Bio: Fernando Gont specializes in the field of communications protocols security, working for private and governmental organizations.
Gont has worked on a number of projects for the UK National Infrastructure Security Coordination Centre (NISCC) and the UK Centre for the Protection of National Infrastructure (CPNI) in the field of communications protocols security. As part of his work for these organizations, he has written a series of documents with recommendations for network engineers and implementers of the TCP/IP protocol suite, and has performed the first thorough security assessment of the IPv6 protocol suite.
Gont is currently working as a security consultant and researcher for SI6 Networks (http://www.si6networks.com). Additionally, he is a member of the Centro de Estudios de Informatica (CEDI) at Universidad Tecnológica Nacional/Facultad Regional Haedo (UTN/FRH) of Argentina, where he works in the field of Internet engineering. As part of his work, he is active in several working groups of the Internet Engineering Task Force (IETF), and has published a number of IETF RFCs (Request For Comments) and Internet-Drafts.
Gont has been a speaker at a number of conferences and technical meetings about information security, operating systems, and Internet engineering, including: CanSecWest 2005, Midnight Sun Vulnerability and Security Workshop/Retreat 2005, FIRST Technical Colloquium 2005, Kernel Conference Australia 2009, DEEPSEC 2009, HACK.LU 09, HACK.LU 2011, DEEPSEC 2011, IETF 83, LACSEC 2012, Hackito Ergo Sum 2012, Hack In Paris 2012, and H2HC 2012.
More information about Fernando Gont is available at his personal web site: <http://www.gont.com.ar>
Network Reconnaissance in IPv6 Networks
One of the traditional ways of doing network reconnaissance in the IPv4 world has been to perform IPv4 address scans of the target network prefixes. That is, given the IPv4 network prefix of a target network, every single IPv4 address in that prefix is probed in the hopes of finding “alive” nodes. This (somewhat) rudimentary approach to network reconnaissance has proved to be very effective in the IPv4 world, thanks to the reduced scale of the problem: since IPv4 networks are composed of a very reduced number of addresses, brute-forcing the entire search space is not only a feasible task, but is also generally a “good enough” approach.
The Internet Protocol version 6 (IPv6), and the emerging IPv6 deployments, somehow change the rules of the “network reconnaissance” game: with the typical 264 addresses per subnetwork, the traditional brute-force approach to address scanning from the IPv4 world becomes unfeasible. This has led to the widespread (and incorrect) assumption that “IPv6 address scanning attacks are unfeasible”.
During the last few years, we have been working on the development of IPv6 network reconnaissance techniques, with two different (but somewhat related) goals in mind: enabling “traditional” penetration testing in the IPv6 world, and dismantling the myth that address scans are not possible in the IPv6 world (hence encouraging the mitigation of these attacks). The aforementioned work has led to the publication of an IETF Internet-Draft entitled “Network Reconnaissance in IPv6 Networks”, that has already been adopted by the OPSEC (operations security) Working Group of the IETF (Internet Engineering Task Force).
Alongside our publication efforts at the IETF, we produced and released the SI6 Networks’ IPv6 toolkit: a portable, free-software IPv6 toolkit for assessing and trouble-shooting IPv6 networks and implementations. The latest release (v1.3.1) of the toolkit ships with a full-fledged IPv6 address-scanning tool (scan6), that implements all the IPv6 address-scanning techniques discussed in our IETF Internet-Draft, and takes IPv6 address scanning to a new level.
New releases of the IPv6 toolkit are planned for the next few months, with a focus on network reconnaissance: essentially, we aim at producing an implementation of every single IPv6 network reconnaissance technique discussed in our IETF Internet-Draft “Network Reconnaissance in IPv6 Networks”.
Following the release of the SI6 Networks’ IPv6 toolkit v1.3.1, we embarked ourselves on related (and still ongoing) project: assessing public IPv6 Internet in the hopes of gaining further insights about IPv6 network reconnaissance. We believe that this project will not only serve as a basis to assess the effectiveness of the techniques that we have developed so far, but that the project will also result in a number of insights that will lead to new features in our IPv6 toolkit.
Fernando Gont will provide an overview of IPv6 network reconnaissance techniques, and wil explain how each of those techniques can be implemented in real networks with the SI6 IPv6 toolkit. Fernando will then describe our (currently) ongoing project of assessing the public IPv6 Internet (from a “network reconnaissance” perspective), and will discuss the insights learned as a result of that project.