IPv6 Data Sheet
Test Suite:
IPv6
Direction:
Server

Internet Protocol version 6 is the successor protocol for IP version 4. IPv6 Test Suite can be used for evaluating IPv6 implementations for security flaws and robustness problems.

Used specifications

Specification
Title
RFC768

User Datagram Protocol

RFC793

Transmission Control Protocol

RFC894

A Standard for the Transmission of IP Datagrams over Ethernet Networks

RFC1035

Domain Implementation and Specification

RFC1887

An Architecture for IPv6 Unicast Address Allocation

RFC2104

HMAC: Keyed-Hashing for Message Authentication

RFC2375

IPv6 Multicast Address Assignments

RFC2393

IP Payload Compression Protocol (IPComp)

RFC2403

The Use of HMAC-MD5-96 within ESP and AH

RFC2404

The Use of HMAC-SHA1-96 within ESP and AH

RFC2405

The ESP DES-CBC Cipher Algorithm With Explicit IV

RFC2407

The Internet IP Security Domain of Interpretation for ISAKMP

RFC2408

Internet Security Association and Key Management Protocol (ISAKMP)

RFC2409

The Internet Key Exchange (IKE)

RFC2410

The NULL Encryption Algorithm and Its Use With IPsec

RFC2451

The ESP CBC-Mode Cipher Algorithms

RFC2460

Internet Protocol, Version 6 (IPv6) Specification

RFC2462

IPv6 Stateless Address Autoconfiguration

RFC2464

Transmission of IPv6 Packets over Ethernet Networks

RFC2471

IPv6 Testing Address Allocation

RFC2473

Generic Packet Tunneling in IPv6 Specification

RFC2474

Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers

RFC2526

Reserved IPv6 Subnet Anycast Addresses

RFC2675

IPv6 Jumbogram

RFC2711

IPv6 Router Alert Option

RFC2928

Initial IPv6 Sub-TLA ID Assignments

RFC3041

Privacy Extensions for Stateless Address Autoconfiguration in IPv6

RFC3168

The Addition of Explicit Congestion Notification (ECN) to IP

RFC3178

IPv6 Multihoming Support at Site Exit Routers

RFC3306

Unicast-Prefix-based IPv6 Multicast Addresses

RFC3484

Default Address Selection for Internet Protocol version 6 (IPv6)

RFC3531

A Flexible Method for Managing the Assignment of Bits of an IPv6 Address Block

RFC3587

IPv6 Global Unicast Address Format

RFC3602

The AES-CBC Cipher Algorithm and Its Use with IPsec

RFC3697

IPv6 Flow Label Specification

RFC3769

Requirements for IPv6 prefix delegation

RFC3828

The Lightweight User Datagram Protocol (UDP-Lite)

RFC3879

Deprecating Site Local Addresses

RFC3948

UDP Encapsulation of IPsec Packets

RFC3956

Embedding the Rendezvous Point (RP) Address in an IPv6 Multicast Address

RFC4007

IPv6 Scoped Address Architecture

RFC4106

The use of Galois/Counter Mode (GCM) in IPsec Encapsulating Security Payload (ESP)

RFC4193

Unique Local IPv6 Unicast Addresses

RFC4213

Basic Transition Mechanisms for IPv6 Hosts and Routers

RFC4294

IPv6 Node Requirements

RFC4291

IPv6 Addressing Architecture

RFC4301

Security Architecture for the Internet Protocol

RFC4302

IP Authentication Header

RFC4303

IP Encapsulating Security Payload

RFC4306

Internet Key Exchange (IKEv2) Protocol

RFC4308

Cryptographic Suites for IPsec

RFC4309

Using Advanced Encryption Standard (AES) CCM Mode with IPsec Encapsulating Security Payload (ESP)

RFC4311

IPv6 Host-to-Router Load Sharing

RFC4380

Teredo: Tunneling IPv6 over UDP through Network Address Translations (NATs)

