FOSDEM KSP 2019

This year I attended the infamous PGP Keysigning Party at FOSDEM. One of the biggest in the world, the KSP is well known for often being outside where participants’ hands got numb verifying ID and marking little checkboxes.

I was pretty impressed by the setup of this party. Instead of submitting keys in usual ways, a custom keyserver had been setup for you to submit keys to. A worksheet was then made which was hashed with two different hash algorithms (RIPEMD160 and SHA256). Participants needed to print their own copy of the worksheet and write the checksums they got on the worksheets. The “official” checksums were provided at the beginning of the party for everyone to verify. This way at the party only 2 fingerprints needed to be verified instead of 100. And thankfully, this year it was indoors.

However, the FOSDEM KSP does not officially provide a keyring. Technically a keyring is provided, but it is not signed, does not guarantee it has all keys, and they call it “unofficial.” Since I – of course – intended to use PIUS to sign keys, I was going to need a keyring. As you may have seen in my twitter thread, I made a quick-n-dirty shell script to build my keyring:

#!/bin/bash

grep -A 1 pub ksp-fosdem2019.txt | grep -v pub | while read line; do
   [[ "$line" =~ -- ]] && continue
   if gpg --keyring ./fosdem-ksp-keyring.gpg --fingerprint "$line" &>/dev/null; then
     echo "Skipping $line, already have"
     continue
   fi
   echo "Grabbing: $line"
   for ks in pgp.mit.edu hkps://hkps.pool.sks-keyservers.net; do
     echo "  .. from $ks"
     pius-keyring-mgr raw -r ./fosdem-ksp-keyring.gpg -- \
         --keyserver $ks --recv-key "$line"
   done
   echo "Sleeping 1"
   sleep 1
 done

Except I didn’t end up with a keyring. That’s weird. Turns out there was a bug in pius-keyring-mgr raw if you use it to create a keyring (instead of modify one). So I wrote PR 118 to fix that. Trying again, this worked well, though unfortunately, pgp.mit.edu has been down for days, so there were a handful of keys I could not get. From there I was able to use pius-keyring-mgr to strip the keyring:

pius-keyring-mgr prune -r ./fosdem-ksp-keyring.gpg

Unfortunately, prune sorts the keyring, but the worksheet for FOSDEM is intentionally in the order people submitted their keys. So then I wrote PR 119 to add an option to not sort to prune. Now I tried again with:

pius-keyring-mgr prune --no-sort-keyring -r ./fosdem-ksp-keyring.gpg

That worked out much better. Now I could sign with (again specifying not to sort the keyring):

pius -A -r ./fosdem-ksp-keyring.gpg --no-sort-keyring

But of course, I can’t leave people running janky bash scripts, PIUS should handle this case natively, so PR 120 adds the ability to build a keyring from a flat file with pius-keyring-mgr build -r ./fosdem-ksp-keyring.gpg -f ksp-fosdem2019.txt. And then I released PIUS 2.2.7 with these new features/fixes.

So, if you were at FOSDEM and want a simple way to sign the keys, here’s all you need:

# Build the keyring
pius-keyring-mgr build -r ./fosdem-ksp-keyring.gpg -f ksp-fosdem2019.txt
# Prune the keyring
pius-keyring-mgr prune --no-sort-keyring -r ./fosdem-ksp-keyring.gpg
# Sign the keyring
pius -A -r ./fosdem-ksp-keyring.gpg --no-sort-keyring -m <your_email> -s <your_keyid>

PIUS 2.2.7 has a slew of other fixes in it as well, so make sure you upgrade before your next KSP!

Updating Crucial SSD Firmware From Linux

Some Crucial SSDs have a bug that causes them to be unstable. Fortunately there’s a firmware upgrade available. Even more fortunately, in addition to the usual Windows updaters, Crucual kindly makes a version available that’s an ISO image so it’s OS independent.

Great, right? Except the ISO doesn’t actually work when you dd it to a drive. Ugh. I spent a few hours on this and finally figured out how to make this work.

First, write the ISO to your USB drive as normal (I’ll assume your USB drive is /dev/sde):
$ sudo dd bs=512k if=/tmp/crucial-m4-070h-07-00.iso of=/dev/sde
$ sudo sync

A filesystem and the data is now on your USB drive, but there’s no valid partition table and a corrupt MBR. You can see this by using fdisk:

$ sudo fdisk -l /dev/sde
Disk /dev/sde: 4048 MB, 4048551936 bytes
125 heads, 62 sectors/track, 1020 cylinders, total 7907328 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00000000

Disk /dev/sde doesn't contain a valid partition table

Ooops! However, on the ISO is a copy of the MBR that should be on the drive. Mount the drive and grab that:
$ sudo mount /dev/sde /mnt
$ cp /mnt/boot/isolinux/boot2880.img /tmp
$ sudo umount /mnt

Now, write that boot sector to your USB drive:

$ sudo dd if=/tmp/boot2880.img of=/dev/sde
Almost done. Now you can see there’s a mostly-valid partition table:
$ sudo fdisk -l /dev/sde

Disk /dev/sde: 4048 MB, 4048551936 bytes
125 heads, 62 sectors/track, 1020 cylinders, total 7907328 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0xc9d0c9d0

This doesn't look like a partition table
Probably you selected the wrong device.

Device Boot Start End Blocks Id System
/dev/sde1 ? 28886110 638537311 304825601 c4 DRDOS/sec (FAT-16 < 32M)
/dev/sde2 ? 1183556331 4412578037 1614510853+ 30 Unknown
/dev/sde3 ? 1325451862 2509223114 591885626+ 46 Unknown
/dev/sde4 ? 1394614348 1394635684 10668+ 45 Unknown

Better, but not quite right. The only change we need to make is to set that first partition to be bootable. Modify the disk by running fdisk without -l:

$ sudo fdisk /dev/sde
Command (m for help):

You want the a command, then when it asks for a partition, type 1:

Command (m for help): a
Partition number (1-4): 1

But that will have set it to non-bootable, so do that again:

Command (m for help): a
Partition number (1-4): 1

Then print the table to be sure:


Command (m for help): p

Disk /dev/sde: 4048 MB, 4048551936 bytes
125 heads, 62 sectors/track, 1020 cylinders, total 7907328 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0xc9d0c9d0

This doesn't look like a partition table
Probably you selected the wrong device.

