fear the evil foca attacking internet connections with ipv6 n.
Download
Skip this Video
Download Presentation
Fear the Evil FOCA Attacking Internet Connections with IPv6

Loading in 2 Seconds...

play fullscreen
1 / 62

Fear the Evil FOCA Attacking Internet Connections with IPv6 - PowerPoint PPT Presentation


  • 165 Views
  • Uploaded on

Fear the Evil FOCA Attacking Internet Connections with IPv6. Chema Alonso @ chemaAlonso chema@11paths.com. Spain is different. Spain is different. Spain is different. Spain is different. ipconfig. IPv6 is on your box!. And it works !: route print. And it works !: ping.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Fear the Evil FOCA Attacking Internet Connections with IPv6' - lona


Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
fear the evil foca attacking internet connections with ipv6

FeartheEvil FOCAAttacking Internet ConnectionswithIPv6

Chema Alonso

@chemaAlonso

chema@11paths.com

icmpv6 ndp
ICMPv6 (NDP)
  • No ARP
    • No ARP Spoofing
    • Tools anti-ARP Spoofing are useless
  • NeighborDiscoveryProtocoluses ICPMv6
    • NS: NeighborSolicitation
    • NA: NeighborAdvertisement
icmpv6 slaac
ICMPv6: SLAAC
  • StatelessAddress Auto Configuration
  • Devicesaskforrouters
  • Routerspublictheir IPv6 Address
  • Devices auto-configure IPv6 and Gateway
    • RS: RouterSolicitation
    • RA: RouterAdvertisement
windows behavior
Windows Behavior
  • IPv4 & IPv6 (bothfullyconfigured)
    • DNSv4 queries A & AAAA
  • IPv6 Only (IPv4 notfullyconfigured)
    • DNSv6 queries A
  • IPv6 & IPv4 Local Link
    • DNSv6 queries AAAA
webproxy autodiscovery
WebProxyAutoDiscovery
  • Automaticconfiguation of Web Proxy Servers
  • Web Browsers searchfor WPAD DNS record
  • Connectto Server and downloadWPAD.pac
  • Configure HTTP connectionsthrough Proxy
wpad attack
WPAD Attack
  • Evil FOCA configures DNS Answersfor WPAD
  • Configures a Rogue Proxy Server listening in IPv6 network
  • Re-routeall HTTP (IPv6) connectionsto Internet (IPv4)
http s connections
HTTP-s Connections
  • SSL Strip
    • Remove “S” from HTTP-s links
  • SSL Sniff
    • Use a Fake CA tocreatedynamiclyFakeCA
  • Bridging HTTP-s
    • Between Server and Evil FOCA -> HTTP-s
    • BetweenEvil FOCA and victim -> HTTP
  • Evil FOCA does SSL Strip and Briding HTTP-s (so far)
google results page
Google Results Page
  • Evil FOCA will:
    • Take off Google Redirect
    • SSL Stripanyresult
other evil foca attacks
OtherEvil FOCA Attacks
  • MiTM IPv6
    • NA Spoofing
    • SLAAC attack
    • WPAD (IPv6)
    • Rogue DHCP
  • DOS
    • IPv6 tofake MAC using NA Spoofing (in progress)
    • SLAAC DOS using RA Storm
  • MiTM IPv4
    • ARP Spoofing
    • Rogue DHCP (in progress)
    • DHCP ACK injection
    • WPAD (IPv4)
  • DOS IPv4
    • Fake MAC to IPv4
  • DNS Hijacking
conclusions
Conclusions
  • IPv6 isonyour box
    • Configure itorkillit (ifpossible)
  • IPv6 isonyournetwork
    • IPv4 securitycontrols are notenough
    • Topera (port scanner over IPv6)
    • Slowlorisover IPv6
    • Kaspersky POD
    • Michael Lynn & CISCO GATE
    • SUDO bug (IPv6)
big thanks to
Big Thanksto
  • THC (TheHacker’sChoice)
    • Included in Back Track/Kali
    • Parasite6
    • Redir6
    • Flood_router6
    • …..
  • Scappy
enjoy evil foca
EnjoyEvil FOCA
  • http://www.informatica64.com/evilfoca/
  • Nextweek, DefconVersion at:
  • http://blog.elevenpaths.com
  • chema@11paths.com
  • @chemaalonso