fear the evil foca attacking internet connections with ipv6
Download
Skip this Video
Download Presentation
Fear the Evil FOCA Attacking Internet Connections with IPv6

Loading in 2 Seconds...

play fullscreen
1 / 62

Fear the Evil FOCA Attacking Internet Connections with IPv6 - PowerPoint PPT Presentation


  • 163 Views
  • Uploaded on

Fear the Evil FOCA Attacking Internet Connections with IPv6. Chema Alonso @ chemaAlonso [email protected] Spain is different. Spain is different. Spain is different. Spain is different. ipconfig. IPv6 is on your box!. And it works !: route print. And it works !: ping.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Fear the Evil FOCA Attacking Internet Connections with IPv6' - lona


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
icmpv6 ndp
ICMPv6 (NDP)
  • No ARP
    • No ARP Spoofing
    • Tools anti-ARP Spoofing are useless
  • NeighborDiscoveryProtocoluses ICPMv6
    • NS: NeighborSolicitation
    • NA: NeighborAdvertisement
icmpv6 slaac
ICMPv6: SLAAC
  • StatelessAddress Auto Configuration
  • Devicesaskforrouters
  • Routerspublictheir IPv6 Address
  • Devices auto-configure IPv6 and Gateway
    • RS: RouterSolicitation
    • RA: RouterAdvertisement
windows behavior
Windows Behavior
  • IPv4 & IPv6 (bothfullyconfigured)
    • DNSv4 queries A & AAAA
  • IPv6 Only (IPv4 notfullyconfigured)
    • DNSv6 queries A
  • IPv6 & IPv4 Local Link
    • DNSv6 queries AAAA
webproxy autodiscovery
WebProxyAutoDiscovery
  • Automaticconfiguation of Web Proxy Servers
  • Web Browsers searchfor WPAD DNS record
  • Connectto Server and downloadWPAD.pac
  • Configure HTTP connectionsthrough Proxy
wpad attack
WPAD Attack
  • Evil FOCA configures DNS Answersfor WPAD
  • Configures a Rogue Proxy Server listening in IPv6 network
  • Re-routeall HTTP (IPv6) connectionsto Internet (IPv4)
http s connections
HTTP-s Connections
  • SSL Strip
    • Remove “S” from HTTP-s links
  • SSL Sniff
    • Use a Fake CA tocreatedynamiclyFakeCA
  • Bridging HTTP-s
    • Between Server and Evil FOCA -> HTTP-s
    • BetweenEvil FOCA and victim -> HTTP
  • Evil FOCA does SSL Strip and Briding HTTP-s (so far)
google results page
Google Results Page
  • Evil FOCA will:
    • Take off Google Redirect
    • SSL Stripanyresult
other evil foca attacks
OtherEvil FOCA Attacks
  • MiTM IPv6
    • NA Spoofing
    • SLAAC attack
    • WPAD (IPv6)
    • Rogue DHCP
  • DOS
    • IPv6 tofake MAC using NA Spoofing (in progress)
    • SLAAC DOS using RA Storm
  • MiTM IPv4
    • ARP Spoofing
    • Rogue DHCP (in progress)
    • DHCP ACK injection
    • WPAD (IPv4)
  • DOS IPv4
    • Fake MAC to IPv4
  • DNS Hijacking
conclusions
Conclusions
  • IPv6 isonyour box
    • Configure itorkillit (ifpossible)
  • IPv6 isonyournetwork
    • IPv4 securitycontrols are notenough
    • Topera (port scanner over IPv6)
    • Slowlorisover IPv6
    • Kaspersky POD
    • Michael Lynn & CISCO GATE
    • SUDO bug (IPv6)
big thanks to
Big Thanksto
  • THC (TheHacker’sChoice)
    • Included in Back Track/Kali
    • Parasite6
    • Redir6
    • Flood_router6
    • …..
  • Scappy
enjoy evil foca
EnjoyEvil FOCA
  • http://www.informatica64.com/evilfoca/
  • Nextweek, DefconVersion at:
  • http://blog.elevenpaths.com
  • [email protected]
  • @chemaalonso
ad