We’ve just released a whitepaper discussing the behavior of different operating systems once they receive IPv6 configuration parameters from different sources. For that purpose a number of lab tests were conducted. Continue reading “IPv6 Router Advertisement Flags, RDNSS and DHCPv6 Conflicting Configurations”
Continue readingPractical IPv6 Troubleshooting while Setting up the Troopers Network
Hello Everyone,
Troopers is right around the corner and as I am responsible for the whole conference network I wanted to make sure that everything is working as expected. I went to the venue on Friday because of two things I wanted/needed to setup. Compared to last year’s setup we had a couple of changes in regards to the provider connection (resulting in some changes for our network setup). First, we now have a rather big pipe for the uplink and more importantly (well that depends on the point of view ;)) there is a native IPv6 connection. Before that I had to tunnel all IPv6 traffic from the venue to one of our gateways and to forward it out (as native IPv6) from there. As this step isn’t necessary anymore, and the staff on the venue isn’t that experienced with IPv6, I had in mind to setup and verify that IPv6 is working as desired. The router used over there is a Mikrotek Routerboard. As I haven’t worked with these devices before, I was curious whether everything works as it should ;).
After configuring the IPv6 address on the WAN interface I tried to install a default route pointing to the uplink’s Global Unicast Address. But to my surprise, the Mikrotek router kept stating that the next hop was unreachable. This was odd, as the provider’s device was happily answering to pings from the Mikrotek’s command line. Additionally, the Mikrotek router does not install a route when it can’t reach the next hop configured (which is actually not that bad as it at least prevents fat fingering the address). It still didn’t make any sense. After googling around (I found the Mikrotek documentation a little bit lackluster) and trying some other things it still didn’t work. As a last resort, I told myself “screw it and let’s try with the link local address of the provider router”, but how do I get this address as I only was provided with the GUA? Right, looking at the Neighbor Cache of the Mikrotek router I was able to quickly find the link local address of the next hop.
After using this address (together with the interface) as the next hop it started working, by magic. At least I can now sleep better as it is one less thing I have to worry about ;).
Moral of the story: Still in 2015 don’t expect a device to behave like it should when it comes to IPv6. Unfortunately, I wasn’t able to follow this strange behavior up due to time constraints, but it is working and you can enjoy for the first time native IPv6 in the conference network.
If you want to know more about the general conference setup please stop by for my talk at the IPv6 Security Summit.
See you all in a week!
Best,
Christopher
Continue readingAn MLD Testing Methodology
Based on recent research in the ERNW IPv6 lab and with our MLD talk looming we’ve put together a (as we think) comprehensive document discussing how to thoroughly test MLD implementations in various components (network devices or servers/clients). We hope it can contribute to a better understanding of the protocol and that it can serve as either a checklist for your own environment or as a source of inspiration for researchers looking at MLD themselves.
Continue reading “An MLD Testing Methodology”
Continue readingA Chiron Workshop at the IPv6 Security Summit of Troopers 15
This is a guest post from Antonios Atlasis.
Last year, during the IPv6 Security Summit of Troopers 14 I had the pleasure to present publicly, for first time, my IPv6 Penetration Testing / Security Assessment framework called Chiron, while later, it was also presented at Brucon 14 as part of the 5×5 project. This year, I am returning back to the place where it all started, to the beautiful city of Heidelberg to give another workshop about Chiron at the IPv6 Security Summit of Troopers 15. But, is it just another workshop with the known Chiron features or has something changed?
I would say a lot :). The most significant enhancements are described below.
Continue reading “A Chiron Workshop at the IPv6 Security Summit of Troopers 15”
Continue readingBug Hunting for the Man on the Street
This is a guest post from Vladimir Wolstencroft, to provide some details of his upcoming #TR15 talk.
What do you get when you combine a security appliance vendor, a bug bounty program, readily available virtualised machines, a lack of understanding of best security practices and broken crypto?
Ownage, a good story and maybe even that bounty…
Continue reading “Bug Hunting for the Man on the Street”
Continue readingWhat to Do Today if You Want to Deploy IPv6 Tomorrow
Today I gave a talk with said title in a private setting. Assuming the content might be of interest for some of you, we published the slides here.
As always we’re happy to receive comments or feedback.
Cheers
Enno
Continue readingThe Dangers of x86 Emulation: Xen XSA 110 and 105
Developing a secure and feature rich hypervisor is no easy task. Recently, the open source Xen hypervisor was affected by two interesting vulnerabilities involving its x86 emulation code: XSA 110 and XSA 105. Both bugs show that the attack surface of hypervisors is often larger than expected. XSA 105 was originally reported by Andrei Lutas from BitDefender. The patch adds missing privilege checks to the emulation routines of several critical system instructions including LGDT and LIDT. The vulnerable code can be reached from unprivileged user code running inside hardware virtual machine (HVM) guests and can be used to escalate guest privileges. XSA 110 was reported by Jan Beulich from SUSE and concerns insufficient checks when emulating long jumps, calls or returns.
Continue reading “The Dangers of x86 Emulation: Xen XSA 110 and 105”
Continue readingAnother Talk Added to Troopers15 TelcoSecDay
We have pretty much finalized the agenda for the Troopers TelcoSecDay and here’s another cool talk (the others can be found here, here and here):
Continue reading “Another Talk Added to Troopers15 TelcoSecDay”
Continue readingTroopers TelcoSecDay – Next Talks (II)
Hi,
in addition to those recently announced and these, we’ve identified three more suitable talks for the TelcoSecDay 
.
Continue reading “Troopers TelcoSecDay – Next Talks (II)”
Continue readingHow to go ahead with future end of life Windows (2003) Servers
Server operating systems with an OS, for which vendor support has ended, come with many risks that have to be considered and addressed. The primary goal should be always to decommission or migrate the majority of end-of-life (EoL) servers to OS versions, supported by the vendor. Here it should be noted that a migration to an up-to-date OS should be preferably done before your organization enters the end of life of that software 😉
However, it must be considered that a number of servers cannot be migrated or shut down (easily) and must remain operational and accessible. Based on a customer project in 2014 we developed a high-level security concept for the secure operation of end-of-life Windows servers. We published this concept in our latest newsletter. You will find it here (https://www.ernw.de/download/newsletter/ERNW_Newsletter_47_Security_Concept_for_End-of-Life_Windows_Servers_signed.pdf)
Continue reading “How to go ahead with future end of life Windows (2003) Servers”
Continue reading