Device Boot Start End Blocks Id System
/dev/sde1 * 28886110 638537311 304825601 c4 DRDOS/sec (FAT-16 < 32M)
/dev/sde2 ? 1183556331 4412578037 1614510853+ 30 Unknown
/dev/sde3 ? 1325451862 2509223114 591885626+ 46 Unknown
/dev/sde4 ? 1394614348 1394635684 10668+ 45 Unknown

You’re looking for that * under Boot for the first partition. Now write your changes:

Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.
Syncing disks.
$

And now your drive is ready – it should boot.

DEFCON

It’s hard to understate how amazing DEFCON is. I met – or got to see speak – so many of my heroes. So many talks were mind-blowing and/or eye-opening. These people really are the best of the best.

Nearly every talk I saw had merit and value, and most of them were incredibly engaging and awesome!

By the end of Thursday they had over 12k people so I would imagine that this year’s attendance was in the neighborhood of 15k – it’s huge. Really huge. But awesome.

I’ve tried to summarize the talks and events I went to… hopefully it’s useful.

Thursday

First Day Bits

Spent 2 hours in line for my badge. Fortunately I ran into my friends Kevin and Vivienne as I got in line, so I had company!

Because of this I missed the talks I wanted to see – one I was in line for and the other had a line out the door to get into. I did some social things instead.

Spent some time with Kevin working on the Forensics challenge… made headway, but not a ton.

Facebook Student Recruiting Night

FB rented out a small club, invited 40 students, and paid for alcohol and food. In typical Vegas style, the cocktail waitresses were eyecandy.

Neil Poole gave a speech about be being an intern-turned-FTE and how amazing FB is, and then we just chatted with the interns all night. It wasn’t a pressure-to-come-work atmosphere, more of a, get-to-know-us-and-ask-us-questions atmosphere. It was fun, but the music got progressively louder throughout the night, so the last hour was a bit useless.

Friday

Domain Name Problems and Solutions – Paul Vixie!

I was very excited to see Paul Vixie’s talk on “Domain Name Problems and Solutions.” If you’re wondering where you recognize that name from, it’s because the name of cron is “vixie-cron” (which he wrote). He also founded the original ISC, wrote large swaths of BIND, invented RBLs, and is undoubtedly one of the fathers of the internet.

When I first left his talk I was a bit disappointed, but in hindsight this wasn’t because his content or his talk were bad (they weren’t), but instead that his initial premise didn’t sit well with me. However, that doesn’t make the rest of his talk any less valuable.

His initial arguement was that the cost of getting a domain name being “too cheap to meter” – i.e. you can buy one for very little with no validation of who you are and have globally live within 30 seconds – is broken. It is needless and attracts spammers and phishers. Because we don’t make it difficult to get a domain, the next best thing to fight bad actors – and where most of our effort has been focused – is shutting them down after they get the domain names.

However, registrars are getting rich because as soon as they delete a spammy domain name the bad guys buy another. Vixie doesn’t want to feed that cycle. So we’ve moved onto the third choice, solving this at endpoints – homes/businesses/etc.

Let me note here that I agree there is a grand amount of badness floating around in registered domains; I simply disagree that making them hard-to-get or expensive is a good solution. Other filtering could be done. Anyway…

He built a system that passively scans the world of DNS (DNSDB) and puts it in a database so you can now query the history of DNS in realtime. It allows wildcard searches and other things as well. So if you’re trying to figure out where an attacker sent you, but the domain name is long-gone, now you still can. This is free for non-profit use. Through this he did a lot of research and found things like… most domains don’t last more than 10 minutes, so if we can ignore domains for the first 10 minutes of their life, we’d be in a better place.

So he created DNS Response Policy Zones (RPZs) – a kind of DNS firewall. It’s similar to the RBLs, but for DNS instead of mail. So he has one, for example, that doesn’t resolve addresses from domains less than 10 minutes old.

All in all, the content of his talk was very good, and I’m excited to play with DNSDB. Also, I had the pleasure of getting to say hi and shake his hand after his talk which made my day.

USB for all!

This talk was the talk of the internet for weeks before defcon. These guys apparently found a generic way to reporogram USB firmware chips in nearly any USB device (keyboards, mice, memory sticks, etc.), to pwn any computer they are plugged into. However, this was in a tiny room and I was unable to get in.

How To Get Phone Companies to Just Say No To Wiretapping – Zimmermann!

This was done by Phil Zimmermann – the father of PGP. Talk about a day of meeting heroes.

I missed the first 10 minutes of this talk, which was apparently the whole actual “talk” part – the other 40 minutes was Q&A. I gleaned from this what he was talking about – he recently announced Blackphone. It’s a privacy-centric phone. It’s a very secure and stripped down version of Andriod, where the phone app has been replaced by an Silent Phone, an app that does a Diffie-Hellman key-exchange to get ephemeral keys, encrypts the entire conversation, and then throws away keys. But wait, there’s more! You can download Silent Phone for stock android too.

But it gets better. It supports making calls to POTS lines too. I didn’t catch all the details here, but it seems a central server at his company that will terminate the crypto in the event you are calling a POTS line, as close to the recipient as possible and then send it on. This may seem “useless”, but imagine you’re a dissident in Iran and calling a reporter in the US. There is no unencrypted part the Iranian government could get its hands on.

This is very cool.

I also didn’t catch the details on this part, but like a normal phone service and you need to buy a calling plan… but your call data is never stored on their servers (because it can’t be). However, it’s all standard protocols (ZRTP and SCIMP) which they are IETF proposals now. It’s unclear if a plan is necessary if always calling between Silent Phones, or only of wanting to call POTS lines. He said that while he believes ZRTP and SCIMP are high-quality, secure, and robuts protocols, if the world adopts a different one he’ll move Silent Phone and Blackphone to it.

