Pv6 introduces new features and capabilities not limited to the IPv6 huge address space. One of the most significant ones is the introduction of the IPv6 Extension Headers. In this presentation, it will be shown that the abuse of IPv6 Extension Headers in a way not predicted by the corresponding RFCs can lead to significant security impacts. As it will be shown, the abuse of the IPv6 Extension Headers creates new attack vectors which can be exploited for various purposes, such as for evading IDS, for creating covert channels by hiding data into Extension headers, etc. During our tests, the effectiveness of two of the most popular IDS against these attacks is also examined and several ways for evading them at the IP level are shown. As it is demonstrated, the launch of any type of attack at the IP layer or above without being detected can be achieved by abusing IPv6 Extension headers “properly”. Finally, specific countermeasures that should be taken to handle such situations are also proposed.
Antonios Atlasis is an IT Security researcher with a special interest in IPv6 (in)securities. His work has been presented in several IT Security conferences and it has resulted in the discovery of various IPv6-related vulnerabilities. He is the author of Chiron, an IPv6 specialized and very flexible security assessment tool.