Wednesday, June 29, 2011

DEEPSEC 2009: Security Assessment of TCP and IPv4

The video of a talk I gave in 2009 (!) at DEEPSEC 2009 about some security assessment of TCP and IPv4 that I had carried out on behalf of CPNI has just been posted by the DEEPSEC folks. The video of the presentation is available here. (Note: the slides are available here, and the technical reports here).

Tuesday, June 28, 2011

Hack In Paris 2011: Hacking IPv6 Networks

Two weeks ago I travelled to Paris to attend the Hack In Paris 2011 conference, where I taught the training "Hacking IPv6 Networks". It was a cool experience, in particular because it was possible to do some real IPv6 hacking with some of the attendees (such as testing a stealth IPv6 scanning technique I had envisioned the night before one of the training sessions, while tweaking my slides).

I have uploaded the slides used for the aforementioned training, which cover (only) the theory contents of the training. The slides are available here.

Thursday, June 9, 2011

Lagging IPv6 security features, vulnerabilities could hamper transition

SearchSecurity.Techtarget.com has published an article entitled "Lagging IPv6 security features, vulnerabilities could hamper transition", authored by Robert Westervelt. The article includes some quotes from an interview I had with Robert.

Some of the quotes are not verbatim, and thus might be a bit misleading. When in doubt, check these slides from a presentation about IPv6 security I gave last year at LACNOG 2010.

Wednesday, June 8, 2011

RA-Guard Evasion: New revision of my IETF Internet-Drafts

I have posted a revision of both of my recently-published IETF Internet-Drafts about RA-Guard evasion:


    As always, any comments will be very appreciated.

    Thursday, June 2, 2011

    IPv6 security issues: IPv6 transition mechanisms

    Yet another article that I have authored for searchsecurity.techtarget.com. The "abstract" of the article is:

    IPv6, the “new” Internet Protocol, is meant to provide enough addresses to enable virtually unlimited Internet growth in the near future. However, since IPv6 is not backwards compatible with IPv4, a variety of transition/co-existence mechanisms have been devised so the introduction of IPv6 in the IPv4-dominant Internet, and the co-existence of both protocols is facilitated.

    In this tip, we’ll briefly introduce these transition/co-existence mechanisms, and explain why they present a variety of compelling security concerns for enterprises.

    You can find the article online here.

    Some talks about IPv6 security


    During the past few weeks I gave several talks about IPv6 security, at different venues. The first venue was LACNIC XV, held in Cancun (Mexico), where I gave a tutorial about IPv6 security, and a presentation about Neighbor Discovery vulnerabilities (the latter in the context of LACSEC 2011).

    They were followed by two presentations in Arequipa (Peru): one about IPv6 security during CONATEL 2011, and one about Neighbor Discovery vulnerabilities during the Cisco Academy Conference 2011.

    Finally, I travelled to London (UK), for a workshop about IPv6 transition organized by CPNI.

    The slides used for these presentations can be found here.

    IPv6 myths: Debunking misconceptions regarding IPv6 security features

    An article I authored for searchsecurity.techtarget.com has just been published. The articled is entitled "IPv6 myths: Debunking misconceptions regarding IPv6 security features" and discusses a number of myths that have arisen over the years about IPv6 security.

    The article is available online, here.