The Impact of IPv6 on Penetration Testing

Christiaan Ottow, Frank van Vliet, Pieter-Tjerk de Boer, Aiko Pras

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    3 Citations (Scopus)
    128 Downloads (Pure)

    Abstract

    In this paper we discuss the impact the use of IPv6 has on remote penetration testing of servers and web applications. Several modifications to the penetration testing process are proposed to accommodate IPv6. Among these modifications are ways of performing fragmentation attacks, host discovery and brute-force protection. We also propose new checks for IPv6-specific vulnerabilities, such as bypassing firewalls using extension headers and reaching internal hosts through available transition mechanisms. The changes to the penetration testing process proposed in this paper can be used by security companies to make their penetration testing process applicable to IPv6 targets.
    Original languageUndefined
    Title of host publication18th EUNICE / IFIP International Conference on Information and Communication Technologies
    Place of PublicationLondon
    PublisherSpringer
    Pages88-99
    Number of pages10
    ISBN (Print)978-3-642-32807-7
    DOIs
    Publication statusPublished - Aug 2012
    Event18th EUNICE/IFIP International Conference on Information and Communication Technologies, EUNICE 2012 - Budapest, Hungary
    Duration: 29 Aug 201231 Aug 2012
    Conference number: 18

    Publication series

    NameLecture Notes in Computer Science
    PublisherSpringer Verlag
    Volume7479
    ISSN (Print)0302-9743
    ISSN (Electronic)1611-3349

    Conference

    Conference18th EUNICE/IFIP International Conference on Information and Communication Technologies, EUNICE 2012
    Abbreviated titleEUNICE
    CountryHungary
    CityBudapest
    Period29/08/1231/08/12

    Keywords

    • IR-81276
    • EWI-22181
    • METIS-287981

    Cite this

    Ottow, C., van Vliet, F., de Boer, P-T., & Pras, A. (2012). The Impact of IPv6 on Penetration Testing. In 18th EUNICE / IFIP International Conference on Information and Communication Technologies (pp. 88-99). (Lecture Notes in Computer Science; Vol. 7479). London: Springer. https://doi.org/10.1007/978-3-642-32808-4_9