Since 3 February 2011 the IPv4 pool is now officially and fully depleted. „Peak IPv4“ was a long time ago. IANA can no longer hand out any IPv4 address space. Everyone who needs more address space will be force to look to IPv6. What about security? Are there any benefits? Has IPv6 eliminated all the weaknesses known with IPv4? Those who attended DeepSec 2010 already know the answers to these questions. Mark Heuse conducted a workshop and held a talk about IPv6 security.
There’s no doubt that IPv6 is coming to town. Due to tunnels some networks even have IPv6 connectivity, some without even knowing. Setting up a tunnel with a router in your local network is easy. The router will announce itself to local nodes which will in turn automatically grab addresses and start using IPv6. Make sure that only your routers do this, attackers might bring their own. IPv6 was streamlined, but it introduces new risks and bugs, some even design flaws. This is exactly what we want to talk about. Now is the time companies and vendors are forced to deal with the depleted IPv4 address space. Have a look a implementations, check the protocol specifications, test, torture IPv6 stacks and see if anything breaks.
And then submit your results to our Call for Papers. We want to know and discuss these threats on DeepSec 2011.