knockin' on ipv6 doors - hack in paris · there's a significant mistmatch beween ipv4 and...
TRANSCRIPT
![Page 1: Knockin' on IPv6 Doors - Hack In Paris · There's a significant mistmatch beween IPv4 and IPv6 security policies Previous studies suggested that fewer controls were enforced on IPv6](https://reader036.vdocuments.mx/reader036/viewer/2022062505/5eb99683b179e00de973d4b0/html5/thumbnails/1.jpg)
Fernando Gont
Knockin' on IPv6 Doors
Hack In Paris 2018Paris, France. June 25-29, 2018
![Page 2: Knockin' on IPv6 Doors - Hack In Paris · There's a significant mistmatch beween IPv4 and IPv6 security policies Previous studies suggested that fewer controls were enforced on IPv6](https://reader036.vdocuments.mx/reader036/viewer/2022062505/5eb99683b179e00de973d4b0/html5/thumbnails/2.jpg)
© 2018 SI6 Networks. All rights reservedHack in Paris 2018Paris, France. June 25-29, 2018
About...
● Security Researcher and Consultant at SI6 Networks● Published:
● 30 IETF RFCs (10+ on IPv6)● 10+ active IETF Internet-Drafts
● Author of the SI6 Networks' IPv6 toolkit● https://www.si6networks.com/tools/ipv6toolkit
● More information at: https://www.gont.com.ar
![Page 3: Knockin' on IPv6 Doors - Hack In Paris · There's a significant mistmatch beween IPv4 and IPv6 security policies Previous studies suggested that fewer controls were enforced on IPv6](https://reader036.vdocuments.mx/reader036/viewer/2022062505/5eb99683b179e00de973d4b0/html5/thumbnails/3.jpg)
© 2018 SI6 Networks. All rights reservedHack in Paris 2018Paris, France. June 25-29, 2018
How I lost my voice :-)
![Page 4: Knockin' on IPv6 Doors - Hack In Paris · There's a significant mistmatch beween IPv4 and IPv6 security policies Previous studies suggested that fewer controls were enforced on IPv6](https://reader036.vdocuments.mx/reader036/viewer/2022062505/5eb99683b179e00de973d4b0/html5/thumbnails/4.jpg)
Congreso de Seguridad en Computo 2011 4Hack in Paris 2018Paris, France. June 25-29, 2018
© 2018 SI6 Networks. All rights reserved
Introduction
![Page 5: Knockin' on IPv6 Doors - Hack In Paris · There's a significant mistmatch beween IPv4 and IPv6 security policies Previous studies suggested that fewer controls were enforced on IPv6](https://reader036.vdocuments.mx/reader036/viewer/2022062505/5eb99683b179e00de973d4b0/html5/thumbnails/5.jpg)
© 2018 SI6 Networks. All rights reservedHack in Paris 2018Paris, France. June 25-29, 2018
So... what is this “IPv6” thing about?
● It addresses the problem of IPv4 address exhaustion● Employs 128-bit addresses (vs. IPv4's 32-bit addresses)● Provides the same service as IPv4● It is not backwards-compatible with IPv4
![Page 6: Knockin' on IPv6 Doors - Hack In Paris · There's a significant mistmatch beween IPv4 and IPv6 security policies Previous studies suggested that fewer controls were enforced on IPv6](https://reader036.vdocuments.mx/reader036/viewer/2022062505/5eb99683b179e00de973d4b0/html5/thumbnails/6.jpg)
© 2018 SI6 Networks. All rights reservedHack in Paris 2018Paris, France. June 25-29, 2018
So... what is this “IPv6” thing about? (II)
● For every domain name, the DNS may contain ● A resource records (IPv4 addresses)● AAAA (Quad-A) resource records (IPv6 addresses)
● Hosts may query for A and/or AAAA resource records according different criteria
● Based on a number of factors, IPv6 and/or IPv4 could be employed
![Page 7: Knockin' on IPv6 Doors - Hack In Paris · There's a significant mistmatch beween IPv4 and IPv6 security policies Previous studies suggested that fewer controls were enforced on IPv6](https://reader036.vdocuments.mx/reader036/viewer/2022062505/5eb99683b179e00de973d4b0/html5/thumbnails/7.jpg)
© 2018 SI6 Networks. All rights reservedHack in Paris 2018Paris, France. June 25-29, 2018
Deployment: Current state of affairs
![Page 8: Knockin' on IPv6 Doors - Hack In Paris · There's a significant mistmatch beween IPv4 and IPv6 security policies Previous studies suggested that fewer controls were enforced on IPv6](https://reader036.vdocuments.mx/reader036/viewer/2022062505/5eb99683b179e00de973d4b0/html5/thumbnails/8.jpg)
Congreso de Seguridad en Computo 2011 8Hack in Paris 2018Paris, France. June 25-29, 2018
© 2018 SI6 Networks. All rights reserved
IPv4/IPv6 Security Polices
![Page 9: Knockin' on IPv6 Doors - Hack In Paris · There's a significant mistmatch beween IPv4 and IPv6 security policies Previous studies suggested that fewer controls were enforced on IPv6](https://reader036.vdocuments.mx/reader036/viewer/2022062505/5eb99683b179e00de973d4b0/html5/thumbnails/9.jpg)
© 2018 SI6 Networks. All rights reservedHack in Paris 2018Paris, France. June 25-29, 2018
IPv4/IPv6 Security Policies
● IPv6 and IPv4 are two different network-layer protocols● Such policies are typically configured independently of each other
● No unified rules for both network protocols● Very prone for policy mismatches
● Security policies are expected to be the same for both protocols● But...are they?
