ipv6 address
+------------------
Cisco devices that are running an affected version of Cisco IOS
Software and configured for IPv6 operation are vulnerable. A device
that is running Cisco IOS Software and that has IPv6 enabled will
show some interfaces with assigned IPv6 addresses when the "show ipv6
interface brief" command is executed.
The "show ipv6 interface brief" command will produce an error message
if the version of Cisco IOS Software in use does not support IPv6, or
will not show any interfaces with IPv6 address if IPv6 is disabled.
T1: 5400
T2: 8640
IA Address
option type: 5
option length: 24
IPv6 address: fec0:0:beef:f00d::bad:f00d
Preferred lifetime: 10800
Valid lifetime: 21600
Domain Search List <<<--------------------------------------
option type: 24
option length: 1
This vulnerability does not affect devices configured only for IPv4.
Note: IPv6 functionality is turned off by default.
IPv6 is enabled on the Cisco ASA and Cisco PIX security appliance
using the "ipv6 address" interface command. To verify if a device
is configured for IPv6 use the "show running-config | include ipv6"
command.
Alternatively, you can display the status of interfaces configured for
IPv6 using the show ipv6 interface command in privileged EXEC mode, as
the usual tarball, a PGP-signed version of it, a link to the toolkit's
GIT repository, etc.
This release has a number of features:
* It includes a full-fledged IPv6 address scanning tool (scan6)
-- probably the only comprehensive IPv6 address scanning tool
out there. Check out all the newly incorporated features!
* It includes support for tunnels (in most of the tools). So if
you are currently employing e.g. a free IPv6 tunnel to connect
IPv6 protocol is enabled on an interface if either or both of the
following configuration lines are present in the configuration:
Router#show running-config
interface FastEthernet0/1
ipv6 address 2001:0DB8:C18:1::/64 eui-64
Router#show running-config
interface FastEthernet0/1
ipv6 enabled
Folks,
TechTarget has published an article I've authored for them, entitled
"Analysis: Vast IPv6 address space actually enables IPv6 attacks".
The aforementioned article is available at:
<http://searchsecurity.techtarget.com/tip/Analysis-Vast-IPv6-address-space-actually-enables-IPv6-attacks>
(FWIW, it's a human-readable version of the IETF Internet-Draft I
published a month ago or so about IPv6 host scanning (see:
> Reconnaissance ("Network Reconnaissance in IPv6 Networks", available at:
> <http://tools.ietf.org/html/draft-ietf-opsec-ipv6-host-scanning-00>).
>
> Our scan6 tool (part of the SI6 Networks' IPv6 toolkit
> <http://www.si6networks.com/tools/ipv6toolkit>) allows you to play with
> the different IPv6 address scanning techniques.
>
> It's simple to play/try: Find an IPv6 node (e.g., "dig DOMAIN aaaa", and
> figure out the pattern... or simply scan for the predefined scan
> patterns that scan6 implements). "traceroute6 DOMAIN" will give you the
> IPv6 addresses of the intervening routers (which generally follow very
On 6/8/2012 6:32 AM, Fernando Gont wrote:
> Folks,
>
> TechTarget has published an article I've authored for them, entitled
> "Analysis: Vast IPv6 address space actually enables IPv6 attacks".
>
> The aforementioned article is available at:
> <http://searchsecurity.techtarget.com/tip/Analysis-Vast-IPv6-address-space-actually-enables-IPv6-attacks>
>
> (FWIW, it's a human-readable version of the IETF Internet-Draft I
www.thc.org/thc-ipv6
2. compile the tools with "make"
3. run the following tool on the target:
firewall6 <interface> <target> <port> 19
where interface is the network interface (e.g. eth0)
target is the IPv6 address of the victim (e.g. ff02::1)
port is any tcp port, doesnt matter which (e.g. 80)
and 19 is the test case number.
The test case numbers 18, 19, 20 and 21 lead to a remote system freeze.
Solution: Remove the Kaspersky Anti-Virus NDIS 6 Filter from all network interfaces or uninstall the Kaspersky software until a fix is provided.
On 06/08/2012 07:32 AM, Fernando Gont wrote:
> Folks,
>
> TechTarget has published an article I've authored for them, entitled
> "Analysis: Vast IPv6 address space actually enables IPv6 attacks".
>
> The aforementioned article is available at:
> <http://searchsecurity.techtarget.com/tip/Analysis-Vast-IPv6-address-space-actually-enables-IPv6-attacks>
>
> (FWIW, it's a human-readable version of the IETF Internet-Draft I
We are pleased to announce the release of ipv6mon v1.0!
** Description **
ipv6mon (<http://www.si6networks.com/tools/ipv6mon>) is a tool for
monitoring IPv6 address usage on a local network. It is meant to be
particularly useful in networks that employ IPv6 Stateless Address
Auto-Configuration (as opposed to DHCPv6), where address assignment is
decentralized and there is no central server that records which IPv6
addresses have been assigned to which nodes during which period of time.
Reconnaissance ("Network Reconnaissance in IPv6 Networks", available at:
<http://tools.ietf.org/html/draft-ietf-opsec-ipv6-host-scanning-00>).
Our scan6 tool (part of the SI6 Networks' IPv6 toolkit
<http://www.si6networks.com/tools/ipv6toolkit>) allows you to play with
the different IPv6 address scanning techniques.
It's simple to play/try: Find an IPv6 node (e.g., "dig DOMAIN aaaa", and
figure out the pattern... or simply scan for the predefined scan
patterns that scan6 implements). "traceroute6 DOMAIN" will give you the
IPv6 addresses of the intervening routers (which generally follow very
www.thc.org/thc-ipv6
2. compile the tools with "make"
3. run the following tool on the target:
firewall6 <interface> <target> <port> 19
where interface is the network interface (e.g. eth0)
target is the IPv6 address of the victim (e.g. ff02::1)
port is any tcp port, doesnt matter which (e.g. 80)
and 19 is the test case number.
The test case numbers 18, 19, 20 and 21 lead to a remote system freeze.
Solution: Remove the Kaspersky Anti-Virus NDIS 6 Filter from all network
}
}
}
} elseif (filter_var($_SERVER['REMOTE_ADDR'],
FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
## Valid IPv6 Address
$address = $_SERVER['REMOTE_ADDR'];
}
}
return $address;
} else {
|
