After the first “IPv6 Hackers Meeting” held two years ago in Berlin, Fernando Gont kindly organized a similar event in Prague last week.
Continue reading “IPv6 Hackers Meeting @ IETF 93 in Prague”
Continue readingAuthor: Enno Rey
Reflections on Vulnerability Disclosure
In this post I’ll discuss some aspects of vulnerability disclosure. I don’t want to delve into an abstract & general discussion of vulnerability disclosure (for those interested here’s some discussion in the context of Google’s Project Zero, this is the well-known CERT/CC approach, this a paper from WEIS 2006 laying out some variants, and finally some statement by Bruce Schneier back in 2007). Instead I will lay out which approach we followed in the past (and why we did so) and which developments make us consider it necessary to re-think our way of handling. The post is not meant to provide definitive answers; it was also written not least to provide clarity for ourselves (“write down a problem in order to better penetrate it”) and, maybe, to serve as a starting point for a discussion which will help the community (and us) to find a position on some of the inherent challenges.
Continue reading “Reflections on Vulnerability Disclosure”
Continue readingEvasion of Cisco ACLs by (Ab)Using IPv6 – Part 2
When we wrote our initial blogpost regarding the evasion of Cisco ACLs by (Ab)Using IPv6, where we described (known to Cisco) cases of Access Control Lists (ACL) circumvention, we also suggested some mitigation techniques including the blocking of some (if not all) IPv6 Extension Headers.
Almost a month later, we got a comment from Matej Gregr that, even if the ACLs of certain Cisco Switches are configured to block IPv6 Extension headers like Hop-by-Hop or Destination Options headers, this does not actually happen/work as expected. Of course this made us re-visit the lab in the interim ;-).
Continue reading “Evasion of Cisco ACLs by (Ab)Using IPv6 – Part 2”
Continue readingIPv6 Adress Planning / Some Notes
In the course of a customer project I recently documented some thoughts and general objectives of IPv6 address planning, expanding on stuff I wrote a while ago in the series on “Address Plan Considerations”. An excerpt of that (newer) document can be found here. Due to the context it originates from it’s in German, still I hope it’s useful for some readers.
If you’re interested in the topic it might be a good idea to listen to Tom Coffeen‘s talk at the upcoming IPv6 Business Conference, too.
Everybody have a great day
Enno
Continue readingIs IPv6 more Secure than IPv4? Or Less?
Scott Hogg recently (in his post “Holding IPv6 Neighbor Discovery to a Higher Standard of Security“) gave the following answer:
“The security of IPv4 is roughly equivalent to IPv6. So why do we expect more from IPv6?”
While I highly value Scott’s IPv6 expertise – not least because I learned a lot about IPv6 security from the book on the topic he wrote together with Eric Vyncke – I strongly disagree with his statement, mainly with the first part. In this post I will lay out why I think that IPv6 is actually less secure than IPv4.
Continue reading “Is IPv6 more Secure than IPv4? Or Less?”
Continue readingIPv6 & Complexity
IPv6 is often called a “complex protocol”, not least by myself (for example in my keynote to the IPv6 Security Summit 2014). In this post I want to have a quick look at three questions:
– Can IPv6 be considered a “complex protocol”?
– Is it “more complex” than IPv4?
– Can we expect IPv6 networks to be “complex networks”?
Continue reading “IPv6 & Complexity”
Continue readingRIPE70 in Amsterdam
Two weeks ago Christopher and I joined the RIPE70 meeting in Amsterdam. Being part of the group was fun as always and we had quite some interesting conversations with peers from the IPv6 community.
Continue reading “RIPE70 in Amsterdam”
Continue readingOS IPv6 Behavior in Conflicting Environments
I was invited by the Swiss IPv6 Council to give a talk on this topic yesterday. We had good conversations after the talk – thanks for the invitation!
For those interested the slides can be found here. I will happily discuss the intricacies of DHCPv6 and how to deploy it in complex environments at the upcoming IPv6 Business Conference in Zurich and in my “IPv6 in Enterprise Networks” training in Berlin.
Have a great day everybody
Enno
Continue readingSI6 Networks’ IPv6 Toolkit v2.0 (Guille) released at the Troopers IPv6 Security Summit
This is a guest post from Fernando Gont.
On March 16th, 2015, at the Troopers IPv6 Security Summit, we finally released the SI6 Networks’ IPv6 Toolkit v2.0 (Guille). The aforementioned release is now available at the SI6 IPv6 Toolkit homepage. It is the result of over a year of work, and includes improvements in the following areas:
Continue readingTroopers15 Videos Online
We’ve just published the videos from TROOPERS15. The playlist can be found here.
Thanks! again to everybody for joining us in Heidelberg. We had a great time with you 😉
Have a good weekend,
Enno
Continue reading