Securing IPv6 on FreeBSD

Security was one of the main goals when IPv6 was being designed and is also a motivating factor for organizations moving to IPv6. Given these facts we can ask if IPv6 is really safer than IPv4. Answering this question was our project during Google Summer of Code 2006 and this paper describes our work in investigating the security of the FreeBSD IPv6 protocol stack.

The paper contains a list of possible IPv6 attacks, a description of the oldest vulnerabilities, an overview of the newest ones found in the FreeBSD IPv6 stack, some new ways to do OS fingerprinting and finally a list of tricks in order to evade/bypass IDS or firewalls. The paper also explains various bug fixes as well as the new tools developed during this project.

The paper covers the tools used to test for security problems, as well as the techniques used with the tools. Various tools were used in evaluating the security of the protocol code including protocol and API fuzzers. All the tools are open source and are described in the paperBlind fuzzing was not sufficient to generate interesting results and so a targeted approach was taken.

Knowledge of the basic protocols involved allowed for the adaptation of attacks against the current IP protocol, IPv4, to be used in attacks on IPv6. The lower levels of the protocol, such as neighbor and router discovery, turn out to have the same issues as the Address Resolution Protocol (ARP), and several problems were found in the protocol design itself, as opposed to being found in the code.

Coding problems were also found, and fixed by the FreeBSD project, as a result of this work.