IPv666 – Address of the Beast

Slide download coming soon.

Watch Video

Global adoption of IPv6 continues to grow, with Google reporting IPv6 as 22% of its client traffic. IPv6 comes with a slew of improvements from larger address space to self-organizing addressing to required support of multicast, but these improvements are a double-edged sword. With NAT going away, DHCP no longer being required, modern operating systems and networks supporting and preferring IPv6 over IPv4, ICMP being required for network operation, iptables not applying to IPv6, and multiple IP addresses being associated with individual interfaces, IPv666 conjures the perfect storm of fail open defaults. Taken in sum, this means that swathes of hosts are exposed to the Internet without firewalls and without the knowledge of their admins.

Why, then, haven’t more boxes been popped via IPv6? Because 2^128 is far larger than 2^32.

In this talk we will take a practical look at how to enumerate and attack hosts over IPv6, using statistical models to discover servers and novel IPv6 honeypotting techniques to discover clients. We’ll talk about what works and what doesn’t when it comes to finding IPv6 addresses and how we used our model and scanning techniques to start amassing a corpus of the global IPv6 address space. We’ll cover statistics about how much more exposed IPv6 hosts are over their IPv4 counterparts and how prevalent IPv6 hosts are on various hosting platforms. Lastly, we will release our model and the code that built it as well as the full list of IPv6 addresses that we discovered in the hopes that putting these tools and data into the hands of the community will enable further research of IPv6 security posture.

Through the information provided in this talk we aim to convince you that a storm is brewing with IPv6 security posture, to provide you with the tooling necessary to validate our claims yourself, and with the knowledge to protect yourself moving forward.

About the Speakers

Christopher Grayson

Chris is an avid computing enthusiast originally hailing from Atlanta, Georgia. Having made a habit of pulling things apart in childhood, Chris has found his professional home in information security. Prior to joining Bird Rides Chris was a security engineer at Snap, Inc., a founder at Web Sight, a senior penetration tester at Bishop Fox, and a research scientist at the Georgia Institute of Technology. During his tenure at these organizations Chris grew into both a breaker and a builder, becoming adept at compromising all manners of systems as well as designing and implementing mechanisms to protect them. Chris has spoken at numerous security conferences such as DEF CON, ToorCon, ShmooCon, and HushCon, and attended the Georgia Institute of Technology where he received a bachelor’s degree in computational media, a master’s degree in computer science, and where he organized and lead the Grey H@t student hacking organization.