The IPv6 protocol suite has been designed to accommodate the present and future growth of the Internet, by providing a much larger address space than that of its IPv4 counterpart, and is the successor of the original IPv4 protocol suite. The imminent exhaustion of the IPv4 address space has resulted in the deployment of IPv6 in a large number of production environments, with other organizations planning to deploy IPv6 in the short or near term.
There are a number of factors that make the IPv6 protocol suite interesting from a security standpoint. Firstly, being a new technology, technical personnel has much less confidence with the IPv6 protocols than with their IPv4 counterparts, and thus it is likely that the security implications of the protocols be overlooked when they are deployed on production networks. Secondly, IPv6 implementations are much less mature than their IPv4 counterparts, and thus it is very likely that many vulnerabilities will be discovered in them before their robustness matches that of the existing IPv4 implementations. Thirdly, security products such as firewalls and NIDS’s (Network Intrusion Detection Systems) usually have less support for the IPv6 protocols than for their IPv4 counterparts. Fourthly, the security implications of IPv6 transition/co-existence technologies on existing IPv4 networks are usually overlooked, potentially enabling attackers to leverage these technologies to circumvent IPv4 security controls in unexpected ways.
The imminent global deployment of IPv6 has created a global need for security professionals with expertise in the field of IPv6 security, such that the aforementioned security issues can be mitigated.
While there exist a number of training courses about IPv6 security, they either limit themselves to a high- level overview of IPv6 security, and/or fail to cover a number of key IPv6 technologies that are vital in all real IPv6 deployment scenarios. For more than ten years, SI6 Networks has offered its flagship course “Hacking IPv6 Networks”, providing in-depth hands-on IPv6 security training to networking and security professionals around the world.
Hacking IPv6 Networks (version 7.0) is a renewed edition of SI6 Networks' IPv6 security training course, with an a tremendous increase in hands-on exercises, and newly incorporated materials based on recent developments in the area of IPv6 security. The training is carried out by Fernando Gont, a renowned IPv6 security researcher.
This course will provide the attendee with in-depth knowledge about IPv6 security, such that the attendee is able to evaluate and mitigate the security implications of IPv6 in production environments.
The attendee will be given an in-depth explanation of each topic covered in this course, and will learn -- through hands-on exercises -- how each feature can be exploited for malicious purposes. Subsequently, the attendee will be presented with a number of alternatives to mitigate each of the identified vulnerabilities.
This course will employ a range of open source tools to evaluate the security of IPv6 networks, and to reproduce a number of IPv6-based attacks. During the course, the attendee will perform a large number of exercises in a network laboratory (with the assistance of the trainer), such that the concepts and techniques learned during this course are reinforced with hands-on exercises. The attendee will be required to perform a large number of IPv6 attacks, and to envision mitigation techniques for the corresponding vulnerabilities.
Network Engineers, Network Administrators, Security Administrators, Penetration Testers, and Security Professionals in general.
Participants are required to have a good understanding of the IPv4 protocol suite (IPv4, ICMP, ARP, etc.) and of related components (routers, firewalls, etc.). Additionally, the attendee is expected to knowledge about basic IPv4 troubleshooting tools, such as: ping, traceroute, and network protocol analyzers (e.g., tcpdump). Basic knowledge of IPv6 is desirable, but not required.
Attendees willing to perform the hands-on exercises are expected to bring a laptop with VirtualBox.
Introduction to IPv6
IPv6 Addressing Architecture
IPv6 Header Fields
IPv6 Extension Headers (EHs)
Internet Control Message Protocol version 6 (ICMPv6)
Neighbor Discovery for IPv6
Stateless Address Auto-configuration (SLAAC)
Dynamic Host Configuration Protocol version 6 (DHCPv6)
Multicast Listener Discovery (MLD)
Security Implications of IPv6 for IPv4-only Networks
Pentesting IPv6 Networks
Fernando Gont specializes in the field of communications protocols security, and has consulted for private and governmental organizations from around the world for more than 20 years. Fernando Gont currently serves as Staff Platform Security Engineer at Yalo. Before joining Yalo, he served as Security Consultant and Researcher at SI6 Networks, Director of Information Security at EdgeUno, and consulted for organizations such as the UK National Infrastructure Security Co-ordination Centre (NISCC), the UK Centre for the Protection of National Infrastructure (CPNI), and Huawei Technologies Ltd. Gont has been active in the Internet Engineering Task Force (IETF) for more than 20 years, and has published 40 IETF RFCs (Request For Comments). Gont has also been involved in a number of open source projects, including the SI6 Networks' IPv6 Toolkit — a portable and comprehensive security asessment toolkit for the IPv6 protocol suite. He has also contributed to the OpenBSD and FreeBSD operating systems, and to the Linux kernel. Gont has been a speaker at a number of conferences and technical meetings about information security, operating systems, and Internet engineering, including: CanSecWest 2005, Kernel Conference Australia 2009, DEEPSEC 2009, HACK.LU 2011, Hackito Ergo Sum 2012, Hack In Paris 2013, Troopers 2018, H2HC 2022, and KubeCon/CloudNativeCon Europe 2023. Additionally, he is a regular attendee of the Internet Engineering Task Force (IETF) meetings. More information about Fernando Gont is available at his personal web site: https://www.gont.com.ar.