![Page 10: Knockin' on IPv6 Doors - Hack In Paris · There's a significant mistmatch beween IPv4 and IPv6 security policies Previous studies suggested that fewer controls were enforced on IPv6](https://reader036.vdocuments.mx/reader036/viewer/2022062505/5eb99683b179e00de973d4b0/html5/thumbnails/10.jpg)
Congreso de Seguridad en Computo 2011 10Hack in Paris 2018Paris, France. June 25-29, 2018
© 2018 SI6 Networks. All rights reserved
Our Experiment
![Page 11: Knockin' on IPv6 Doors - Hack In Paris · There's a significant mistmatch beween IPv4 and IPv6 security policies Previous studies suggested that fewer controls were enforced on IPv6](https://reader036.vdocuments.mx/reader036/viewer/2022062505/5eb99683b179e00de973d4b0/html5/thumbnails/11.jpg)
© 2018 SI6 Networks. All rights reservedHack in Paris 2018Paris, France. June 25-29, 2018
What we did
● Study the filtering policies for different types of nodes:● Web servers● Name servers● Mail servers● Routers
● For different types of organizations● Companies● Non-profits● Educational
● Compare the policies for IPv4 and IPv6
![Page 12: Knockin' on IPv6 Doors - Hack In Paris · There's a significant mistmatch beween IPv4 and IPv6 security policies Previous studies suggested that fewer controls were enforced on IPv6](https://reader036.vdocuments.mx/reader036/viewer/2022062505/5eb99683b179e00de973d4b0/html5/thumbnails/12.jpg)
© 2018 SI6 Networks. All rights reservedHack in Paris 2018Paris, France. June 25-29, 2018
Some specific questions to be answered
● What's the typical number of addresses in IPv4 vs. IPv6?● Are there mistmatches in the security policies for...
● different IPv4 addresses?● different IPv6 addresses?● IPv4 vs. IPv6 addresses?
● Are IPv6 security policies...● stricter or more relaxed than those IPv4?● or are them just different?
![Page 13: Knockin' on IPv6 Doors - Hack In Paris · There's a significant mistmatch beween IPv4 and IPv6 security policies Previous studies suggested that fewer controls were enforced on IPv6](https://reader036.vdocuments.mx/reader036/viewer/2022062505/5eb99683b179e00de973d4b0/html5/thumbnails/13.jpg)
Congreso de Seguridad en Computo 2011 13Hack in Paris 2018Paris, France. June 25-29, 2018
© 2018 SI6 Networks. All rights reserved
Identifying Targets
![Page 14: Knockin' on IPv6 Doors - Hack In Paris · There's a significant mistmatch beween IPv4 and IPv6 security policies Previous studies suggested that fewer controls were enforced on IPv6](https://reader036.vdocuments.mx/reader036/viewer/2022062505/5eb99683b179e00de973d4b0/html5/thumbnails/14.jpg)
© 2018 SI6 Networks. All rights reservedHack in Paris 2018Paris, France. June 25-29, 2018
Leveraging search engines
● script6 of SI6 Networks' IPv6 Toolkit leverages "Bing"
● Simple implementation:● Specify site● Iterate through results pages● Use letters and/o numbers in search string to shield different results
● Example:
script6 get-bing navy.mil
![Page 15: Knockin' on IPv6 Doors - Hack In Paris · There's a significant mistmatch beween IPv4 and IPv6 security policies Previous studies suggested that fewer controls were enforced on IPv6](https://reader036.vdocuments.mx/reader036/viewer/2022062505/5eb99683b179e00de973d4b0/html5/thumbnails/15.jpg)
© 2018 SI6 Networks. All rights reservedHack in Paris 2018Paris, France. June 25-29, 2018
Leveraging search engines (II)
● Results improve with the help of a dictionary● Example:
script6 get-bing-dict navy.mil english.dic
![Page 16: Knockin' on IPv6 Doors - Hack In Paris · There's a significant mistmatch beween IPv4 and IPv6 security policies Previous studies suggested that fewer controls were enforced on IPv6](https://reader036.vdocuments.mx/reader036/viewer/2022062505/5eb99683b179e00de973d4b0/html5/thumbnails/16.jpg)
Congreso de Seguridad en Computo 2011 19Hack in Paris 2018Paris, France. June 25-29, 2018
