Presentation is loading. Please wait.

Presentation is loading. Please wait.

03 Jun 2011There's no place like ::1 Introduction to IPv6 Protocol part 2 George Kargiotakis oss-unipi: Event #27.

Published byMelissa Miller Modified over 7 years ago

Similar presentations

Presentation on theme: "03 Jun 2011There's no place like ::1 Introduction to IPv6 Protocol part 2 George Kargiotakis oss-unipi: Event #27."— Presentation transcript:

1 03 Jun 2011There's no place like ::1 Introduction to IPv6 Protocol part 2 George Kargiotakis (kargig@void.gr) oss-unipi: Event #27

2 03 Jun 2011There's no place like ::1 Topics ● IPv6 Neighbor Discovery Mechanisms ● IPv6 Local Network Protection ● IPv6 Security Considerations ● IPv6 Linux

3 03 Jun 2011There's no place like ::1 IPv6 ND (1/X) ● Neighbors = 2 devices on the same local network ● Based on ICMPv6 → Replaces ARP + ICMP on IPv4

4 03 Jun 2011There's no place like ::1 IPv6 ND Host-to-Host (1/X) ● Next-Hop Determination: The method for looking at an IP datagram's destination address and determining where it should next be sent (Destination Cache). ● Address Resolution: The process by which a device determines the layer two address of another device on the local network from that device's layer three (IP) address. Replaces ARP in IPv4 (Neighbor Cache). ● Neighbor Unreachability Detection: The process of determining whether or not a neighbor device can be directly contacted. ● Duplicate Address Detection: Determining if an address that a device wishes to use already exists on the network.

5 03 Jun 2011There's no place like ::1 IPv6 Host-to-Router (1/X) ● Router Discovery: The method by which hosts locate routers on their local network. ● Prefix Discovery: Hosts use this function to determine what network they are on, which in turn tells them how to differentiate between local and distant destinations and whether to attempt direct or indirect delivery of datagrams (Prefix Cache). ● Parameter Discovery: The method by which a host learns important parameters about the local network and/or routers, such as the maximum transmission unit of the local link. ● Address Autoconfiguration: Hosts can automatically configure themselves, by information provided by a router.

6 03 Jun 2011There's no place like ::1 IPv6 ND Messages (3/X) ● Commonly used messages: – Router Advertisement (Type 134) – Router Solicitation (Type 133) – Neighbor Advertisement (Type 136) – Neighbor Solicitation (Type 135) – Redirect ● Benefits: – Formalize Address Resolution + Router Discovery (Security at layer 3 independent of IPsec → SeND) – Autoconfiguration – Dynamic Router Selection – Multicast

7 03 Jun 2011There's no place like ::1 IPv6 ND Address Resolution (4/X) ● Efficiency due to using Solicited-node Multicast Addresses instead of broadcast ● Address Resolution only for “on-link” nodes

8 03 Jun 2011There's no place like ::1 IPv6 ND Flow (4/X)

9 03 Jun 2011There's no place like ::1 IPv6 Local Network Protection

10 03 Jun 2011There's no place like ::1 IPv6 Common Attacks ● Address Resolution – Attacker claims victim's IP address ● Redirect – Attacker sends RA and redirects traffic heading to an off-link host elsewhere ● DAD (DoS) – Attacker replies to any victim's DAD requests

11 03 Jun 2011There's no place like ::1 IPv6 Common Attacks ● First-Hop Router Attack – Attacker tricks victim into accepting itself as a default router canceling the previous one (lifetime=0). Steals all traffic. ● Address Configuration (DoS) – Attacker cancels previous default router prefix and sends new prefix to victim. Victim can't access the network due to spoofed prefix filtering by default router. ● DHCPv6 spoofing

12 03 Jun 2011There's no place like ::1 IPv6 Migration Security ● Deny packets for transition techniques not in use – Deny IPv4 protocol 41 forwarding unless that is exactly what is intended – unless using 6to4 tunneling – Deny UDP 3544 forwarding unless you are using Teredo tunneling ● Avoid Dynamic Tunnels (6to4, Teredo, etc) ● Don't forget Link-Local addresses! (demo?)

