Abstract
In this paper we discuss the impact the use of IPv6 has on remote penetration testing of servers and web applications. Several modifications to the penetration testing process are proposed to accommodate IPv6. Among these modifications are ways of performing fragmentation attacks, host discovery and brute-force protection. We also propose new checks for IPv6-specific vulnerabilities, such as bypassing firewalls using extension headers and reaching internal hosts through available transition mechanisms.
The changes to the penetration testing process proposed in this paper can be used by security companies to make their penetration testing process applicable to IPv6 targets.
Keywords
- IPv6
- security
- penetration testing
- host discovery
- transition mechanisms
Download conference paper PDF
References
Abley, J., Savola, P., Neville-Neil, G.: Deprecation of type 0 routing headers in IPv6 (December 2007), http://tools.ietf.org/html/rfc5095
APNIC: APNIC IPv4 address pool reaches final /8 (April 2011), http://www.apnic.net/publications/news/2011/final-8
Atlasis, A.: Attacking ipv6 implementation using fragmentation (March 2012), http://media.blackhat.com/bh-eu-12/Atlasis/bh-eu-12-Atlasis-Attacking_IPv6-WP.pdf
Bernstein, D.: Breaking dnssec (August 2009), http://cr.yp.to/talks/2009.08.10/slides.pdf
Biondi, P., Ebalard, A.: IPv6 routing header security (April 2007), http://cansecwest.com/csw07/csw07-ebalard-biondi.pdf
Certified Secure: Certified Secure Checklists, https://www.certifiedsecure.com/checklists/
Chown, T.: RFC 5157: IPv6 implications for network scanning (March 2008), http://www.rfc-editor.org/rfc/rfc5157.txt
Davies, E., Krishnan, S., Savola, P.: IPv6 transition/coexistence security considerations (September 2007), http://tools.ietf.org/html/rfc4942
van Dijk, P.: Finding v6 hosts by efficiently mapping ip6.arpa. (March 2012), http://7bits.nl/blog/2012/03/26/finding-v6-hosts-by-efficiently-mapping-ip6-arpa
Gont, F.: Results of a security assessment of the internet protocol version 6 (September 2011), http://www.si6networks.com/presentations/hacklu2011/fgont-hacklu2011-ipv6-security.pdf
Gont, F.: Security implications of ipv6 on ipv4 networks (April 2012), http://www.ietf.org/id/draft-gont-opsec-ipv6-implications-on-ipv4-nets-00.txt
Gont, F., Manral, V.: Security and interoperability implications of oversized ipv6 header chains (April 2012), http://tools.ietf.org/html/gont-6man-oversized-header-chain-01
Herzog, P.: The Open Source Security Testing Methodology Manual. In: ISECOM (2010)
Heuse, M.: Recent advances in IPv6 insecurities (December 2010), http://events.ccc.de/congress/2010/Fahrplan/events/3957.en.html
Heuse, M.: Vulnerabilities, failures - and a future? (November 2011), http://www.mh-sec.de/downloads/mh-ipv6_vulnerabilities.pdf
Hinden, R., Deering, S.: RFC 4291: IP version 6 addressing architecture (February 2006), http://tools.ietf.org/html/rfc4291
Huston, G.: Active BGP entries (FIB), http://bgp.potaroo.net/v6/as2.0/index.html
Kaps, R.: Ipv6: Privacy extensions einschalten (March 2011), http://www.heise.de/netze/artikel/IPv6-Privacy-Extensions-einschalten-1204783.html
Krishnan, S.: RFC 5722 - Handling of overlapping IPv6 fragments (December 2009), http://tools.ietf.org/html/rfc5722
Laurie, B., Sisson, G., Arends, R., Blacka, D.: RFC 5155: DNS security (DNSSEC) hashed authenticated denial of existence (March 2008), http://tools.ietf.org/html/rfc5155
Malone, D.: Observations of IPv6 Addresses. In: Claypool, M., Uhlig, S. (eds.) PAM 2008. LNCS, vol. 4979, pp. 21–30. Springer, Heidelberg (2008)
Manral, V.: Tiny fragments in ipv6. (February 2012), http://tools.ietf.org/html/draft-manral-6man-tiny-fragments-issues-00
Narten, T., Draves, R., Krishnan, S.: RFC 4941: Privacy extensions for stateless address autoconfiguration in IPv6 (September 2007), http://tools.ietf.org/html/rfc4941
Narten, T., Huston, G., Roberts, L.: RFC 6177 - IPv6 address assignments to end sites (March 2011), http://tools.ietf.org/html/rfc6177
NCC, R.: IPv4 exhaustion (2012), http://www.ripe.net/internet-coordination/ipv4-exhaustion
OWASP: OWASP top ten (2010), https://www.owasp.org/index.php/Top_10_2010
PTES: The Penetration Testing Execution Standard (2012), http://www.pentest-standard.org/
Saindane, M.S.: Penetration testing – a systematic approach. Tech. rep., infosecwriters.com (2006)
Scarfone, K., Souppaya, M., Cody, A., Orebaugh, A.: Technical guide to information security testing and assessment. Tech. rep., NIST (2008)
SURFnet: IPv6 numberplan (February 2011), http://www.surfnet.nl/nl/nieuws/Pages/HandleidingIPv6-nummerplanverschenen.aspx
Vyncke, E.: IPv6 Security. Cisco Press (2009)
Wai, C.T.: Conducting a penetration test on an organization (2002), http://www.sans.org/reading_room/whitepapers/auditing/conducting-penetration-test-organization_67
Ytti, S.: IPv6 ACL bypass (August 2011), http://blog.ip.fi/2011/08/ipv6-acl-bypass.html
Ziemba, G., Reed, D., Traina, P.: RFC 1858 - security considerations for IP fragment filtering (October 1995), http://tools.ietf.org/html/rfc1858
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 IFIP International Federation for Information Processing
About this paper
Cite this paper
Ottow, C., van Vliet, F., de Boer, PT., Pras, A. (2012). The Impact of IPv6 on Penetration Testing. In: Szabó, R., Vidács, A. (eds) Information and Communication Technologies. EUNICE 2012. Lecture Notes in Computer Science, vol 7479. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-32808-4_9
Download citation
DOI: https://doi.org/10.1007/978-3-642-32808-4_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-32807-7
Online ISBN: 978-3-642-32808-4
eBook Packages: Computer ScienceComputer Science (R0)
