Bypassing ACL using extension headers

IPv6, Security, Videos @Brno LinuxAlt 2013 (Czech)

The video demonstrates how to bypass an access control list on HP A5800 switch using IPv6 and extension headers. The attacker uses kernel modul which adds empty destination-options headers to the whole TCP session, thus is able to connect to any service on the server.

The video is temporarily removed on request from the HP Security team.

About the main author

Matej Gregr

http://www.fit.vutbr.cz/~igregr/ igregr@fit.vutbr.cz

PhD student at Brno University of Technology. He teaches network related courses and his research concerns IPv6 security, monitoring and deployment. He works also as a network administrator at Brno campus network and participates in the European project - GÉAN3 Campus Best Practice.

Matej GregrBypassing ACL using extension headers