Speech of the DSN '21 paper: Fast IPv6 Network Periphery Discovery and Security Implications

Name: Speech of the DSN '21 paper: Fast IPv6 Network Periphery Discovery and Security Implications
Start: 2021-04-17T11:40:00Z
End: 2021-04-17T12:10:00Z
Location: Jiulonghu Hotel, Nanjing, China

Xiang Li

Speech

Abstract

We propose a novel IPv6 network periphery discovery approach. Specifically, XMap, a fast network scanner, is developed to find the periphery, such as a home router. We evaluate it on twelve prominent Internet service providers and harvest 52M active peripheries. Grounded on these found devices, we explore IPv6 network risks of the unintended exposed security services and the flawed traffic routing strategies. First, we demonstrate the unintended exposed security services in IPv6 networks, such as DNS, and HTTP, have become emerging security risks by analyzing 4.7M peripheries. Second, by inspecting the periphery’s packet routing strategies, we present the flawed implementations of IPv6 routing protocol affecting 5.8M router devices. Attackers can exploit this common vulnerability to conduct effective routing loop attacks, inducing DoS to the ISP’s and home routers with an amplification factor of >200. We responsibly disclose those issues to all involved vendors and ASes and discuss mitigation solutions. Our research results indicate that the security community should revisit IPv6 network strategies immediately.

Date

Apr 17, 2021 11:40 AM — 12:10 PM

Event

THU and SEU Academic Communication Conference on Cyberspace Security

Location

Jiulonghu Hotel, Nanjing, China

No.77, Suyuan Avenue, Jiangning, Nanjing, 211102

As one of the delegates from Tsinghua University, I presented our latest research on the IPv6 network security at the THU and SEU academic communication meeting.

Teachers, students, and researchers from the Institute of Network Science and Cyberspace (Tsinghua University), QI-ANXIN Technology Research Institute, and School of Cyber Science and Engineering (Southeast University) attended this meeting and shared their research ideas.

Academic Communication Speech

Xiang Li

Ph.D. Candidate in Cyberspace Security (Tsinghua University)

Xiang Li is a 5th-year Ph.D. candidate at the Institute of Network Science and Cyberspace, Tsinghua University, advised by Professors Qi Li and Haixin Duan. His research interests include network security, protocol security, IPv6 security, DNS security, Internet measurement, network & protocol fuzzing, network vulnerability discovery & attack, and underground economy with 17 research papers. As the first author, he has published many research papers at all top-tier security conferences, including Oakland S&P, USENIX Security, CCS, NDSS, and Black Hat (Asia, USA, and Europe). He has obtained over 190 CVE/CNVD vulnerability numbers, more than $11,600 rewards, 306+ GitHub stars, multiple CERT reports, 60+ news coverage, and RFC acknowledgement. He got multiple prizes, such as 1st prize of IPv6 Technology Application Innovation Competition, 2nd prize of GeekCon 2023 DAF Contest, National Scholarship, Wang Dazhong Scholarship, and Tsinghua Outstanding Scholarship.