IPv6 provides a rich complexity of extension headers and options and a massive address space.
This talk shows how …
– this can be exploited to perform any kind of attack that are not detected by the major IDS/IPS systems on the market
– source blocking can be circumvented
– data exfiltration can be performed
– and how these attacks can be mitigated – which is difficult.
A new tool called fragrouter6 will be released at the conference (will be part of the thc-ipv6 package) which can be used to transform any packets (e.g. nmap or metasploit packets) to bypass IDS/IPS.
