BSDCan2007 - Confirmed Schedule

BSDCan 2007
The Technical BSD Conference

George Neville-Neil
Day 3
Room SITE A0150
Start time 16:30
Duration 01:00
ID 7
Event type Lecture
Track Networking
Language English

Securing IPv6 on FreeBSD

A Google Summer of Code Project

One of the main features of the next generation IP protocol, IPv6, is security. As a summer of code project we used publicly available tools, as well as a home grown, open source, network protocol test library to test the security of the IPv6 stack in FreeBSD. This paper and presentation give the results of that work including a description of what was tested, how it was tested, and the security vulnerabilities found.

Security was one of the main goals when IPv6 was being designed and is also a motivating factor for organizations moving to IPv6. Given these facts we can ask if IPv6 is really safer than IPv4. Answering this question was our project during Google Summer of Code 2006 and this paper describes our work in investigating the security of the FreeBSD IPv6 protocol stack.

The paper contains a list of possible IPv6 attacks, a description of the oldest vulnerabilities, an overview of the newest ones found in the FreeBSD IPv6 stack, some new ways to do OS fingerprinting and finally a list of tricks in order to evade/bypass IDS or firewalls. The paper also explains various bug fixes as well as the new tools developed during this project.

The paper covers the tools used to test for security problems, as well as the techniques used with the tools. Various tools were used in evaluating the security of the protocol code including protocol and API fuzzers. All the tools are open source and are described in the paperBlind fuzzing was not sufficient to generate interesting results and so a targeted approach was taken.

Knowledge of the basic protocols involved allowed for the adaptation of attacks against the current IP protocol, IPv4, to be used in attacks on IPv6. The lower levels of the protocol, such as neighbor and router discovery, turn out to have the same issues as the Address Resolution Protocol (ARP), and several problems were found in the protocol design itself, as opposed to being found in the code.

Coding problems were also found, and fixed by the FreeBSD project, as a result of this work.