We propose a novel IPv6 network periphery discovery approach. Specifically, XMap, a fast network scanner, is developed to find the periphery, such as a home router. We evaluate it on twelve prominent Internet service providers and harvest 52M active peripheries. Grounded on these found devices, we explore IPv6 network risks of the unintended exposed security services and the flawed traffic routing strategies. First, we demonstrate the unintended exposed security services in IPv6 networks, such as DNS, and HTTP, have become emerging security risks by analyzing 4.7M peripheries. Second, by inspecting the periphery’s packet routing strategies, we present the flawed implementations of IPv6 routing protocol affecting 5.8M router devices. Attackers can exploit this common vulnerability to conduct effective routing loop attacks, inducing DoS to the ISP’s and home routers with an amplification factor of >200. We responsibly disclose those issues to all involved vendors and ASes and discuss mitigation solutions. Our research results indicate that the security community should revisit IPv6 network strategies immediately.
Apr 17, 2021 11:40 AM — 12:10 PM
THU and SEU Academic Communication Conference on Cyberspace Security
Jiulonghu Hotel, Nanjing, China
No.77, Suyuan Avenue, Jiangning, Nanjing, 211102
As one of the delegates from Tsinghua University, I presented our latest research on the IPv6 network security at the THU and SEU academic communication meeting.
Teachers, students, and researchers from the Institute of Network Science and Cyberspace (Tsinghua University), QI-ANXIN Technology Research Institute, and School of Cyber Science and Engineering (Southeast University) attended this meeting and shared their research ideas.
Ph.D. Candidate in Cyberspace Security (Tsinghua University)
Xiang Li is a 4th-year Ph.D. candidate at the Institute of Network Science and Cyberspace, Tsinghua University, advised by Professors Qi Li and Haixin Duan. He belongs to the Network and Information Security Lab (NISL). He was a visiting scholar at UC Irvine as a project specialist, working with Professor Zhou Li. He is also working as a security research intern at Qi-An-Xin Technology Company. Additionally, he is the author of the fast IPv6 network device scanner XMap, open-sourced on GitHub. His research interests include network security, protocol security, IPv6 security, DNS security, Internet measurement, network & protocol fuzzing, network vulnerability discovery & attack, and underground economy. As the first author, he has published many research papers at top security conferences like USENIX Security, CCS, NDSS, and DSN. As the co-author, he also published multiple papers in top conferences like USENIX Security , CCS, and SIGMETRICS. He also gets his presentations accepted by top industry security conferences like Black Hat. He likes to attend talks and workshops like IDS, OARC, and VehicleSec to share his research. He has obtained over 140 CVE/CNVD vulnerability numbers for a variety of influential IPv6 and DNS vulnerabilities, which have impacted over 20 home router vendors and all DNS implementations and resolver vendors. He received acknowledgements and more than $11,600 rewards from those vendors, like Google, Microsoft, Cloudflare, and Akamai, and is working for the improvement of DNS protocols (related work has been referenced in RFC).