Abstract
Numerous measurement researches have been performed to discover the IPv4 network security issues by leveraging the fast Internet-wide scanning techniques. However, IPv6 brings the 128-bits address space and renders brute-force network scanning impractical. Although significant efforts have been dedicated to enumerating active IPv6 hosts, limited by technique efficiency and probing accuracy, large-scale empirical measurement studies under the increasing IPv6 networks are infeasible now.
To fill this research gap, by leveraging the extensively adopted IPv6 address allocation strategy, we propose a novel IPv6 network periphery discovery approach. Specifically, XMap, a fast network scanner, is developed to find the periphery, such as a home router. We evaluate it on twelve prominent Internet service providers and harvest 52M active peripheries. Grounded on these found devices, we explore IPv6 network risks of the unintended exposed security services and the flawed traffic routing strategies. First, we demonstrate the unintended exposed security services in IPv6 networks, such as DNS, and HTTP, have become emerging security risks by analyzing 4.7M peripheries. Second, by inspecting the periphery’s packet routing strategies, we present the flawed implementations of IPv6 routing protocol affecting 5.8M router devices. Attackers can exploit this common vulnerability to conduct effective routing loop attacks, inducing DoS to the ISP’s and home routers with an amplification factor of >200. We responsibly disclose those issues to all involved vendors and ASes and discuss mitigation solutions. Our research results indicate that the security community should revisit IPv6 network strategies immediately.
* Presented in 2021 West Lake Cybersecurity Conference: Cyberspace Security Tools Presentation.
* Presented in Pentester Academy TV.
* Referenced by 10+ top-tier security conference papers.
* Supporting one patent CN202110502369.2
Overview
We introduce a novel IPv6 network scanning technique and develop a fast network scanner XMap to evaluate it, harvesting 52M devices. We leverage XMap to measure the unintended exposed IPv6 services and uncover a common IPv6 routing loop vulnerability and receive >131 CNVD/CVE.
CNVD/CNNVD/CVE (109/5/22)
CNVD-2021-03270(Medium) CNVD-2021-03271(Medium) CNVD-2021-03291(Medium) CNVD-2021-03312(Medium)
CNVD-2021-03318(High) CNVD-2021-03320(High) CNVD-2021-03326(Medium) CNVD-2021-03327(Medium)
CNVD-2021-03328(Medium) CNVD-2021-03331(Medium) CNVD-2021-03375(Medium) CNVD-2021-03376(Medium)
CNVD-2021-03380(Medium) CNVD-2021-03399(Medium) CNVD-2021-03423(Medium) CNVD-2021-03424(Medium)
CNVD-2021-03425(Medium) CNVD-2021-03473(Medium) CNVD-2021-03495(Medium) CNVD-2021-03503(Medium)
CNVD-2021-03505(Medium) CNVD-2021-03507(Medium) CNVD-2021-03508(Medium) CNVD-2021-03511(Medium)
CNVD-2021-04817(Medium) CNVD-2021-04818(Medium) CNVD-2021-04829(Medium) CNVD-2021-04830(Medium)
CNVD-2021-05370(Medium) CNVD-2021-05371(Medium) CNVD-2021-05372(Medium) CNVD-2021-05373(Medium)
CNVD-2021-05374(Medium) CNVD-2021-05375(Medium) CNVD-2021-05380(Medium) CNVD-2021-05435(Medium)
CNVD-2021-05470(Medium) CNVD-2021-05472(Medium) CNVD-2021-05492(Medium) CNVD-2021-05493(High)
CNVD-2021-06623(High) CNVD-2021-06624(High) CNVD-2021-06625(High) CNVD-2021-06626(High)
CNVD-2021-06627(High) CNVD-2021-06628(High) CNVD-2021-06629(High) CNVD-2021-08384(Medium)
CNVD-2021-08385(Medium) CNVD-2021-08386(Medium) CNVD-2021-08387(Medium) CNVD-2021-08388(Medium)
