After the implementation of DNS and DNSSEC (see the last posts) it is good to do some reconnaissance attacks against the own DNS servers. Especially to see the NSEC or NSEC3 differences, i.e., whether zone walking (enumeration) is feasible or not.
For many different kinds of DNS reconnaissance the tool dnsrecon can be used. In this post I will focus on the -z option which is used for DNSSEC zone walking, i.e., walk leaf by leaf of the whole DNS zone.
Hier gibt es meinen Vortrag vom IPv6-Kongress 2013 in Frankfurt zum Download.
Es ist eine PDF-Datei in der a) die Präsentationsfolien und b) eine Menge Kommentare von mir stehen, die quasi das Gesagte während des Vortrags ziemlich gut abdecken.
Continue reading IPv6 Man-in-the-Middle Attacken auf Schicht 2 (IPv6-Kongress 2013)
Hello world,
with this post I want to publish my own master thesis which I finished in February 2013 about the topic “IPv6 Security Test Laboratory”. (I studied the Master of IT-Security at the Ruhr-Uni Bochum.) I explained many IPv6 security issues in detail and tested three firewalls (Cisco ASA, Juniper SSG, Palo Alto PA) against all these IPv6 security attacks.
[UPDATE]Before reading the huge master thesis, this overview of IPv6 Security may be a good starting point for IPv6 security issues.[/UPDATE]