I am planning IPv6 as the Subject for June 2013 Hackfest. THIS IS A HUGE SUBJECT; so important and far reaching, the IPV6 RFC is included on the current version of the Hackfest Graphic (used on our promotional shirts <a href="http://www.ietf.org/rfc/rfc2461.txt">http://www.ietf.org/rfc/rfc2461.txt</a>).<div>
<br></div><div>I will give a short presentation with a high level overview of the current and potential available for IPV6 hacking of misconfigured systems. Since this is such a HUGE SUBJECT, I will devise some easier flags all documented online. I would hope that anyone who can, might be prepared and attend to support; although this is not going to require much in the way of actual preparation, instead discussion (as IPv6 can be hard to grasp) - so David will certainly apply his Academic skills as usual. Anyone else feel free to chime in.<br>
<div><br></div><div>Here's a rough idea of the full content available to cover IPv6 SEC(includes MAC OS, Windows [Teredo tunneling [available since early 1990's]), As of 2009/2010, IPv6 Protected Mode was patched in [due to extensive security underground engineering proving RFC as written was unacceptable. Many firewalls still don't have IPv6 protected mode turned on either by default or post installation for IPV6.. The protocol/RFC & hardware device ramifications of IPv6 protected mode are huge; the full list of potential security issues with IPv6 are also daunting:: (but I will compress it into a good simple 45 - 1 hour presentation.</div>
<div><br></div><div>DNS & IPv6 Interrelationships: <a href="http://www.youtube.com/watch?v=8Zj9ypEVL20">http://www.youtube.com/watch?v=8Zj9ypEVL20</a> </div><div><br></div><div><a href="http://www.thc.org/thc-ipv6/">http://www.thc.org/thc-ipv6/</a></div>
<div><br></div><div><a href="http://www.uninformed.org/?a=3">http://www.uninformed.org/?a=3</a></div><div><br></div><div><a href="http://resources.infosecinstitute.com/slaac-attack/">http://resources.infosecinstitute.com/slaac-attack/</a></div>
<div><br></div><div><a href="http://www.infosecisland.com/blogview/12798-MITM-Attack-Exploits-Windows-IPv6-Protocols.html">http://www.infosecisland.com/blogview/12798-MITM-Attack-Exploits-Windows-IPv6-Protocols.html</a></div>
<div><br></div><div><a href="http://www.linux-magazine.com/Online/Features/IPv6-Penetration-Testing">http://www.linux-magazine.com/Online/Features/IPv6-Penetration-Testing</a></div><div><br></div><div><a href="https://blogs.akamai.com/index10.html">https://blogs.akamai.com/index10.html</a></div>
<div><br></div><div><a href="http://www.akamai.com/stateoftheinternet/">http://www.akamai.com/stateoftheinternet/</a></div><div><br></div><div><br></div><div>Of course this just going to barely scrape the surface. There's compound exploits across IPv6 for things like SQL Injection, even using torrent. </div>
<div><br clear="all"><div>I will be using some of the demonstrations shown in these videos for the "Flag" or practical (exploit) part of this deep dive security analysis of IPv6. I will have the whole process documented via an online web resource, so we don't futz around at the time of the hackfest, we just announce the URL with the directions.</div>
<div><br></div><div>I will be giving out a DefCon 20 Badge as 1 Flag (others are 2B Announced - since we only have like 3 tee shirts left 2XL and DefCon is our next Teeshirt release (if I can't get the funding together).</div>
<div><br></div><div>Not that anyone cares about the prizes. Laugh! It's the hackfesting fun!</div><div><br></div>--</div><div> <br><div><br></div>(503) 754-4452 Android<br>(623) 239-3392 Skype<br>(623) 688-3392 Google Voice<br>
**<br><a href="http://it-clowns.com/c/index.php" target="_blank">it-clowns.com</a><br>Chief Clown<br><br><br><br><br><br><br><br><br><br><br><br><br><br>
</div></div>