logo

New Ways of IPV6 Scanning

Conference:  BlackHat USA 2021

2021-11-10

Summary

New Ways of IPV6 Scanning
  • IPv6 addresses are long enough to make scanning difficult, but vulnerabilities exist that allow for effective scanning
  • Multiple operating systems are affected by these vulnerabilities, including Android and Linux kernel devices
  • Scanning can be done quickly and easily, allowing for access to devices on local networks
  • IPv6 security risks should be taken seriously
Using these vulnerabilities, we can easily get those random IPv6 addresses, for example, we can get the IPv6 addresses of all devices in a city in one minute. And this kind of attack is universal. This will cause all clients to be directly accessed, just like all the devices in a big Intranet, so we can access the ADB debug port, web services, telnet...

Abstract

Nowadays, there are fewer and fewer IPv4 addresses, but IPv6 is popular because it has enough addresses. Assuming an attacker scans at a rate of 1 million hosts per second, it will take 500,000 years. So it seems that IPv6 is very secure, and the address scanning attack is invalid. But after thorough research, we found several vulnerabilities to scan or obtain IPV6 addresses effectively. One of the vulnerabilities affects all Linux kernel devices! One affects all Android devices! So it looks like all iPhones, Android phones and smart devices like routers, Smart speakers, and even car entertainment systems are affected. Using these vulnerabilities, we can easily get those random IPv6 addresses, for example, we can get the IPv6 addresses of all devices in a city in one minute. And this kind of attack is universal. This will cause all clients to be directly accessed, just like all the devices in a big Intranet, so we can access the ADB debug port, web services, telnet...Compared with the servers on Internet, the port vulnerability of IOT devices in Intranet is more serious.We will also introduce some other IPv6 security risks, hoping to draw your attention to IPv6 Security.

Materials:

Tags:

Post a comment