IPv6 Network Security With Scapy


Guillaume Valadon


Depending on who you ask and how you look at it, IPv6 can be considered either a minor or a major evolution from IPv4, especially on the security front. What is clear is the IPv6 introduction and deployment, and the mix of IPv4 and IPv6 creates security vulnerabilities and windows of opportunities for attackers.

Course Description

Continuously updated since 2009, this training mixes theory and practice in order to achieve an immediate application of the material. The different topics developed during the training are the result of discussions with students from companies, governmental entities and universities. They reflect typical IPv6 practical issues.

Starting from the basics, we will learn IPv6 security together, and practical attacks with Scapy; a powerful packet manipulation library that Guillaume developed IPv6 support, and is one of the official maintainers.

This training aims at providing a full understanding of IPv6 attacks and defense mechanisms. No previous IPv6 knowledge is required, as the instructor will go through the protocol in detail.

Many practical lab sessions allow you to manipulate all the concepts presented during the training. You will learn to master Scapy and build your own IPv6 attacks against real targets.

All labs are performed on virtual architectures. Everyone can experiment at their own pace, and test attacks without impacting the other participants. These architectures are ideally suited to remote teaching. The console used by students is also accessible by the instructor who can comment and take over the keyboard to provide instant advice.

At the end of the training, you will fully understand IPv6, and realize that it is not "just as small change in the network", as it impacts a lot of systems and applications.

Course Topics

  • Introduction to IPv6 and Scapy
  • Overview of IPv6 tools
  • IPv4 issues
  • IPv6 differences
  • IPv6 addresses
  • The IPv6 protocol
  • The ICMPv6 protocol
  • The Neighbor Discovery Protocol
  • DNS and IPv6
  • The MLD Protocol
  • IPv6 Network Enumeration
  • Link local attacks
  • Triggering an IPv6 CVE with Scapy
  • Fuzzing IPv6 Implementations with AFL
  • Protecting IPv6 networks
  • Transition mechanisms
  • Hardening Recommendations


The lab exercises are based on a virtual machine hosted in the cloud. You have to bring your own laptop, preferably running Linux (native or virtualized), and have a working SSH client ready. Make sure the operating system is working properly especially the network component if you run it inside a VM.

You don't have to pre-install any tools.

You should understand basic TCP/IP routing and basic Linux network commands. No prior knowledge of IPv6 nor Scapy is required.