• ClementLecigne

Clement Lecigne

About me

I'm a 20 years old french student in Network and Telecommunication interested by FreeBSD, security and open source in general. I use BSD systems for both server and workstation for about two years. For more information about me or this project, feel free to contact me at <clem1 AT FreeBSD DOT org>.

About the project

During this summer, I'll will work around IPv6 and its security. My submitted proposal can be reached here ¹. My mentor is GeorgeNevilleNeil.

Briefly, this project would be split in two parts:

• build a powerful ipv6 compliant library.
• ipv6 stack vulnerabilities reviewing, code auditing, ipv6 stacks testing...

IPv6 library

Libnet is a powerful C library for packet manipulation, it makes developper life easier, it's well documented with great example programs but it suffers of a poor ipv6 support.

The idea is to improve this support in adding more ipv6 APIs like extension headers manipulation, neighbor discovery... to be able to do the second part.

In parallel, I will also improve a python library for packet manipulation wrote by my mentor and begin some code auditing around the FreeBSD Kame ipv6 stack. This python library will be useful to do quick test.

Testing, debuging, exploiting, patching

In this very interesting part, I will:

• review last years worth ipv6 stack vulnerabilities.
• review last years ipv4 vulnerabilities in order to see if they were not present in ipv6 stacks.
  • Do you remember the windows ipv6 land attack ?
• port thc-ipv6-attacking-tools to libnet.
• create new ipv6-stressing-tools including icmpv6, ipv6 eh, dhcpv6 protcol fuzzers in order to find new ipv6 stack vulnerabilities/bugs.
• code a local ipv6 related syscall / libc-call fuzzer to find new local bugs or vulnerabilities.
• explore ipv6-stack changelogs to see if vulnerabilities were not "silently" patched.
• code an ipv6 stack fingerprinter.

At the end of this part, a report will be released.

What was made?

• libnet ipv6 support.
  • ipv6 extension header support
  • full icmp6 support
  • ipcomp support
  • new libnet ipv6 internal functions
  • new ipv6 related samples
• pcs (packet construction set) improvements.
  • new connectors (bpf wrapper)
  • ipv6 support with extension header
  • icmp6 support
  • new samples
• fuzzers and other tools.
  • isicng, a remote ipv6 stack and its components (e.g. tcp) fuzzer
  • futo, an easily configurable command line parameters fuzzer
  • pyfuzz6, a python ipv6 upper protocol fuzzer (e.g. dhcpv6, dnssec)
  • lf6, a set of intelligent fuzzing tools that stresses ipv6 stack localy
  • various attacking and integrity checker tools
• code auditing.
  • FreeBSD IPv6 userland related tools (e.g. ping6, traceroute6, rtadvd)
  • FreeBSD/KAME IPv6 stack

Statistics

• new vulnerabilities found : eleven (from remote kernel panic to local memory disclosure)
• vulnerabilities reviewed : most of the disclosed ones.

Results

Summer of Code will be officially over in few days, we, my mentor and me, are currently improving a paper describing all the work I have done. It will give information about IPv6 attacks, IPv6 stack vulnerabilities (reviewed and found), IPv6 firewall holes and others. We plan to release it with all the tools written when all issues will be fixed.

CategoryHomepage