Attacking and Securing IPv6 Infrastructure

Today IPv6 is available on every desktop and every server, as all operating systems since Windows XP and Linux Kernel 2.2 support IPv6. Hosting providers start to offer IPv6 addresses and networking. IPv6 is already available in corporations, e.g. all major mobile providers already support it on their backbone.

This training explains the IPv6 concentrating on the security vulnerabilities inherent in the protocol. All so far known vulnerabilities are presented and students will be able to try them all out themselves with supplied tools. Switching sides it is then explained how to secure IPv6 systems (Windows, Solaris, Linux) and especially large networks including routing and how to solve the difficult firewalling questions which arise with IPv6. New advances like SEND, new DHCP6 developments and ISATAP etc. are included.

Student Prerequisite:

Trainees must have basic knowledge in Linux, TCP/IP and IT security - the more the better.

Software Requirements:

Trainees should have a Laptop with WLAN and Linux (2.6 kernel) installed. If no Linux is available for a trainee, I will provide them with a live boot CD/DVD.

Hardware Requirements:

Internet connection, with a cable connection to my Laptop and a WLAN for the trainees and me.

Course Outline (daily basis):

Day 1

Introduction to IPv6 (the mindset behind IPv6, how does it work, what is different to IPv4, new features)

Vulnerabilities in IPv6 (problems in IP6, problems in ICMP6, mobile IPv6 vulnerabilities, tunnel and migration issues (e.g. 6to4, Teredo, ISATAP))

Hands-on time (scanning local and remote networks, performing various man-in-the-middle attacks based on ICMP6, attacking dual stack systems, mobile IPv6, etc.)

Day 2

Securing ipv6 in systems (Windows, Solaris, Linux)
Firewalling and filtering IPv6 networks
Routing in IPv6 networks
IPSEC in IPv6
Securely migrating to IPv6
DNS and IPv6