if you don't understand the protocol. IPv6 provides interesting opportunities if you understand the protocol.(evading defenses, exploiting flaws) Many organizations assume that they don't have IPV6 deployed when infact IPV6 is enabled by default. Many organizations that deployed/acknowledge IPv6 have poor IPV6 security measures.
addressing; no NAT anymore! Fragmentation only by the source host Routers do not calculate header checksum (speedup!) Multicasting instead of broadcasting Built-in security mechanisms Single control protocol (ICMPv6) Auto-configuration Modular headers structure Fixed header length
classified based on the prefix. Addresses that start with fe80 are link-local unicast addresses(fe80::/10) Addresses that start with ff00 are multicast addresses(ff00::/8)
was completely random without a pattern/prefix the search space would be: 2^128 = 340,282,366,920,938,000,000,000,000,000,000,000,000 say what!!?? But that's not how IPV6 addresses work. IPv6 addresses are logical & hierarchical(even more so than IPv4)
of an IPv6 address is the Interface ID(IID). The search space at this point equals the maximum number of nodes possible per subnet: 2^64 = 18,446,744,073,709,551,616 Brute force scanning is infeasible, to say the least If we could find a pattern to the assignment of Interface Identifiers, we could possibly narrow down our search!
host facebook.com facebook.com has address 157.240.7.35 facebook.com has IPv6 address 2a03:2880:f10c:83:face:b00c:0:25de facebook.com mail is handled by 10 msgin.vvv.facebook.com.
search space to 2^48. OUIs are limited and are publicly available, a clever list of OUIs will reduce the search space to almost 2^24 Making matters worse, hardware brought togeather tend to have sequential MAC addresses, reducing the search further.
(mostly) SLAAC: Modified EUI-64 Interface ID is derived from MAC Users and when moving between networks, network prefixes are changing but interface ID remains constant over time! User can be identified and tracked!
Semantically Opaque Interface Identifiers with IPv6 Stateless Address Autoconfiguration (SLAAC) Basically.. Create an IID from network specific data with some crypto which results in an IID that is random, stays the same for a network but changes on a different network.
neigh show dev vboxnet0 fe80::a00:27ff:fe3f:3acd lladdr 08:00:27:3f:3a:cd STALE 2001:d:0:1::1 lladdr 08:00:27:f2:ee:ae router REACHABLE fe80::a00:27ff:fef2:eeae lladdr 08:00:27:f2:ee:ae router STALE
-n 2001:d:0:1::0/126 Starting Nmap 6.40 ( http://nmap.org ) at 2016-12-15 19:43 IST ... snipped ... Nmap scan report for 2001:d:0:1::1 Host is up (0.00033s latency). Scanned at 2016-12-15 19:42:01 IST for 0s Not shown: 999 closed ports PORT STATE SERVICE 22/tcp open ssh Nmap scan report for 2001:d:0:1::2 Host is up (0.092s latency). All 1000 scanned ports on 2001:d:0:1::2 are filtered Nmap scan report for 2001:d:0:1::3 Host is up (0.00031s latency).
Used to make Linux/BSD act as IPv6 router. It sends Router Advertisement messages as specified by RFC 2461. # You have to enable IP forwarding # Uncomment the following line in /etc/sysctl.conf net.ipv6.conf.all.forwarding=1 sudo apt-get install radvd # Install radvd # Basic radvd config file /etc/radvd.conf interface eth0 { AdvSendAdvert on;