Vincent van der Eijk && Erik Lamers Comparing IPv4 port - - PowerPoint PPT Presentation

vincent van der eijk erik lamers comparing ipv4 port
SMART_READER_LITE
LIVE PREVIEW

Vincent van der Eijk && Erik Lamers Comparing IPv4 port - - PowerPoint PPT Presentation

Jul 14, 2023 103 likes •279 views

A Comparative Security Evaluation for IPv4 and IPv6 Addresses Vincent van der Eijk && Erik Lamers Comparing IPv4 port security to IPv6 port security Scanning the Internet for profit, ethically. 2 Why do we need to know this? IPv6

slide-1
SLIDE 1

A Comparative Security Evaluation for IPv4 and IPv6 Addresses Vincent van der Eijk && Erik Lamers

slide-2
SLIDE 2

Comparing IPv4 port security to IPv6 port security

Scanning the Internet for profit, ethically.

2

slide-3
SLIDE 3

Why do we need to know this?

IPv6 adoption is growing:

  • More exposed hosts?
  • More exposed ports every day?

Until recently scanning the IPv6 address space was considered unfeasible.

3

slide-4
SLIDE 4

Research Question

Has the state of IPv6 port based security compared to IPv4 port based security shifted over the last four years?

4

slide-5
SLIDE 5

Is IPv6 port security that different?

Previous work has shown that misconfigurations when enabling IPv6 are common. This can leave (IPv6) ports exposed to the Internet.

5

slide-6
SLIDE 6

Related work (1) Czyz et al. (2016), have shown that IPv6 port security is leaking compared to IPv4. Borgolte et al. (2018), have shown that enumerating IPv6 addresses using DNSSEC is possible, and found similar security issues.

6

slide-7
SLIDE 7

Related work (2) Durumeric et al. (2013), developed ZMap a Internet wide scanning tool.

7

slide-8
SLIDE 8

Ports to probe

  • In total: 19 TCP and 4 UDP ports

Some examples:

  • Basic protocols: FTP, HTTP, SSH
  • DB protocols: MongoDB, MSSQL, MySQL
  • Outdated protocols: SNMPv1, Telnet

8

slide-9
SLIDE 9

Host definition

  • Only dual-stack hosts
  • A host must be reachable via ICMP echo

request either on IPv4 or IPv6

9

slide-10
SLIDE 10

Methodology

  • 1. Datasets (Rapid7, Alexa, IPv6 hitlist)
  • 2. ICMP scan
  • 3. Scan reachable hosts for responding services
  • 4. Banner grab responsive TCP protocols

10

slide-11
SLIDE 11

Lab setup

  • Two servers running Ubuntu 18.04;

○ 8 vCPUs, 16 GB Mem

  • 1 GB uplink / Server NIC 200K pps cap.
  • ZMap and ZGrab(2) scanning tools

11

slide-12
SLIDE 12

Then we scanned the Internet

… or at least a part of it.

12

slide-13
SLIDE 13

Results (1)

Top (blue): IPv4 Bottom (orange): IPv6

slide-14
SLIDE 14

Results (2)

Banner-grab Average response: 85%

14

slide-15
SLIDE 15

Conclusions

According to our findings a higher percentage of IPv4 ports are exposed to the Internet than IPv6 ports are. Has the trend really shifted in the past four years towards IPv6 security?

15

slide-16
SLIDE 16

Key findings

  • IPv4 is still the dominant protocol
  • 4 times more open ports over IPv4 than IPv6
  • Is there a shift in port security?

16