CNVD-2021-08389(Medium) CNVD-2021-08390(Medium) CNVD-2021-08391(Medium) CNVD-2021-08394(Medium)
CNVD-2021-08395(Medium) CNVD-2021-10397(High) CNVD-2021-10398(High) CNVD-2021-10399(High)
CNVD-2021-10400(High) CNVD-2021-10401(High) CNVD-2021-10402(Low) CNVD-2021-10403(High)
CNVD-2021-10404(Medium) CNVD-2021-10405(Medium) CNVD-2021-10406(Medium) CNVD-2021-10407(High)
CNVD-2021-10408(High) CNVD-2021-10409(High) CNVD-2021-10410(High) CNVD-2021-10411(High)
CNVD-2021-10412(High) CNVD-2021-10413(High) CNVD-2021-10414(High) CNVD-2021-10415(High)
CNVD-2021-10416(High) CNVD-2021-10417(High) CNVD-2021-10418(High) CNVD-2021-10419(High)
CNVD-2021-10420(High) CNVD-2021-10421(High) CNVD-2021-10422(High) CNVD-2021-10423(High)
CNVD-2021-10424(High) CNVD-2021-10425(High) CNVD-2021-12861(High) CNVD-2021-12883(High)
CNVD-2021-12886(High) CNVD-2021-12887(High) CNVD-2021-12890(High) CNVD-2021-13250(High)
CNVD-2021-13251(High) CNVD-2021-13252(High) CNVD-2021-13253(High) CNVD-2021-13254(High)
CNVD-2021-13255(High) CNVD-2021-13256(High) CNVD-2021-13257(High) CNVD-2021-13259(High)
CNVD-2021-13260(High) CNVD-2021-13261(High) CNVD-2021-13469(High) CNVD-2021-16327(Medium)
CNVD-2021-16400(High) CNVD-2021-29189(High) CNVD-2021-29190(High) CNVD-2021-29191(High)
CNVD-2021-29195(Medium)
CNNVD-202102-570(Medium) CNNVD-202103-1624(High) CNNVD-202104-652(High)
CNNVD-202104-659(High) CNNVD-202104-697(High)
CVE-2021-3107 CVE-2021-3108 CVE-2021-3112
CVE-2021-3125(High) CVE-2021-3128(High) CVE-2021-3173 CVE-2021-3379
CVE-2021-21727(High) CVE-2021-22161(Medium) CVE-2021-22162 CVE-2021-22163
CVE-2021-22164 CVE-2021-22165 CVE-2021-23238 CVE-2021-23268
CVE-2021-23269 CVE-2021-23270(High) CVE-2021-23831 CVE-2021-23832
CVE-2021-23833 CVE-2021-23834 CVE-2021-23898
Presentation & Impact
-
Presented in 2021 West Lake Cybersecurity Conference: Cyberspace Security Tools Presentation
-
Presented in Pentester Academy TV
-
Referenced by 10+ top-tier security conference papers
-
Supporting one patent CN202110502369.2
Xiang Li
Associate Professor
Xiang Li is an Associate Professor at the College of Cryptology and Cyber Science, Nankai University. He is the advisor of Nankai University’s CTF teams and Information Security Association, an ACM member, CCF member, and CIC member. He serves as PC for venues like CCS, IMC, RAID, ACSAC, AsiaCCS, and etc. His research interests include network security, protocol security, IPv6 security, DNS security, Internet measurement, network & protocol fuzzing, network vulnerability discovery & attack, web security, and underground economy with over 25 research papers. As the first author, he has published many research papers at all top-tier security conferences, including Oakland S&P, USENIX Security, CCS, NDSS, and Black Hat (Asia, USA, and Europe). He applied for 12 patents (2 authorized and 5 in checking as the first author). He has obtained over 250 CVE/CNVD/CNNVD vulnerability numbers, more than $11,600 rewards, 460+ GitHub stars, multiple CERT reports, 100+ news coverage, and RFC acknowledgement. He got multiple prizes, such as 2024 ACM SIGSAC China Excellent Doctoral Dissertation Award, 2024 Pwnie Award Nominations (Hacker Oscar), 1st prize of IPv6 Technology Application Innovation Competition, 1st place of GeekCon 2025 DAF Contest, 2nd place of GeekCon 2023 DAF Contest, National Scholarship, Wang Dazhong Scholarship, Tsinghua Outstanding Scholarship, Outstanding Graduate, and Extraordinary Hacker of GeekCon International 2024.