RFC4443

Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification

RFC4489

A Method for Generating Link Scoped IPv6 Multicast Addresses

RFC4727

Experimental Values in IPv4, IPv6, ICMPv6, UDP and TCP Headers

RFC4782

Quick-Start for TCP and IP

RFC4835

Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH)

RFC4861

Neighbor Discovery for IP Version 6 (IPv6)

RFC5570

Common Architecture Label IPv6 Security Option (CALIPSO)

RFC5991

TEREDO Security Updates

RFC6081

TEREDO Extensions

RFC6553

The Routing Protocol for Low-Power and Lossy Networks (RPL) Option for Carrying RPL Information in Data-Plane Datagrams

RFC6621

Simplified Multicast Forwarding

RFC6744

IPv6 Nonce Destination Option for the Identifier-Locator Network Protocol for IPv6 (ILNPv6)

RFC6788

The Line-Identification Option

RFC6971

Depth-First Forwarding (DFF) in Unreliable Networks

RFC7045

Transmission and Processing of IPv6 Extension Headers

draft-ietf-roll-trickle-mcast

Multicast Protocol for Low power and Lossy Networks (MPL) draft-ietf-roll-trickle-mcast-09

Tool-specific information

Tested message elements
Specifications
Notes
IPv6 header
RFC2460
Hop-by-hop Options header
RFC2460
Routing header
RFC2460
Type 0, Type 2. Nimrod and Experimental types 1 and 2 tested as unexpected options
Fragment header
RFC2460
Authentication header
RFC4302
Tunnel header
RFC2473
Encapsulated Security Payload
RFC4303
UDP encapsulation of IPsec packets
RFC3948

Tested options
Specifications
Notes
Pad1
RFC2460
PadN
RFC2460
Tunnel Encapsulation Limit
RFC2473
Jumbogram
RFC2675
Router Alert
RFC2711
Binding Refresh Advice
RFC3775
Mobility option
Alternate Care-of Address
RFC3775
Mobility option
Nonce Indices
RFC3775
Mobility option
Binding Authorization Data
RFC3775
Mobility option
Home Address
RFC3775
Mobile Node Identifier
RFC4283
Mobility Message Authentication
RFC4285
Replay Protection
RFC4285
Quick Start Approval
RFC4782
Quick Start Request
RFC4782
Experimental options
RFC4727
Tested as unexpected option
CALIPSO
RFC5570
RPL
RFC6553
SMF_DPD
RFC6621
ILNP Nonce
RFC6744
Line-Identification
RFC6788
IP_DFF
RFC6971
Endpoint Identification

Other features

IPv6 tested with and without AH, ESP and AH+ESP both in transport and tunnel modes

Supported AH authentication algorithms and ESP integrity algorithms: NULL, HMAC_SHA1-96, HMAC_MD5-96, HMAC_SHA2-256, HMAC_SHA2-384, HMAC_SHA2-512

Supported ESP crypto algorithms: ESP-NULL, ESP-DES-CBC, ESP-DES3-CBC, ESP-AES-CBC128, ESP-AES-CBC192, ESP-AES-CBC256, AES-GCM-16-128, AES-GCM-16-192, AES-GCM-16-256

Configurable destination Ethernet MAC address solicitation mode: Neighbor solicitation for nodes in same subnet, Router solicitation and User-specified target MAC address.

IPsec SA can be negotiated with ISAKMP Server Test Suite 3.2.0 or later and IKEv2 Server Test Suite 3.1.1 or later.

Configurable IP payload: ICMPv6, UDP and UDPlite. Both default payloads for the protocols and user-specified payload are available.

Supported SafeGuard Checks

Authentication Bypass

Insufficient Randomness

Weak Cryptography

Test tool general features
  • Fully automated black-box negative testing
  • Ready-made test cases
  • Written in Java(tm)
  • GUI command line remote interface modes
  • Instrumentation (health-check) capability
  • Support and maintenance
  • Comprehensive user documentation
  • Results reporting and analysis