ignore security and it'll go away
Showing 26 - 50 of 72 RSS Feed

Files from Fernando Gont

Email addressfernando at gont.com.ar
First Active2005-07-23
Last Active2015-04-06
IPv6 Address Monitoring Tool 1.0
Posted Sep 14, 2012
Authored by Fernando Gont

ipv6mon is a tool for monitoring IPv6 address usage on a local network. It is meant to be particularly useful in networks that employ IPv6 Stateless Address Auto-Configuration (as opposed to DHCPv6), where address assignment is decentralized and there is no central server that records which IPv6 addresses have been assigned to which nodes during which period of time. ipv6mon employs active probing to discover IPv6 addresses in use, and determine whether such addresses remain active.

Changes: Various updates.
tags | tool, local
systems | unix
MD5 | 98f71bbf9254a35a40f290ab4572d606
Security Implications Of IPv6 On IPv4 Networks
Posted Sep 5, 2012
Authored by Fernando Gont

This document discusses the security implications of native IPv6 support and IPv6 transition/co-existence technologies on "IPv4-only" networks, and describes possible mitigations for the aforementioned issues.

tags | paper
MD5 | 33fec05af0b24563e41341f0bf06bc20
IPv6 Redirect Messages Assessment Tool 1.0
Posted Jul 6, 2012
Authored by Fernando Gont

rd-attack is a tool for finding vulnerabilities based on ICMPv6 Redirect messages.

tags | tool, vulnerability
systems | unix
MD5 | becd9b763c1be344036ba2305a9b754e
IPv6 Node Information Assessment Tool 1.0
Posted Jul 6, 2012
Authored by Fernando Gont

ni6 is a security assessment tool that exploits potential flaws in the processing of ICMPv6 Node Information messages.

tags | tool
systems | unix
MD5 | 26c798bd6b7de4fdebfc08408cab1de5
IPv6 Jumbograms Assessment Tool 1.0
Posted Jul 6, 2012
Authored by Fernando Gont

jumbov6 is a tool to assess IPv6 implementations with respect to attack vectors based on IPv6 jumbograms.

tags | tool
systems | unix
MD5 | 34d457b8a32506e0dd7cad03bc8345f6
UK CPNI IPv6 Toolkit 1.1
Posted Jul 6, 2012
Authored by Fernando Gont

This toolkit house various IPv6 tool that have been tested to compile and run on Debian GNU/Linux 6.0, FreeBSD 8.2, NetBSD 5.1, OpenBSD 5.0, and Ubuntu 11.10.

tags | tool, scanner
systems | linux, netbsd, unix, freebsd, openbsd, debian, ubuntu
MD5 | 462267262837e1e1eeaef194da4cad1c
IPv6 Address Monitoring Tool 0.1
Posted Jul 6, 2012
Authored by Fernando Gont

ipv6mon is a tool for IPv6 address monitoring on local area networks.

tags | tool, local
systems | unix
MD5 | 13c3a054cf31f677b3d9118b7a9b077b
IPv6 ICMPv6 Assessment Tool 1.0
Posted Jul 6, 2012
Authored by Fernando Gont

icmp6-attack is a tool for assessing vulnerabilities in ICMPv6 error messages.

tags | tool, vulnerability
systems | unix
MD5 | 04e663b812b818498af53c58c663f7b7
IPv6 Fragmentation Assessment Tool 1.0
Posted Jul 6, 2012
Authored by Fernando Gont

frag6 is a security assessment tool for attack vectors based on IPv6 fragmentation.

tags | tool
systems | unix
MD5 | 808da8dcc85c967f115281399fba4e64
IPv6 Flow Assessment Tool 1.0
Posted Jul 6, 2012
Authored by Fernando Gont

flow6 is a tool that performs a security assessment of the IPv6 Flow Label Field.

tags | tool
systems | unix
MD5 | d92fb5151511b56dbe25d8cd9c0ea3b7
Hacking IPv6 Networks Training Slides
Posted Jul 3, 2012
Authored by Fernando Gont

These slides are from the Hacking IPv6 Networks Training provided by SI6 networks at Hack In Paris (HIP) 2012.

tags | paper
MD5 | dc7d6ca2466f52e3113effacae564cb3
Neighbor Discovery Shield: Protecting against Neighbor Discovery Attacks
Posted Jun 7, 2012
Authored by Fernando Gont

This document specifies a mechanism that can be implemented in layer-2 devices to mitigate attack vectors based on Neighbor Discovery messages. It is meant to complement other mechanisms implemented in layer-2 devices such as Router Advertisement Guard (RA-Guard) and DHCPv6-Shield, with the goal of achieving a comprehensive IPv6 First Hop Security solution. This document is motivated by the desire to achieve feature parity with IPv4 with respect to First Hop Security mechanisms.

tags | paper
MD5 | 333569f5708db49e25c089f6a7579295
DHCPv6-Shield: Protecting Against Rogue DHCPv6 Servers
Posted May 23, 2012
Authored by Fernando Gont

This document specifies a mechanism for protecting hosts connected to a broadcast network against rogue DHCPv6 servers. The aforementioned mechanism is based on DHCPv6 packet-filtering at the layer-2 device on which the packets are received. The aforementioned mechanism has been widely deployed in IPv4 networks ('DHCP snooping'), and hence it is desirable that similar functionality be provided for IPv6 networks.

tags | paper
MD5 | 56f4a21ac08ccb68e395b2dfbaf811cb
Security Implicaitons Of IPv6 On IPv4 Networks
Posted Apr 24, 2012
Authored by Fernando Gont

