SecTOR 2008 Conference Materials

[msf at gomor.org (GomoR)]

On Wed, Oct 08, 2008 at 10:15:51PM -0500, H D Moore wrote:
> Now online, covers upcoming features in 3.2:
>   http://metasploit.com/research/conferences/
>
> Thanks to Egypt for co-presenting :-)
>
> -HD


Hi HD,

I have some comments (or add-ons) concerning your IPv6 related 
papers (conference materiels, and uninformed journal article).
In fact, this is basically to promote some of my tools :)

You did not spoke about OS fingerprinting over IPv6 at all. While 
the utility of TCP/IP stack fingerprinting may be debatable, I 
think that OS fingerprinting over IPv6 should be something to 
speak about, just because OSFP over IPv4 exists. So, SinFP[1] is an 
OSFP tool that can do OSFP over IPv6. See[2] for an example usage.

OSFP over IPv6 is possible because raw IPv6 frames may be sent 
using Net::Frame frame crafting framework. So far, it is possible 
to build basic IPv6[3] headers, and some of ICMPv6[4] protocols.
For example, this program[5] allows to lookup a MAC address using 
ICMPv6 ND protocol.

Finally, I also developed an IPv4 to IPv6 proxy in the small 
utility called SSL Capable NetCat[6]. See[7] for an example usage.

Thank you for your Metasploit and related work, and best regards,

[1] http://www.gomor.org/sinfp
[2] http://www.gomor.org/bin/view/Sinfp/DocOverview#Active_fingerprinting_IPv6
[3] http://search.cpan.org/~gomor/Net-Frame-Layer-IPv6/
[4] http://search.cpan.org/~gomor/Net-Frame-Layer-ICMPv6/
[5] http://search.cpan.org/src/GOMOR/Net-Frame-Layer-ICMPv6-1.01/examples/lookup-mac.pl
[6] http://www.gomor.org/bin/view/GomorOrg/SslNetcat
[7] http://www.gomor.org/bin/view/GomorOrg/SslNetcat#Accessing_IPv6_hosts_from_an_IPv

-- 
  ^  ___  ___             http://www.GomoR.org/          <-+
  | / __ |__/               Research Engineer              |
  | \__/ |  \     ---[ zsh$ alias psed='perl -pe ' ]---    |
  +-->  Net::Frame <=> http://search.cpan.org/~gomor/  <---+