Network Reconnaissance in IPv6 Networks

A session at CONFidence 2013

Wednesday 29th May, 2013

3:00pm to 3:50pm (WMT)

One of the traditional ways of doing network reconnaissance in the IPv4 world has been to perform IPv4 address scans of the target network prefixes. That is, given the IPv4 network prefix of a target network, every single IPv4 address in that prefix is probed in the hopes of finding “alive” nodes. This (somewhat) rudimentary approach to network reconnaissance has proved to be very effective in the IPv4 world, thanks to the reduced scale of the problem: since IPv4 networks are composed of a very reduced number of addresses, brute-forcing the entire search space is not only a feasible task, but is also generally a “good enough” approach.

The Internet Protocol version 6 (IPv6), and the emerging IPv6 deployments, somehow change the rules of the “network reconnaissance” game: with the typical 264 addresses per subnetwork, the traditional brute-force approach to address scanning from the IPv4 world becomes unfeasible. This has led to the widespread (and incorrect) assumption that “IPv6 address scanning attacks are unfeasible”.

During the last few years, we have been working on the development of IPv6 network reconnaissance techniques, with two different (but somewhat related) goals in mind: enabling “traditional” penetration testing in the IPv6 world, and dismantling the myth that address scans are not possible in the IPv6 world (hence encouraging the mitigation of these attacks). The aforementioned work has led to the publication of an IETF Internet-Draft entitled “Network Reconnaissance in IPv6 Networks”, that has already been adopted by the OPSEC (operations security) Working Group of the IETF (Internet Engineering Task Force).

Alongside our publication efforts at the IETF, we produced and released the SI6 Networks’ IPv6 toolkit: a portable, free-software IPv6 toolkit for assessing and trouble-shooting IPv6 networks and implementations. The latest release (v1.3.1) of the toolkit ships with a full-fledged IPv6 address-scanning tool (scan6), that implements all the IPv6 address-scanning techniques discussed in our IETF Internet-Draft, and takes IPv6 address scanning to a new level.

New releases of the IPv6 toolkit are planned for the next few months, with a focus on network reconnaissance: essentially, we aim at producing an implementation of every single IPv6 network reconnaissance technique discussed in our IETF Internet-Draft “Network Reconnaissance in IPv6 Networks”.

Following the release of the SI6 Networks’ IPv6 toolkit v1.3.1, we embarked ourselves on related (and still ongoing) project: assessing public IPv6 Internet in the hopes of gaining further insights about IPv6 network reconnaissance. We believe that this project will not only serve as a basis to assess the effectiveness of the techniques that we have developed so far, but that the project will also result in a number of insights that will lead to new features in our IPv6 toolkit.

Fernando Gont will provide an overview of IPv6 network reconnaissance techniques, and wil explain how each of those techniques can be implemented in real networks with the SI6 IPv6 toolkit. Fernando will then describe our (currently) ongoing project of assessing the public IPv6 Internet (from a “network reconnaissance” perspective), and will discuss the insights learned as a result of that project.

About the speaker

This person is speaking at this event.
Fernando Gont

Fernando Gont specializes in the field of communications protocols security, working for private and governmental organisations both in Argentina and overseas. bio from Twitter

Sign in to add slides, notes or videos to this session

CONFidence 2013

Poland Poland, Krakow

28th29th May 2013

Tell your friends!


Time 3:00pm3:50pm WMT

Date Wed 29th May 2013

Short URL


View the schedule


See something wrong?

Report an issue with this session