Tag Archives: THC-IPv6

"Füße" by Robert Agthe is licensed under CC BY 2.0

How to walk DNSSEC Zones: dnsrecon

After the implementation of DNS and DNSSEC (see the last posts) it is good to do some reconnaissance attacks against the own DNS servers. Especially to see the NSEC or NSEC3 differences, i.e., whether zone walking (enumeration) is feasible or not.

For many different kinds of DNS reconnaissance the tool dnsrecon can be used. In this post I will focus on the -z  option which is used for DNSSEC zone walking, i.e., walk leaf by leaf of the whole DNS zone.

Continue reading How to walk DNSSEC Zones: dnsrecon

logo_ipv6

Vortrag: IPv6 Man-in-the-Middle Attacken auf Schicht 2 (IPv6-Kongress 2013)

Hier gibt es meinen Vortrag vom IPv6-Kongress 2013 in Frankfurt zum Download.

Es ist eine PDF-Datei in der a) die Präsentationsfolien und b) eine Menge Kommentare von mir stehen, die quasi das Gesagte während des Vortrags ziemlich gut abdecken.

download-buttons02

Continue reading Vortrag: IPv6 Man-in-the-Middle Attacken auf Schicht 2 (IPv6-Kongress 2013)

IPv6 Security Master Thesis

Hello world,

with this post I want to publish my own master thesis which I finished on February 2013 about the topic “IPv6 Security Test Laboratory”. (I studied the Master of IT-Security at the Ruhr-Uni Bochum.) I explained many IPv6 security issues in detail and tested three firewalls (Cisco ASA, Juniper SSG, Palo Alto PA) against all these IPv6 security attacks.

[UPDATE]Before reading the huge master thesis, this overview of IPv6 Security may be a good starting point for IPv6 security issues.[/UPDATE]

download-buttons02

Continue reading IPv6 Security Master Thesis