When trying to attack a host, it is crucial to be aware of its operating system. To get this information, different methods for remote OS detection exist, which try to detect the OS of a remote host by investigating differences in behavior. So far, most of this methods analyze the TCP protocol. By using IPv6, new possibilities allow an additional detection of a remote OS by analyzing the systems behavior on the IPv6 layer. First, a short overview on relevant details which changed from IPv4 to IPv6, such as fragmentation, is given. Afterwards, it is discussed how this new details can be used to determine the remote OS on the IPv6 layer.
Mathias finished his studies in IT security last summer. In his thesis, he created the TCP Idle Scan in IPv6, which included a contribution to the vulnerability scanner Nmap. Afterwards, he worked on methods to translate IPv4 packets to IPv6 and vice versa. Since February, he is working as penetration tester at Fox IT.