My favorite quote, “I think public key infrastructures are generally a bad idea. I think they should be avoided whenever possible.”

Am I Being Spied On? Low-tech Ways Of Detecting High-tech Surveillance

This was a bunch of anti-surveillance techniques. Maybe I’m not paranoid enough, but a lot of these seemed obvious or silly. However, there were a few cool ones. The one that stood out the most was detecting hidden night-vision cameras. Night-vision cameras use infrared to “see” (light) which is picked up brightly by ordinary cell phone cameras. So if you turn off all the lights in your house and walk around filming with your cell phone you’ll see a big bright light on the phone if you pass a hidden night-vision camera. There were other good ones as well, but on balance, this wasn’t my favorite talk.

The Open Crypto Audit Project

This was really interesting.

You remember a few months ago when TrueCrypt up and vanished? They made the code only read TC volumes, said it was insecure, and then disappeared?

So these Open Crypto guys noticed that despite the very prevalent use of TrueCrypt across business, personal, and legal realms, it had never had an audit, so they started a kickstarter to get the code audited and they got TONS of money. So much more than they expected they realized they had to stop and figure out a more detailed plan, file for 501(c)3 status, etc.

They decided to proceed with two phases: Phase 1 would be a general secure-coding practices talk, no cryptanalysis at all. Just… do they do bounds checking, do they clear memory properly, etc. They hired iSec, probably the best company in the world for code auditing, to do this and while the code was far from perfect, it did better than most other software, despite having a few dumb mistakes.

The day after the published the very positive results, TC, without any warning, vanished. Emails bounced, domain names were unregistered. The code had been hosted on their own git repo for a long time, it was moved back to SF but in a form that would only read, not write – and since the previous SF checkin was from years prior before they’d gotten their own site up, there’s no code history.

OCA tried hard to track down those guys and find out what happened, but the developers they had built a relationship had no idea what happened either.

They’re trying to reconstruct the 7.1 source so they can proceed with the audit anyway, since it’s so widely used.

John McAfee “secret” talk

McAfee did a talk at B-sides the week before and there was a rumor he was one of the so-called “Sky Talks” (Sky Talks are often “TBD”, are never recorded, and are usually legally questionable in nature). I got into this one by happy accident – a co-worker had told me about the TCP/IP trivia drinking game, and I was in line to get into it. Turns out they had switched rooms and I ended up in the McAfee talk.

He discussed (all of this, of course, is his version of the story) what went down in Beliz, having men with guns show up at his apartment in Portland, life on the run, crazy cell-phone bugging that happens to him. He also discussed some of the implications of our always-on always-sharing society and that we need to raise awareness – while it’s good and it’s not going away, we need to help people make better decisions. He has a free app, DCentral 1, that will tell you what permissions every app on your phone has.

He’s also working on some other privacy and awareness based things.

His Q&A was very impressive. People had suggestions for him (like providing his app for direct download for side-loading on Android so you don’t have to trust Google Play) which he was always up for and made his PA take notes of.

I left his talk being a lot less sure he was crazy. As I said to everyone else, he could be nuts, or this could all in fact be really happening. Unlike most dillusional people I’ve known he doesn’t speak in a disjointed manner. He speaks cogently, with clarity, purpose, and clear timelines. Everyone I talked to was equally unsure.

Facebook Recruiting Party

Facebook threw a 400-person party at the Surrender Club at the Wynn. It’s a club with pools. And a strict dress code. Which is an odd juxtaposition.

Party was interesting. There were a lot of EFF folks there, which was cool, plus a ton of others. People seemed to have fun and enjoy themselves.

They wouldn’t let us in the main pool, and there was a tiny little pool not much larger than a hot-tub we were allowed to use. As you might imagine, this didn’t inspire people to want to swim. Only 5 people – including yours truly – swam at all.

I’d say the biggest thing I got out of this was some really good conversations with our head of security, Joe Sullivan. He’s a very interesting dude. He also gave me a lot of his private stock of tequila. 🙂

Saturday

The Internet of Fails: Where IoT Has Gone Wrong and How We’re Making It Right

This. Was. Eye-opening.

OMG. So … as you know we are entering the era of the “internet of things” – IPv6 lightbulbs and internet-enabled cameras and watches and fitbits and whatever.

Yeah, so it turns out these are all just… horrible. They looked at about 40 devices and most of them had easy ways to get remote shells. One of the most common ones was a root password baked into the mobile app used to configure the device.

The scariest ones were all the nanny-cams or other home-security cams. Almost all of them were trivially pwned. The worst of them was uploading the video to an unauthenticated S3 bucket, so anyone could see, for example, pictures of you getting out of the shower or whatever.

It wasn’t rare… it was nearly every embedded device they looked at.

Most of these devices are made through kickstarters where the makers don’t have the resources to spend much time worrying about security, but even the major brands had similar problems.

In order to help the situation, they setup BuildItSecure.ly which is two things. First, it’s an organization with partners amongst some of the larger makers of these things who will provide pre-production versions to them so their security researchers (who are volunteers) can test it. In return they get a ‘stamp-of-approval’ if their stuff passes muster. The second thing is a collection of curated resources on how to build these sorts of things securely.

Secure Random by Default – Dan Kaminsky!

Back to the meeting-my-heroes theme. Dan Kaminsky is the guy who did most of the work on reverse engineering the Sony Rootkit. He discovered vulnerabilities in DNS that led to DNS cache poisoning in most DNS servers, and is probably one of the most well-respected security researches in the world.

This was a very rare 2-hour talk. Dan… rambles a lot. He covered lots of things. He talked about hard-drives and he talked about entropy and a bunch of other stuff. There wasn’t a single dull moment though – he’s hilarious and excited and smart.

He started talking about his recent work on hard-drive security. Did you know you can get a shell. On your hard-drive. A. Shell. These things don’t just have some firmware that optimizes reads and writes… they have a full shell where you can do things like repartition the disk, read and write data, and do other things.

How do you do this? Well, you hook up a serial cable and send the right commands. And it turns out, once you do that you can find out all sorts of crazy things the HD supports, and so, for example, he was able to find some hidden features for both Seagate and WD where he could use ‘hdparm’ to write malware to a hidden part of the drive that was immune to re-formattiong,
re-partitioning, etc.

His point here is that a computer is not in fact a computer – it’s a network of tons of tiny computers and many of them are vulnerable in unexpected ways. His other point was, if you’re doing security research or investigation… make sure there are no writable media when you are
executing malware. You can run it. Or you can write it. But never enable both happen.

He then talked about entropy. He got very angry about how we argue about theoretical vulnerabilities in PRNGs… when most software aren’t even using them, they’re using linear feedback shift registers which are total crap. His company has spent a lot of time getting “random()” in major languages to start using /dev/urandom instead of LFSRs and has been pretty successful.

He also talked about how browsers are fundamentally screwed because of they way they evolved – they are now essentially exposing internal COM objects to the outside world because of they way javascript is sorta layered on layout, and so it’s very hard to secure that. It turns out, after some research, that the vast, vast, vast majority of security issues with browsers are essentially use-after-free bugs because it’s very hard to know when some table was altered to have some reference to a thing which has a pointer to a thing that points to an image you thought you could free. IE and Chrome have both come up with solutions. One of them is grouping it’s memory types – so memory used to store an image will only ever be reused on other images. Memory used for tables will only ever be reused on other tables, etc. The other one is never ever re-using an address. It’s not that the memory for a whole image won’t be re-used it’s just that the virtual address will never get used again, which requires some work to give hints to the lookup table in the kernel, and requires a 64-bit machine to not run out of virtual memory addresses, but is very very secure.

Firefox, however, has no story. So Dan and a few other guys are spending the next few months getting a solution for Firefox. They started a mailing list, and they’re going to have a fork until they know they can perform as well as the existing allocator and then push it upstream (FF has a very fast internal memory allocator).

He also discussed a new system he’s built for passwords and fingerprints that uses a tuple of a noun, verb, and adjective.

It automatically fixes common typos, downcases, and canonicalizes all of the words (aeroplanes, airplanes, airplane all become ‘airplane’), and order of the three words doesn’t matter.

So your password would be:

crazy stampeding elephants

You could then type:

stampeeding crazy elephants

And it would work. The idea being that passwords become much easier for humans and much harder to crack (than an 8 character password with a bunch of crazy characters in it).

Code should be release shortly, as I recall.

I want to note here, he gave lots of credit to other people in- and out-side of his company for a variety of this, but I did not keep track of all of the various people who worked on various things.

My favorite quote, “Generation of random numbers is too important to be left to chance.”

Impostor — Polluting Tor Metadata

I felt bad for these guys. They had great content, but were just not good presenters. They weren’t comfortable in front of the audience and were barely audible and monotone. Unfortuantely, a lot of people left and missed what was actually a good presentation.

One of the problems with TOR is that people are starting to look for it. Not just the NSA, but IDSes have rules for it – Snort ships with several. So they wrote some javascript that you can just host that’ll cause all of your visitors to falsely trigger those alerts. They’re silly things like, it causes them to do a DNS lookup, or make an HTTP request to a TOR edge node. Not actual TOR traffic and nothing malicious, but enough that if people hosted this on some sites, there would be so many false-positives in IDS logs, it’d be useless to look for it.

The tricks they used to make these happen are very impressive. They even had lots of hilarious videos and jokes throughout their presentation. Sadly, they didn’t deliver these so much as just hit play.

Check Your Fingerprints: Cloning the Strong Set

This started by showing all of the many (well-known) failures of using PGP without checking fingerprints.

But they went on to something cool and new. They wrote a utility that will generate PGP keys with any keyID (the 32-bit keyID) you want. It does this by generating tons of keys on the GPU very very fast. The full fingerprint won’t be the same, but the keyid will which is all many people verify. Their method is so efficient, they were able to make their own version of every single key in the PGP strongset (same keyid, not same fingerprint, obviously) in a few hours. They also have a version that will create RSA keys very fast.

They also found a fun bug in GPG. If you request a key 0x12345678 from a keyserver, and it delivers a 0x88665544 (some other key), GPG will not warn you. It’ll show you they key it got and save it, but it doesn’t notice/care that its not the key it requested. And since public keys are… well, public, keyserver traffic is not secure. So, they can be MITM attacked. So they showed an attack where you do a gpg search, and a rogue keyserver on the local segment was able to see the request and send a rogue response. The client saw both responses and saved both keys. The rogue server sent one of their generated keys with the same name and keyID. They then asked gpg to verify the signature on a tarball of sourcecode that was signed with the ‘bad’ key, and of course it verified just fine.

This one is interesting – once might assume more than one valid key exists and simply make sure one of the two keys you have the right fingerprint. Which is fine, except that if you do the –verify with the short keyID, then you’ll pick the first one in the keyring. Since the rogue server answered first, the bad key was first.

So the second lesson is always use long keyIDs (58E11BB1E414D9AD vs E414D9AD).

The problem is that gpg by default doesn’t show this. So you either need --keyid-format long or to modify your ~/.gnupg/gpg.conf to include that.

Other Saturday Stuff

At night Kevin, Viv, their friend Scott and I went to dinner at Nove and then took in the Penn & Teller show from the VIP section! If you get a chance you really need to see them live, it’s incredible!

After that we headed to the DEFCON pool party, and ended the night chatting in a hotel room.

Sunday

NSA Playset: DIY WAGONBED Hardware Implant over I2C

These guys are seriously l33t. One of the NSA leaked docs showed they were using the I2C bus in computers to plant bugs in them. They intercept shipments, bug the I2C bus with a device with a GSM chip so you can extract data without even using the local network, and done. It’s supposedly practically undetectable because they send/receive all data not through your computer, so there’s no network anomalies. These guys set out to build that.

Turns out that the Video card has to talk I2C in order to be able to get resolution information from a monitor. So they decided to see if they could build a similar bug that would plug into a VGA port.

They got an arduino, a GSM board and a crypto board. I2C busses don’t cause hotplug events, so this is stealthy. The crypto board has a TPM chip on it, so they put the malware here in the TPM with keys in the TPM that can’t be extracted, so even if you find the malware, you can’t reverse engineer it. Smart.

They also use the crypto board to encrypt all traffic the bug sends or receives.

Because the bug has a GSM board and a SIM card they bought from t-mobile they can text it commands. It then drops off the command in an I2C slot at a known number (the demo used 42). Malware on the machine then polled that i2c mailbox and ran the commands on the target system. Similarly, the malware could ex-filtrate data by dropping it in the i2c mailbox and having the bug send it back to the ‘bad guys’ over GSM.

The CNC and ex-fil data never crosses your network, is encrypted with keys locked in a TPM.

Now this unit was several inches by several inches because it was built using arduino… obviously if you designed a board to do just this it could be VERY tiny and solder to a motherboard easily.

Scary stuff.

All the hardware schematics are open source and MOST of the code is open source. It’s been gutted in a few (documented) places to prevent script kiddie use, but should be easy to fix for security researches (or smart bad guys).

NSA Playset : GSM Sniffing

Another in the line of NSA playset movies. People have been working on easy sniffing of GSM traffic for the last year since the big talk on this last year.

Last year it required a $1000 software defined radio (SDR). These guys made MASSIVE progress. You can now buy a $20 USB SDR and grab all of the GSM data you want. GSM’s crypto is – as the talk showed last year – horrible, so they’ve fully automated the process of watching the dumps to find channels, grabbing the right packets, cracking the key, and decrypting all the traffic. Depending on traffic around you and the type of computer you have, you can probably decrypt all voice and SMS around you in real time with this.

DEFCON Kids

DEFCON kids does not allow adults that are not explicitly escorted by a child of theirs. In general it’s kids-only. But Viv is a teacher and scored a tour of this, so I skipped the 1pm tracks and took a tour of this. This is amazing!

They have kids in there learning to do packet dumps, pulling apart old hardware and soldering to make new devices, learning how to rf-shield things, learning how to do defense and pen-testing, lock-picking… and the whole thing is wrapped in a “these are super powers, with great power comes great responsibility” message. Google donated TONS of computers and engineer time to be in there teaching kids to hack as did several security firms. They also gave several chromebooks to the kids. I was particularly thrilled to see MANY girls in there.

Playing with Car Firmware or How to Brick your Car

This talk was hilarious. He hacked the entertainment system in his car and managed to get a shell and see it’s embedded QNX and even make some small changes. It turns out the system controls locks, A/C, lights, all sorts of things. And the features he didn’t buy were simply software-controlled and set to off. Unfortunately, 9 months into his research he uploaded a modified text file in which he believes he may have gotten the checksum wrong and bricked his car. It would still drive, but heat, AC, lights, etc. all didn’t work. It took 3 months to get it fixed… dealers how NO idea what was wrong or how to fix it. Then one that finally did told him “they replaced the car’s black box.” His wife won’t let him near the cars anymore with a laptop, but he’s published all his materials and how he figured out what he did and hopes others will continue his research.

Empowering Hackers to Create a Positive Impact

This talk was incredibly inspiring. Karen works with Masod & Israeli intelligence and has consulted with Cisco, IBM and countless other big companies. She’s… super smart.

Her talk was basically pointing out that the internet is ours to save, and that hackers ultimately are the “heroes” who bring about change, and we can make that change positive. So it was a call to arms to not keep bugs private, to do security research on the most important things like health devices and infrastructure, and practice responsible disclosure.

She argued that it’s easy to feel like “why should I tell my competition about this bug”… but a lot of the companies that are getting owned lately are not directly. RSA didn’t get hacked into, an executive at a company they used for building some component got phished. So the more people on the internet that are vulnerable, the more vulnerable you are. Because it could be a partner, or a vendor, or the CEO’s grandmother. So even if you don’t want to be altruistic about this, there’s incentive.

She also said Angelina Jolie’s character in Hackers was her inspiration as a girl to go into tech so she ended her talk by saying “hack the planet!!!”

Someone asked her how we can get more women in security, and she talked about finding mentors for them, among other things, but my favorite thing she said is “There are white-hats and black-hats… don’t be a douche-hat!”

Final Thoughts

I’ve been trying to go to DEFCON for years. For the last 3 years in a row I’ve had plane tickets and a hotel booked and had other stuff come up. Now that I finally made it, I plan to come every year I can. Next year I’ll add B-sides to the itinerary.

Running into Kevin and Viv and having people to share the awesome with definitely added an extra level of incredible to the weekend.

I also briefly ran into tons of other friends, acquantances and co-workers who all added to the experience. Thanks to everyone I saw this weekend!

Heartbleed

I spent a large chunk of time this week dealing from the fallout of Heartbleed as a technical person who runs a variety of websites… but this weekend I spent a lot of time dealing with it as a user. It took a lot of time and I wanted to share what I did.

Wait, is Heartbleed?

You were affected by Heartbleed. You may not know it, but you were. Everyone in the internet was. I’m not going to spend time explaining heartbleed because there’s plenty of that already: technical, non-technical, also non-technical and even comic.

What Do I Need To Do?

There’s a great list of sites affected, but frankly, it’s probably worse than that site would have you believe. The reality is this bug has been around for about 2 years and no one knows who has known about it for how long. So even if a site wasn’t using vulnerable software at the time we all found out about it, who knows what their setup was a year ago – or two.

Bottom line: for every site you have a password for, purchase stuff from, give sensitive information to, or log into in any way you need to 1. Ensure they are no longer vulnerable and 2. Change your password. We’ll talk about how to pick good passwords and how to manage yoru passwords conveniently below.

Before visiting any sites though, be sure to test them via http://filippo.io/Heartbleed/. Alternatively you can install the or the Chrome extension ChromeBleed or the Firefox extension Foxbleed to tell you when a site is vulnerable.

Before You Make Any Passwords…

Lets talk a bit about passwords. Traditional wisdom has taught internet users that “good” passwords are very complicated. You’ve been told that you must have special characters, spaces, capitals, all sorts of stuff. Your passwords should look like F23%@!he right? Wrong.

The reality of it is, these crazy tricks are only useful on passwords that are short. You can have a much more secure, much easier to remember password if it’s long. Lets look at two examples:

  • F23%@!he
  • This new job is fantastic, and I’m making a very long new password to ensure I keep the company safe.

Which one of those is harder to crack? Well there’s roughly 95 characters on my keyboard I can use in a password… so the first password is 8 characters, so assuming an attacker knew how long it was, it would take 95^8 or 6,634,204,312,890,625 guesses to figure out. Not that many for a computer to do. Now lets assume that in the second case the attacker knows we are only using letters, spaces, commas, apostrophes, and periods – just to make it “weaker” – that’s only 54 possible characters. And again, lets assume the attacker knows the length of the password. OK, so the number of guesses would be 54^102 (that’s 102 characters) which is 5,060,151,292,742,899,803,155,369,247,456,004,028,007,484,398,099,983,812,643,223,359,676,655,183,085,130,713,577,104,812,568,773,74,090,891,957,891,806,474,420,131,725,564,699,076,655,948,414,884,760,908,561,767,814,181,384,582,332,416 guesses. So even limiting the choices of characters, the second password is a lot better.

I’ve simplified the math a bit – you also need to take into account that the attacker doesn’t actually know how long the password is, so he has to try all 1-character passwords, then 2-character passwords, then 3-character passwords, and so on. Which as you can guess, means the longer password has even more benefit.

So getting back to the topic at hand, when you change your passwords, they’ll fall into two categories: the ones you have to remember because you have to type them constantly (the password to unlock your computer, the password for your email) and the passwords for various websites.

So the passwords you need to remember should be a nice long phrase or sentence like the one above (aim for 25 or more characters) Passwords for websites should be randomly generated by a password program (also at least 25 characters) and stored in said password program. You’ll want a password program that makes it easy to copy any password into your clipboard for easy use. And most importantly have a different password for every single service!

Which means we need to have a password program… read on.

How I Used To Manage Passwords

Traditionally, my way of storing passwords was in a PGP-encrypted file. If you’re not a technical person, this doesn’t mean much to you, but I suffice to say I had an encrypted document on my computer that I could read only if I had two things: 1. A special “private key” (another file), and 2. A very long passphrase. This is very secure, but it wasn’t very portable. I couldn’t easily access this from various remote places, from my phone, etc.

For me this isn’t much of an issue – I generally have access to my home computer remotely through various means. But that wasn’t always true, and as such I have a bunch of bad password practices. Traditionally I’ve had a “banking” password, a “important stuff that’s not banking” password, a “somewhat secure stuff” password and a “throw-away” password I used for sites that didn’t matter. This is a horrible idea. It was time to start using unique passwords everywhere.

While a PGP-encrypted file and my current remote-access setup was sufficient for this, I decided to explore my options.

Requirements For A New Password Manager

If I was going to trust my password to anything other than GnuPG (my PGP software, written by truly paranoid folks, which is what you want in security software), it had to meet several requirements. First and foremost it had to be open-source. In the wake of all the NSA stuff over the past 12 months, it’s become clear that you cannot trust proprietary software – especially not for things like password safes. The NSA has had a huge influence over a variety of software, both open and closed – but such issues in open-source software are more likely to be found due to the many people looking at that software all of the time. Heartbleed is a great example of what generally happens when the community finds a problem with open-source security software – they announce it publicly so everyone can protect themselves.

Second, it had to store the passwords encrypted by strong cryptography I knew to be as trustworthy as possible. For those of you who are technical that meant AES256.

Third, it had to be able to export it’s database into a simple format such as plain-text or CSV. I want to be able to switch to a different password manager at any time I choose.

Third, it had to be cross-platform. I generally only use Linux desktops. However, I have an Android, and occasionally I need to use a Mac, and if I chose I wanted my passwords to be available there.

Choosing A New Password Manager

I did hours of research and found there were two possible options: KeePassX and KeePass. It’s worth looking at a bit of history of these two pieces of software to make the right choice.

KeePass version 1 is open-source (GPL) but only works on Windows. KeePassX is a port of KeePass 1 to be cross-platform (Windows, Mac, and Linux) – also open-source (GPL). It has many – but not all – of the features of KeePass 1 and fully spports files created by KeePass 1. Version 2 of KeePass is also developed primarily on Windows, but due to Mono works on Linux. The KeePassX guy has alpha versions of KeePassX2 which will support the KeePass2 format.

There is android software to read both KeePass 1 and KeePass 2 files (and thus KeePassX files).

Each has their advantages. KeePass is pluggable, so there are plugins to do all sorts of useful features one might want. However, I found most of these plugins to be of poor quality or so complicated to install that average users will be unable to. KeePassX, while less feature-rich, is fully cross-platform at its core, which is something its author seems to cares a lot about. It’s also simpler – and in security software, simplicity is a good thing.

I decided that KeePassX was the right solution for me.

I found a great article at LinuxJournal about using KeePassX, Dropbox, and KeePassDroid in order to have secure passwords across multiple devices. KeePassDroid is also open-source (GPL/Apache), so my android piece had been solved as well.

I also am using Dropbox as described in that article for sycning. You may have noticed that Dropbox is proprietary – it requires a closed-source daemon. However, the only thing I’m using dropbox for here is to steward the encrypted database around. Since I trust the security of the KeePassX database (it’s encrypted with AES256), I can send it over any untrusted path safely.

The only thing that makes me unhappy about this setup is Dropbox’s proprietary software running on my machine. It’s not the worst thing in the world (my graphics drivers are also proprietary), but it’s not optimal either. KeePassX 2 is set to have native syncing to various services, and that will make me feel better.

My Final Setup

It is not clear to me if I want to use KeePassX + Dropbox + DroidKeePass or whether I want to stick with a single PGP-encrypted file which only exists in one place. So for the moment I’ve put all my new passwords in both, and I will try both and see how it goes.

Back To Changing All Your Passwords

So, remember:

  • Install ChromeBleed or Foxbleed to detect vulnerable sites
  • Change your password on every site you visit to a unique password 25 or more characters
  • Use a good password manager

For sites that support (Google, Facebook, Github, and others) you should enable 2-factor support. It means you will need your phone in order to login, but it’s definitely easy and adds a ton of security.

Update: 4/12 10:34pm updated to add an explanation on why dropbox is OK to use.

Native IPv6 On Comcast

Update 5/31/12: Scripts are now configurable and various bugs have been fixed.
Update 6/07/12: Broken link to if-up script fixed, typo in script fixed.
Update 10/30/15: Scripts moved to GitHub.

They’re not advertising it, but Comcast is turning on IPv6 for all their California customers (and presumably others) who have a supported modem this week. Most people’s equipment won’t request v6 addresses yet, but for those running one of the Linksys-style devices that are set to do it by default, they will get a /64 and start advertising internally and voila, their network is IPv6-ified.

That’s all well and good, but you’re running a Linux firewall like a good geek, so how do you get the IPv6 goodness? It’s actually not as straight-forward as you’d think, but I have all the bits worked out here so you can get up and running.

Lets talk about what we’re going to be doing. We will…

  1. Use DHCPv6 to request a prefix (a /64) on the external interface.
  2. Take that prefix, assign one address from it to the internal interface.
  3. Tell radvd to advertise that prefix to our internal network.

I have automted this whole process and included the scripts below… but we will first start by walking through it manually so you understand what’s going on.

Get A Prefix

First, lets just look at how we get a prefix! Run the following command:

dhclient -6 -P -d -v $YOUR_EXTERNAL_INTERFACE

The -6 option is to run in IPv6 mode, the -P option says to request a prefix, and -d -v are debug and verbose so you can see what’s going on.

In the output look at the line with IAPREFIX in it… that’s your /64! However, dhclient won’t do anything with that. (Depending on how new your dhclient is, if you did not use -P, then you’d get a single address which it would assign to eth1, but since we want our whole network to have IPv6, we requested a prefix. Older dhclient’s would write out the lease file but not do anything with any addresses, even when not in prefix mode.)

Assign An Address To Your Box

So we want to do something with that. First, we need to assign some address in our /64 to our internal interface. Note that all routing is done via link-local addresses so your external interface doesn’t need a global address. In theory we could do this manually, with something like:

ip addr add $PREFIX::1/64 dev $YOUR_INTERNAL_INTERFACE

So for example, if your prefix was 2001:a:b::/64 then the address there would be 2001:a:b::1/64. And don’t forget to replace your internal interface there.

Accept Router Advertisements

Then we need to make sure we accept Router Advertisements (RA) so we know how to send traffic to the internet.

But first we need to understand something about IPv6 as well as something about linux’s IPv6 implementation. The RFC states that if you’re a router you shouldn’t accept router advertisements (RA) – the rationale being that you’re a router or your a host, but you are not both. Thus, even if you set net.ipv6.conf.all.accept_ra=1, if you also have ip_forward=1, linux will silently drop all RAs.

In our case, however we want to accept router advertisements on our external interface and send our own router advertisements on our internal interface. Fortunately, Linux added a new value to accept_ra which says “accept RAs even if ip_forward is on”… and that value is 2.

Sadly, in kernels before that was added (anything before 2.6.37), a value of 2 is accepted, but it has no benefit (it’s treated the same as 1). In these older kernels you can set ip_forward=0 on the external interface and 1 on the internal interface and packets will still be forwarded and you will accept RAs. See this blog for more details.

Anyway, here’s what we do to ensure we get RAs:

# Ensure we'll get router advertisements
sysctl -w net.ipv6.conf.$YOUR_EXTERNAL_INTERFACE.accept_ra=2
# Needed for kernels before 2.6.37, don't worry,
# forwarding will still work as long as you have it set
# on your other interface.
sysctl -w net.ipv6.conf.$YOUR_EXTERNAL_INTERFACE.forwarding=0

And with that you should have connectivity:

ping6 www.facebook.com

Advertising Your Space Internally

IPv6 is great at autoconfiguration, but in order for devices to configure themselves, we need to advertise our IPv6 space – and our selves as a router for that space – to the network. First, install radvd as appropriate for your distribution and create a config in /etc/radvd.conf that looks like this:

interface YOUR_INTERNAL_INTERFACE {
   AdvSendAdvert on;
   RDNSS 2001:4860:4860::8888 2001:4860:4860::8844 {};
   prefix YOUR_PREFIX
   {
     AdvOnLink on;
     AdvAutonomous on;
   };
};   

And replace “YOUR_INTERNAL_INTERFACE” with your internal interface and “YOUR_PREFIX” with your prefix. Start radvd and you should see devices on your network auto-configure ipv6 addresses and routes.

This config hands out Google DNS servers as the DNS servers, but you can change to taste.

Automating Everything

Well, it’s neat that it works, but who wants to do that by hand on every boot? Ew.

Fortunately, dhclient is pluggable, so I wrote a dhclient-script to do that for us. Drop this into /etc/dhcp/dhclient-exit-hooks.d/ and call it something like ipv6.

#!/bin/bash

# vim:tw=80:tabstop=2:shiftwidth=2

# Copyright (c) 2012-present, Phil Dibowitz 
#
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
#
#  * Redistributions of source code must retain the above copyright notice,
#    this list of conditions and the following disclaimer.
#  * Redistributions in
#    binary form must reproduce the above copyright notice, this list of
#    conditions and the following disclaimer in the documentation and/or other
#    materials provided with the distribution.
#  * Neither the name of the author nor the names of its contributors may be
#    used to endorse or promote products derived from this software without
#    specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.

#
# You can find the latest version of this at:
#   https://github.com/jaymzh/v6-gw-scripts
#
# Will, given a 'dhclient -6 -P ...' on $EXT_IFACE and assign the prefix
# given to the $INT_IFACE, and twiddle radvd.
#
# For radvd, it takes /etc/radvd.conf.tmpl, replaces "__PREFIX__" with your
# prefix, and - if it's different from /etc/radvd.conf - replaces the config
# file and restarts the daemon.
#

# Change INT_IFACE or EXT_IFACE by setting them in the config file
CONF='/etc/ipv6_prefix_dhclient.conf'
INT_IFACE='eth0'
EXT_IFACE='eth1'

[ -r $CONF ] && . $CONF

ipv6_prefix_setup() {
  current_ip=$(/sbin/ip -6 addr show dev $INT_IFACE scope global |\
               /usr/bin/awk '/inet6/ {print $2}')
  current_prefix=$(echo $current_ip | /bin/sed -e 's@::1/64@::/64@')
  if [ "$current_prefix" == "$new_ip6_prefix" ] ; then
    return
  fi

  # Setup the new IP
  new_ip=$(echo $new_ip6_prefix | /bin/sed -e 's@::/64@::1/64@g')
  if [ ! -z "$current_ip" ] ; then
    ip -6 addr del $current_ip dev $INT_IFACE
  fi
  ip -6 addr add $new_ip dev $INT_IFACE

  # Ensure we'll get router advertisements
  sysctl -w "net.ipv6.conf.$EXT_IFACE.accept_ra=2"
  # Needed for kernels before 2.6.37, don't worry,
  # forwarding will still work as long as you have it set
  # on your other interface.
  sysctl -w "net.ipv6.conf.$EXT_IFACE.forwarding=0"

  # Update radvd
  tmpfile=/tmp/radvd.conf.$$
  sed -e "s@__PREFIX__@$new_ip6_prefix@g" /etc/radvd.conf.tmpl > $tmpfile
  diff $tmpfile /etc/radvd.conf >/dev/null
  if [ $? == 1 ]; then
    mv $tmpfile /etc/radvd.conf
    /etc/init.d/radvd restart
  else
    rm $tmpfile
  fi
}

if [ "$interface" != "$EXT_IFACE" ] ; then
  return
fi

case "$reason" in
  BOUND6|REBIND6)
    # We will get called twice here - once for the temp address
    # and once for the prefix. We only care about the prefix.
    if [ ! -z "$new_ip6_prefix" ] ; then
      ipv6_prefix_setup
    fi
    ;;
esac

Be sure to set the two variables at the top as appropriate.

This script does several things things:

  1. Assign an IP from our prefix to the internal interface
  2. Set the sysctls as appropriate
  3. Configure radvd

It makes one assumption: that you have a templated radvd.conf file in /etc/radvd.conf.tmpl that has “__PREFIX__” instead of a prefix, ala:

interface YOUR_INTERNAL_INTERFACE {
   AdvSendAdvert on;
   RDNSS 2001:4860:4860::8888 2001:4860:4860::8844 {};
   prefix __PREFIX__
   {
     AdvOnLink on;
     AdvAutonomous on;
   };
};   

This script is configurable… just drop a file in /etc/ipv6_prefix_dhclient.conf and define $INT_IFACE and $EXT_IFACE like so:

INT_IFACE='eth0'
EXT_IFACE='eth1'

As before, this config hands out Google DNS servers as the DNS servers, but you can change to taste.

So now we have dhclient doing all of the configuration work for us, there’s only one more piece: to launch dhclient correctly. For this, I dropped a simple script which fires off dhclient into /etc/network/if-up.d which I called 99-ipv6. This is Debian-like-distro specific, but you could do this with some ifup-local magic on Redhat-like-distros.

#!/bin/bash

# vim:tw=80:tabstop=2:shiftwidth=2

# Copyright (c) 2012-present, Phil Dibowitz 
#
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
#
#  * Redistributions of source code must retain the above copyright notice,
#    this list of conditions and the following disclaimer.
#  * Redistributions in
#    binary form must reproduce the above copyright notice, this list of
#    conditions and the following disclaimer in the documentation and/or other
#    materials provided with the distribution.
#  * Neither the name of the author nor the names of its contributors may be
#    used to endorse or promote products derived from this software without
#    specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.

#
# You can find the latest version of this at:
#   https://github.com/jaymzh/v6-gw-scripts
#
# Debian-style if-up.d script for firing off dhclient for ipv6
#

# Change EXT_IFACE by updating the config file
CONF='/etc/ipv6_prefix_dhclient.conf'
EXT_IFACE="eth1"

[ -r $CONF ] && . $CONF

# We only care about the external interface.
if [ "$IFACE" != "$EXT_IFACE" ]; then
	exit 0
fi

# Only run from ifup.
if [ "$MODE" != start ]; then
	exit 0
fi

# If there's a stale dhclient, kill it
kill `cat /var/run/dhclient6.$IFACE.pid`

# Start our new one
dhclient -6 -P -pf /var/run/dhclient6.$IFACE.pid \
  -lf /var/lib/dhcp/dhclient6.$IFACE.leases $IFACE &

# reload firewall rules
/etc/network/ip6tables reload

exit 0

This script uses the same configuration file to determine the configuration of your network.

In my particular case I have a script /etc/network/ip6tables which setups my v6 firewall rules and is run here (and a similar one for v4 which I run as an if-up rule), but your configuration may differ.

You can find these scripts on GitHub.

Other Considerations

Some other thoughts:

  • iptables’ conntrack module, until recently, couldn’t statefully track dhcpv6. This was fixed with this patch but if you don’t have the nf_conntrack_dhcpv6 module available in your kernel, you will need to allow ports UDP traffic to/from fe80::/10 and to port 546/from port 547.
  • Debian was using the old dhclient3 scripts (even after the move to isc-dhcp-client) until very recently. You need version 4.1.1-P1-17 or later to have basic IPv6 support