IPv6 Network Security with Scapy

Guillaume Valadon

Guillaume Valadon likes looking at data and crafting packets, and holds a PhD in IPv6 networking. In his spare time, he maintains Scapy and reverses embedded devices. Also, he still remembers what AT+MS=V34 means! Guillaume regularly gives technical presentations, classes and live demonstrations, and writes research papers for conferences and magazines

A Brief Sample of the Course

Course Schedule

The next scheduling of this dojo has yet to be decided.

Course Abstract

Depending on who you ask and how you look at it, IPv6 can be considered either a minor or a major evolution from IPv4, especially on the security front. What is clear is the IPv6 introduction and deployment, and the mix of IPv4 and IPv6 creates security vulnerabilities and windows of opportunities for the bad guys.

Continuously updated since 2009, this dojo mixes theory and practice in order to achieve an immediate application of the material. The different topics developed during the dojo are the result of discussions with students fromcompanies, governmental entities and universities. They reflect typical IPv6 practical issues.

Starting from the basics, we will learn IPv6 security together, and practical attacks with Scapy (https://github.com/secdev/scapy); a powerful packet manipulation library which Guillaume develop IPv6 support, and which is one of the official maintainers.

This dojo aims at providing a full understanding of IPv6 attacks and defenses mechanisms. No previous IPv6 knowledge is required, as the instructor will go through the protocol in detail.

Many practical lab sessions allow you to manipulate all the concepts presented during the training. You will learn to master Scapy and build your own IPv6 attacks against real targets.

For simplicity, and in order to allow everyone to practice, all the labs are performed on virtual architectures. Everyone can experiment at their own pace, and test attacks without impacting the other participants.

At the end of the dojo, you will fully understand IPv6, and realize that it is not "just as small change in the network", as it impacts a lot of systems and applications.

Course Pre-requisites

The lab exercises are based on a virtual machine hosted in the cloud. You have to bring your own laptop, preferably running Linux (native or virtualized), and have a working SSH client ready. Make sure the operating system is working properly especially the network component if you run it inside a VM.

You don't have to pre-install the tools.

You should understand basic TCP/IP routing and basic Linux network commands.

No prior knowledge of IPv6 nor Scapy is required.

Course Learning Objectives

This dojo aims at providing a full understanding of IPv6 attacks and defenses mechanisms. No previous IPv6 knowledge is required, as the instructor will go through the protocol in detail.

Course Agenda

Note: the dojo content can be adapted at your request to adjust to your needs.

• Introduction to IPv6 & Scapy

• Overview of IPv6 tools

• IPv4 issues

• IPv6 differences

• IPv6 addresses

• The IPv6 protocol

• The ICMPv6 protocol

• The Neighbor Discovery Protocol

• DNS & IPv6

• The MLD Protocol

• IPv6 Network Enumeration

• Link local attacks

• Triggering an IPv6 CVE with Scapy

• Fuzzing IPv6 Implementations with AFL

• Protecting IPv6 networks

• Transition mechanisms

• Hardening Recommendations

Hardware Requirements

You have to bring your own laptop, preferably running Linux (native or virtualized).

Software Requirements

Have a working SSH client ready. Make sure the operating system is working properly especially the network component if you run it inside a VM.