This document discusses the security implications of native IPv6 support and IPv6 transition/co-existence technologies on "IPv4-only" networks, and describes possible mitigations for the aforementioned issues.

tags | paper
MD5 | 4c30e6e9159627379ef776d8274b192d
Host Scanning In IPv6 Networks
Posted Apr 21, 2012
Authored by Fernando Gont

IPv6 offers a much larger address space than that of its IPv4 counterpart. The standard /64 IPv6 subnets can (in theory) accommodate approximately 1.844 * 10^19 hosts, thus resulting in a much lower host density (#hosts/#addresses) than their IPv4 counterparts. As a result, it is widely assumed that it would take a tremendous effort to perform host scanning attacks against IPv6 networks, and therefore IPv6 host scanning attacks have long been considered unfeasible. This document analyzes the IPv6 address configuration policies implemented in most popular IPv6 stacks, and identifies a number of patterns in the resulting addresses lead to a tremendous reduction in the host address search space, thus dismantling the myth that IPv6 host scanning attacks are unfeasible.

tags | paper
MD5 | 7647136296cf7d7fcc2c61206d14cbd6
Recent Advances In IPv6 Security
Posted Apr 14, 2012
Authored by Fernando Gont

These are the slides for the presentation "Recent Advances in IPv6 Security" that was given at Hackito Ergo Sum 2012.

tags | paper
MD5 | e5b550d077bc205c2d3aab2bbb5bbac6
Generating Stable Privacy-Enhanced Addresses With IPv6
Posted Mar 31, 2012
Authored by Fernando Gont

This document specifies a method for generating IPv6 Interface Identifiers to be used with IPv6 Stateless Address Autoconfiguration (SLAAC), such that addresses configured using this method are stable within each subnet, but the Interface Identifier changes when hosts move from one network to another. The aforementioned method is meant to be an alternative to generating Interface Identifiers based on IEEE identifiers, such that the benefits of stable addresses can be achieved without sacrificing the privacy of users.

tags | paper
MD5 | 38b4c27a5caa9d018464a2a4dea98298
IETF I-D On Fragmentation Related Security Issues Revision 01
Posted Mar 4, 2012
Authored by Fernando Gont

This Internet Draft specifies the security implications of predictable fragment identification values in IPv6. It primarily focuses on countermeasures and mitigations.

Changes: Various updates and additions.
tags | paper
MD5 | 3249e274aace1bdccca29647b9dba579
IETF I-D: Implications Of Oversized IPv6 Header Chains
Posted Feb 18, 2012
Authored by Fernando Gont

This IETF Internet Draft discusses security and interoperability implications of oversized IPv6 header chains.

tags | paper
MD5 | dcd9d59df7a720f7b156bbc04699c5ba
RFC6528 - Defending Against Sequence Number Attacks
Posted Feb 3, 2012
Authored by Fernando Gont

This document specifies an algorithm for the generation of TCP Initial Sequence Numbers (ISNs), such that the chances of an off-path attacker guessing the sequence numbers in use by a target connection are reduced. This document revises (and formally obsoletes) RFC 1948, and takes the ISN generation algorithm originally proposed in that document to Standards Track, formally updating RFC 793.

tags | paper, tcp
MD5 | 4bd9d141dba29f999534d68fbcf120f5
Security Implications Of IPv6 Extensions Headers With Neighbor Discovery Rev 2
Posted Jan 13, 2012
Authored by Fernando Gont | Site ietf.org

IPv6 Extension Headers with Neighbor Discovery messages can be leveraged to circumvent simple local network protections, such as "Router Advertisement Guard". Since there is no legitimate use for IPv6 Extension Headers in Neighbor Discovery messages, and such use greatly complicates network monitoring and simple security mitigations such as RA-Guard, this document proposes that hosts silently ignore Neighbor Discovery messages that use IPv6 Extension Headers. Revision 2 of this document. This revision includes, among other things, a discussion of possible issues with SEND as a result of IPv6 fragmentation.

tags | paper, local
MD5 | bddd807b8490984a05656623cd777ccd
Implementation Advice For IPv6 Router Advertisement Guard (RA-Guard)
Posted Jan 5, 2012
Authored by Fernando Gont

This Internet Draft focuses on providing advice to RA-Guard implementations, rather than on the evasion techniques that have been found effective against most popular implementations of RA-Guard.

tags | paper
MD5 | 1b5c636801345cb01aca19632ee04573
IETF I-D On Fragmentation Related Security Issues
Posted Dec 16, 2011
Authored by Fernando Gont

This Internet Draft specifies the security implications of predictable fragment identification values in IPv6. It primarily focuses on countermeasures and mitigations.

tags | paper
MD5 | ea42370891c626496f81f24e5a922d19
IETF I-D On "Stable Privacy Addresses"
Posted Dec 16, 2011
Authored by Fernando Gont

This document specifies a method for generating IPv6 Interface Identifiers to be used with IPv6 Stateless Address Autoconfiguration (SLAAC), such that addresses configured using this method are stable within each subnet, but the Interface Identifier changes when hosts move from one network to another. The aforementioned method is meant to be an alternative to generating Interface Identifiers based on IEEE identifiers, such that the same manageability benefits can be achieved without sacrificing the privacy of users.

tags | paper
MD5 | 0b0fef7bec3954389f6b4bcfd6749ba6
IPv6 Security Assessment Results
Posted Nov 8, 2011
Authored by Fernando Gont

These are the slides from a presentation called Results of a Security Assessment of the Internet Protocol version 6 (IPv6). It was presented at H2HC 2011.

tags | paper, protocol
MD5 | d07e41f43379026ab674eb6e151d845a
Page 2 of 3
Back123Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close