments.mx/reader035/viewer/2022062706/5575810ad8b42adb7e8b5169/html5/thumbnails/5.jpg)
And it works!: route print
![Page 6: Hachetetepé dos puntos SLAAC SLAAC](https://reader035.vdocuments.mx/reader035/viewer/2022062706/5575810ad8b42adb7e8b5169/html5/thumbnails/6.jpg)
And it works!: ping
![Page 7: Hachetetepé dos puntos SLAAC SLAAC](https://reader035.vdocuments.mx/reader035/viewer/2022062706/5575810ad8b42adb7e8b5169/html5/thumbnails/7.jpg)
And it works!: ping
![Page 8: Hachetetepé dos puntos SLAAC SLAAC](https://reader035.vdocuments.mx/reader035/viewer/2022062706/5575810ad8b42adb7e8b5169/html5/thumbnails/8.jpg)
LLMNR
![Page 9: Hachetetepé dos puntos SLAAC SLAAC](https://reader035.vdocuments.mx/reader035/viewer/2022062706/5575810ad8b42adb7e8b5169/html5/thumbnails/9.jpg)
And it works!: Neightbors
![Page 10: Hachetetepé dos puntos SLAAC SLAAC](https://reader035.vdocuments.mx/reader035/viewer/2022062706/5575810ad8b42adb7e8b5169/html5/thumbnails/10.jpg)
ICMPv6• No ARP– No ARP Spoofing– Tools anti-ARP Spoofing are useless
• Neighbor Discover uses ICPMv6– NS: Neighbor Solicitation– NA: Neighbor Advertisement
![Page 11: Hachetetepé dos puntos SLAAC SLAAC](https://reader035.vdocuments.mx/reader035/viewer/2022062706/5575810ad8b42adb7e8b5169/html5/thumbnails/11.jpg)
NS/NA
![Page 12: Hachetetepé dos puntos SLAAC SLAAC](https://reader035.vdocuments.mx/reader035/viewer/2022062706/5575810ad8b42adb7e8b5169/html5/thumbnails/12.jpg)
NA Spoofing
![Page 13: Hachetetepé dos puntos SLAAC SLAAC](https://reader035.vdocuments.mx/reader035/viewer/2022062706/5575810ad8b42adb7e8b5169/html5/thumbnails/13.jpg)
NA Spoofing
![Page 14: Hachetetepé dos puntos SLAAC SLAAC](https://reader035.vdocuments.mx/reader035/viewer/2022062706/5575810ad8b42adb7e8b5169/html5/thumbnails/14.jpg)
Demo 1: Mitm using NA Spoofing
![Page 15: Hachetetepé dos puntos SLAAC SLAAC](https://reader035.vdocuments.mx/reader035/viewer/2022062706/5575810ad8b42adb7e8b5169/html5/thumbnails/15.jpg)
ICMPv6: SLAAC• Stateless Address Auto Configuration• Devices ask for routers• Routers public their IPv6 Address• Devices auto-configure IPv6 and Gateway– RS: Router Solicitation– RA: Router Advertisement
![Page 16: Hachetetepé dos puntos SLAAC SLAAC](https://reader035.vdocuments.mx/reader035/viewer/2022062706/5575810ad8b42adb7e8b5169/html5/thumbnails/16.jpg)
DNS Autodiscovery
![Page 17: Hachetetepé dos puntos SLAAC SLAAC](https://reader035.vdocuments.mx/reader035/viewer/2022062706/5575810ad8b42adb7e8b5169/html5/thumbnails/17.jpg)
And it works!: Web Browser
![Page 18: Hachetetepé dos puntos SLAAC SLAAC](https://reader035.vdocuments.mx/reader035/viewer/2022062706/5575810ad8b42adb7e8b5169/html5/thumbnails/18.jpg)
Windows Behavior• IPv4 & IPv6 – DNSv4 queries A & AAAA
• IPv6 Only– DNSv6 queries A
• IPv6 & IPv4 Local Link– DNSv6 queries AAAA
![Page 19: Hachetetepé dos puntos SLAAC SLAAC](https://reader035.vdocuments.mx/reader035/viewer/2022062706/5575810ad8b42adb7e8b5169/html5/thumbnails/19.jpg)
DNS64 & NAT64
![Page 20: Hachetetepé dos puntos SLAAC SLAAC](https://reader035.vdocuments.mx/reader035/viewer/2022062706/5575810ad8b42adb7e8b5169/html5/thumbnails/20.jpg)
HTTP-s Connections• SSL Strip– Remove “S” from HTTP-s links
• SSL Sniff– Use a Fake CA to create dynamicly Fake
CA
• Evil FOCA does SSL Strip (so far)
![Page 21: Hachetetepé dos puntos SLAAC SLAAC](https://reader035.vdocuments.mx/reader035/viewer/2022062706/5575810ad8b42adb7e8b5169/html5/thumbnails/21.jpg)
Demo 2: hachetetepé dos puntos SLAAC SLAAC
![Page 22: Hachetetepé dos puntos SLAAC SLAAC](https://reader035.vdocuments.mx/reader035/viewer/2022062706/5575810ad8b42adb7e8b5169/html5/thumbnails/22.jpg)
SLAAC D.O.S.
![Page 23: Hachetetepé dos puntos SLAAC SLAAC](https://reader035.vdocuments.mx/reader035/viewer/2022062706/5575810ad8b42adb7e8b5169/html5/thumbnails/23.jpg)
Conclusions• IPv6 is on your box – Configure it or kill it (if possible)
• IPv6 is on your network– IPv4 security controls are not enough– Topera
![Page 24: Hachetetepé dos puntos SLAAC SLAAC](https://reader035.vdocuments.mx/reader035/viewer/2022062706/5575810ad8b42adb7e8b5169/html5/thumbnails/24.jpg)
Conclusions
FEAR (the EVIL) FOCA!
![Page 25: Hachetetepé dos puntos SLAAC SLAAC](https://reader035.vdocuments.mx/reader035/viewer/2022062706/5575810ad8b42adb7e8b5169/html5/thumbnails/25.jpg)
Thanks to• THC (The Hacking Choice)– Included in Back Track– Parasite6– Redir6– Flood_router6– …..
• Scappy
![Page 26: Hachetetepé dos puntos SLAAC SLAAC](https://reader035.vdocuments.mx/reader035/viewer/2022062706/5575810ad8b42adb7e8b5169/html5/thumbnails/26.jpg)
…and some last words