© 2018 SI6 Networks. All rights reserved
Results
![Page 17: Knockin' on IPv6 Doors - Hack In Paris · There's a significant mistmatch beween IPv4 and IPv6 security policies Previous studies suggested that fewer controls were enforced on IPv6](https://reader036.vdocuments.mx/reader036/viewer/2022062505/5eb99683b179e00de973d4b0/html5/thumbnails/17.jpg)
© 2018 SI6 Networks. All rights reservedHack in Paris 2018Paris, France. June 25-29, 2018
Typical number of addresses per domain
![Page 18: Knockin' on IPv6 Doors - Hack In Paris · There's a significant mistmatch beween IPv4 and IPv6 security policies Previous studies suggested that fewer controls were enforced on IPv6](https://reader036.vdocuments.mx/reader036/viewer/2022062505/5eb99683b179e00de973d4b0/html5/thumbnails/18.jpg)
© 2018 SI6 Networks. All rights reservedHack in Paris 2018Paris, France. June 25-29, 2018
Policy mismatches across address families
![Page 19: Knockin' on IPv6 Doors - Hack In Paris · There's a significant mistmatch beween IPv4 and IPv6 security policies Previous studies suggested that fewer controls were enforced on IPv6](https://reader036.vdocuments.mx/reader036/viewer/2022062505/5eb99683b179e00de973d4b0/html5/thumbnails/19.jpg)
© 2018 SI6 Networks. All rights reservedHack in Paris 2018Paris, France. June 25-29, 2018
Open ports on IPv4/IPv6 (cumulative)
![Page 20: Knockin' on IPv6 Doors - Hack In Paris · There's a significant mistmatch beween IPv4 and IPv6 security policies Previous studies suggested that fewer controls were enforced on IPv6](https://reader036.vdocuments.mx/reader036/viewer/2022062505/5eb99683b179e00de973d4b0/html5/thumbnails/20.jpg)
© 2018 SI6 Networks. All rights reservedHack in Paris 2018Paris, France. June 25-29, 2018
Open ports (differential)
![Page 21: Knockin' on IPv6 Doors - Hack In Paris · There's a significant mistmatch beween IPv4 and IPv6 security policies Previous studies suggested that fewer controls were enforced on IPv6](https://reader036.vdocuments.mx/reader036/viewer/2022062505/5eb99683b179e00de973d4b0/html5/thumbnails/21.jpg)
25Hack in Paris 2018Paris, France. June 25-29, 2018
© 2018 SI6 Networks. All rights reserved
Conclusions
![Page 22: Knockin' on IPv6 Doors - Hack In Paris · There's a significant mistmatch beween IPv4 and IPv6 security policies Previous studies suggested that fewer controls were enforced on IPv6](https://reader036.vdocuments.mx/reader036/viewer/2022062505/5eb99683b179e00de973d4b0/html5/thumbnails/22.jpg)
© 2018 SI6 Networks. All rights reservedHack in Paris 2018Paris, France. June 25-29, 2018
Some conclusions
● There's a significant mistmatch beween IPv4 and IPv6 security policies
● Previous studies suggested that fewer controls were enforced on IPv6
● Ours suggest that IPv4 and IPv6 policies are just different● there are also minor mistmatches between different IPv6 addresses!
![Page 23: Knockin' on IPv6 Doors - Hack In Paris · There's a significant mistmatch beween IPv4 and IPv6 security policies Previous studies suggested that fewer controls were enforced on IPv6](https://reader036.vdocuments.mx/reader036/viewer/2022062505/5eb99683b179e00de973d4b0/html5/thumbnails/23.jpg)
27Hack in Paris 2018Paris, France. June 25-29, 2018
© 2018 SI6 Networks. All rights reserved
Questions?
![Page 24: Knockin' on IPv6 Doors - Hack In Paris · There's a significant mistmatch beween IPv4 and IPv6 security policies Previous studies suggested that fewer controls were enforced on IPv6](https://reader036.vdocuments.mx/reader036/viewer/2022062505/5eb99683b179e00de973d4b0/html5/thumbnails/24.jpg)
© 2018 SI6 Networks. All rights reservedHack in Paris 2018Paris, France. June 25-29, 2018
Thanks!
Fernando Gont
IPv6 Hackers mailing-listhttp://www.si6networks.com/community/
www.si6networks.com