MITM All The IPv6 Things

DEF CON 21

Presented by: Brent Bandelgar, Scott Behrens
Date: Friday August 02, 2013
Time: 14:00 - 14:20
Location: Track 2
Track: Track 2

Back in 2011, Alec Waters demonstrated how to overlay a malicious IPv6 network on top of an IPv4-only network, so that an attacker can carry out man-in-the-middle attacks on IPv4 traffic and subvert the assumed end to end security model. This attack is potentially powerful but requires involves a complex series of manual system configuration and setup activities, including the use of experimental and since-deprecated techniques. In addition, technology updates rendered Waters' implementation of the attack ineffective on certain platforms, such as Windows 8.

We reviewed the attack and tried it against current operating systems. We found configuration updates were needed to make it work against Windows 8 hosts and have packaged our setup into a script called "Sudden Six" to make launching the attack quick and painless. This attack now works against a variety of different platforms and operating systems, which will allow you to man-in-the-middle IPv6 traffic in record time.

This talk will discuss how the attack works as well as discuss our automation strategy and some pitfalls we uncovered. The "Sudden Six" configuration utility will be released and a demonstration of the attack against Windows 8 will be provided.

Scott Behrens

Scott Behrens (@HelloArbit) is currently employed as a senior security consultant at Neohapsis and an adjunct professor at DePaul University. An avid coder and researcher, he has contributed to a number of open source tools for both attack and defense. Scott Behrens is the co-developer of NeoPI, a framework to aid in the detection of obfuscated malware. Scott also co-developed BBQSQL, a rapid blind sql injection exploitation framework. Scott has presented security research at DEF CON, DerbyCon, Security Forum Hagenberg, Security B-sides Chicago, and ISACA Milwaukee. Scott has also published security white papers for InformationWeek magazine, the Infosec Institute, and the Neohapsis blog.

Brent Bandelgar

Brent Bandelgar is an Associate Security Consultant at Neohapsis, focused on delivering network penetration testing, application security assessments, and security architecture. Prior to Neohapsis, Brent was a member of the Apple Consultants Network delivering managed IT services and custom solutions centered on the Apple Mac OS X and iOS platforms. Brent has extensive background in developing and supporting Web applications in PHP as well as tools in Bash and Python. Brent Bandelgar holds a Master's of Science in Network Security from DePaul University as well as the Apple Certified System Administrator and Mobile Technical Competency certifications from Apple, Inc.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats