Aruba AOS-CX 10.5 IPv6 RA Guard – Discussion, Config and Testing

Techniques to circumvent IPv6 RA Guard are well known and now AOS-CX, as of 10.5, offers this feature, I thought I would try my hand at exploiting those attack vectors.
In this video:
👉 I give a general overview of Router Advertisements, RA Guard and discuss those vectors.
👉 Run through the AOS-CX configuration.
👉 Craft some roguish packets with Chiron & view them with Wireshark.
👉 Put AOS-CX under test.

Timestamps:
00:00 Intro
04:30 RA Guard test network
07:30 RA Guard attack vectors
11:55 Testing RA Guard with Chiron
13:55 Updated test details
14:40 AOS-CX RA Guard configuration
20:05 Wireshark, Chiron & crafting packets
28:54 RA Guard Test
31:30 Wrap-up

Chiron:
https://github.com/aatlasis/Chiron

RFC quoted:
https://tools.ietf.org/html/rfc7113

RA Guard testing:

Testing RFC 6980 Implementations with Chiron

https://static.ernw.de/whitepaper/ERNW_Whitepaper62_RA_Guard_Evasion_Revisited_v1.0.signed.pdf

Recent document discussing Extension Headers (July 2020):
https://tools.ietf.org/html/draft-gont-v6ops-ipv6-ehs-packet-drops-04

twitter:
https://twitter.com/joeneville_

Views : 892
ipv6

Source by Airheads Broadcasting