Hacker News new | past | comments | ask | show | jobs | submit login

Indeed, IPV6 is a possible entry point for pen testers, as plenty of admins will leave ipv6 enabled, but not bother to setup ip6tables. Plenty of software is setup to bind on "all interfaces", which includes your link local address. Fortunately, takes some effort to scan the link local address space.. But if they are based on MAC, and you can just ask for the MAC of the host via ARP...



Depending on software, you might just listen for the DAD upon bootup or the service advertisements, of which any host today emits plenty...

On the topic of the IPv6 implementation testing per se:

https://www.thc.org/thc-ipv6/

plug-and-play type set of tools, allows you to try out some preexisting weaknesses/attacks.

http://www.si6networks.com/tools/ipv6toolkit/

Not an "attack toolkit" per se but rather a manipulation toolkit - much more powerful but requires learning IPv6 quite in depth.


Yup. iptables should really have a "figure out how to mirror this" mode, since 99% of iptables rules can be translated to ip6tables rules by sprinkling 6s around, and almost everyone screws it up initially.


I've got a bit of a headache right now, but IIRC the second remotely exploitable OpenBSD bug was because they had IPv6 enabled by default. There are a lot of grues lurking in there.


The parent wasn't just implying it being enabled, but also likely buggy in the implementation as well. E.g. Maybe an overflow with the next header implementation.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: