IPV666 Address of the Beast - Christopher Grayson, Marc Newlin - DEF CON China 1

Global adoption of IPv6 continues to grow, with Google reporting IPv6 as 25% of its client traffic. IPv6 comes with a slew of improvements from larger address space to self-organizing addressing to required support of multicast, but these improvements are a double-edged sword. With NAT going away, DHCP no longer being required, modern operating systems and networks supporting and preferring IPv6 over IPv4, ICMP being required for network operation, iptables not applying to IPv6, and multiple IP addresses being associated with individual interfaces, IPv666 conjures the perfect storm of fail open defaults. Why, then, haven't more boxes been popped via IPv6? It turns out finding live hosts over IPv6 is a non-trivial problem (2^128 is a little bit bigger than 2^32)! In this talk we will cover how we've approached solving the IPv6 address discovery problem. We'll cover the various mistakes we made, the predictive clustering model and neighboring address discovery that we've built into our ipv666 toolkit (with a new and improved discovery rate of 343 addresses per second), and the new web portal we've created that provides access to our aggregated IPv6 address data set. In providing this data and tool set we hope to enable researchers to evaluate the security posture of IPv6 hosts. Chris Grayson (OSCE) is a security engineer at Bird Ride. In this roles he designs and implements distributed systems and addresses security issues at scale. Prior to joining Bird Rides Chris was a security engineer at Snap, Inc., a founder at Web Sight, a senior penetration tester at Bishop Fox, and a research scientist at the Georgia Institute of Technology. During his tenure at these organizations Chris grew into both a breaker and a builder, becoming adept at compromising all manners of systems as well as designing and implementing mechanisms to protect them. Chris has spoken at numerous security conferences such as DEF CON, ToorCon, ShmooCon, and HushCon, and attended the Georgia Institute of Technology where he received two degrees and organized and lead the Grey H@t student hacking organization. Marc is a security engineer by day, and SDR hacker by night, having disclosed wireless vulnerabilities to 21 vendors in the last two years. A glutton for challenging side projects, he competed solo in two DARPA challenges, although he never went to college. In 2013-14, Marc got into SDR by competing in the DARPA Spectrum Challenge, placing second in the preliminary tournament. In 2011, he wrote software to reassemble shredded documents, finishing the DARPA Shredder Challenge in third place out of 9000 teams.