Wednesday, July 27, 2011

Hacking IPv6 Networks

We have launched a series of in-depth, hands-one trainings about IPv6 security.

The first edition was last June, at the Hack in Paris 2011 conference in Paris, France.

The next edition will be in Sao Paulo, Brazil.

Check out the training's web site!

Tuesday, July 5, 2011

IETF RFC 6274: Security Assessment of the Internet Protocol Version 4

The IETF has published RFC 6274, entitled "Security Assessment of the Internet Protocol Version 4", which is an IETF version of the IPv4 security assessment that had been published by CPNI in 2008. The Abstract of the RFC is:

This document contains a security assessment of the IETF
specifications of the Internet Protocol version 4 and of a number of
mechanisms and policies in use by popular IPv4 implementations.  It
is based on the results of a project carried out by the UK's Centre
for the Protection of National Infrastructure (CPNI).

The RFC is available here.

Requirements for secure IPv6 deployments include better IPv6 tester tools

An article that I've authored for has just been published. It is entitled "Requirements for secure IPv6 deployments include better IPv6 tester tools". The "abstract" of the article is:
This article, which is a part of the mini learning guide, IPv6 tutorial: Understanding IPv6 security issues, threats, defenses, discusses how a number of factors, such as a lack of trained personnel and limited IPv6 support in security devices, may affect the security of IPv6 network deployments. It also explains the potential effects of those factors, and suggests possible ways to mitigate these shortcomings.
The full article is available here.

World IPv6 Day recap ( has published and article entitled "World IPv6 Day recap" which comments on the outcome of the World IPv6 Day.

I have been quoted in that article noting that many people assume that during the World IPv6 Day, everyone accessed Google and Facebook with IPv6. But that's not the case: most users still accessed those sites with IPv4, since they had no IPv6 connectivity and/or their operating systems preferred IPv4 connectivity over the IPv6 connectivity they had available.

The full article is available here.

Wednesday, June 29, 2011

DEEPSEC 2009: Security Assessment of TCP and IPv4

The video of a talk I gave in 2009 (!) at DEEPSEC 2009 about some security assessment of TCP and IPv4 that I had carried out on behalf of CPNI has just been posted by the DEEPSEC folks. The video of the presentation is available here. (Note: the slides are available here, and the technical reports here).

Tuesday, June 28, 2011

Hack In Paris 2011: Hacking IPv6 Networks

Two weeks ago I travelled to Paris to attend the Hack In Paris 2011 conference, where I taught the training "Hacking IPv6 Networks". It was a cool experience, in particular because it was possible to do some real IPv6 hacking with some of the attendees (such as testing a stealth IPv6 scanning technique I had envisioned the night before one of the training sessions, while tweaking my slides).

I have uploaded the slides used for the aforementioned training, which cover (only) the theory contents of the training. The slides are available here.