13 03 Jun 2011There's no place like ::1 IPv6 Security Overview ● IPv6 is no more or less secure than Ipv4 – Experience is the issue ● IPv6 will change traffic patterns (p2p, MIPv6) ● IPv6 larger addresses makes worms and scanning less effective but there are still ways to find hosts ● Apply IPsec wherever possible ● LAN based attacks → Stronger physical security, Ethernet-port Security, NAC, 802.1X, SeND

14 03 Jun 2011There's no place like ::1 IPv6 Linux ● Show IPv6 neighbors – ip -6 neighbor show ● Show IPv6 addresses – ip -6 address ● Show IPv6 routes – ip -6 route

15 03 Jun 2011There's no place like ::1 IPv6 Linux ● Add neighbor – ip neighbor add 2001:db8::2 dev eth0 lladdr 00:11:22:33:44:55 ● Add address – ip address add 2001:db8::1/64 dev eth0 ● Add route – ip route add 2001:db8::10:1/64 dev eth0

16 03 Jun 2011There's no place like ::1 IPv6 Linux ● Show destination cache – ip route show cache ● Show multicast listening addresses – ip maddr ● Log routing changes – rtmon file /tmp/rtmon.log – ip monitor file /tmp/rtmon.log

17 03 Jun 2011There's no place like ::1 IPv6 Linux ● /proc/ – /proc/net/snmp6 – /proc/sys/net/ipv6/bindv6only – /proc/sys/net/ipv6/conf/[all,default,devX]/YYYY ● accept_ra ● autoconf ● forwarding (0,1,2) ● accept_redirects ● disable_ipv6 (newer kernels) ● router_solicitations ● mtu ● use_tempaddr (0,1,2)

18 03 Jun 2011There's no place like ::1 IPv6 Linux ● Apache configuration – Listen 80 – Listen [2001:db8::1]:80 – NameVirtualHost [2001:db8::1]:80 – ● vsftpd – listen_ipv6=YES – sysctl -w net.ipv6.bindv6only=0 (don't forget!) ● Postfix – inet_protocols = ipv4, ipv6

19 03 Jun 2011There's no place like ::1 The End Thanks! Any Questions ?

Download ppt "03 Jun 2011There's no place like ::1 Introduction to IPv6 Protocol part 2 George Kargiotakis oss-unipi: Event #27."

Similar presentations

11: IPv6 Routing Table and Static Routes

11: IPv6 Routing Table and Static Routes
10: ICMPv6 Neighbor Discovery

10: ICMPv6 Neighbor Discovery
Neighbor Discovery for IPv6 Mangesh Kaushikkar. Overview Introduction Terminology Protocol Overview Message Formats Conceptual Model of a Host.

Neighbor Discovery for IPv6 Mangesh Kaushikkar. Overview Introduction Terminology Protocol Overview Message Formats Conceptual Model of a Host.
TCP/IP Protocol Suite 1 Chapter 27 Upon completion you will be able to: Next Generation: IPv6 and ICMPv6 Understand the shortcomings of IPv4 Know the IPv6.

TCP/IP Protocol Suite 1 Chapter 27 Upon completion you will be able to: Next Generation: IPv6 and ICMPv6 Understand the shortcomings of IPv4 Know the IPv6.
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
© 2006 Cisco Systems, Inc. All rights reserved.IP6FD v2.0—2-1 IPv6 Operations Defining and Configuring Neighbor Discovery.

© 2006 Cisco Systems, Inc. All rights reserved.IP6FD v2.0—2-1 IPv6 Operations Defining and Configuring Neighbor Discovery.
Computer Networks21-1 Chapter 21. Network Layer: Address Mapping, Error Reporting, and Multicasting 21.1 Address Mapping 21.2 ICMP 21.3 IGMP 21.4 ICMPv6.

Computer Networks21-1 Chapter 21. Network Layer: Address Mapping, Error Reporting, and Multicasting 21.1 Address Mapping 21.2 ICMP 21.3 IGMP 21.4 ICMPv6.
Network Layer IPv6 Slides were original prepared by Dr. Tatsuya Suda.

Network Layer IPv6 Slides were original prepared by Dr. Tatsuya Suda.
IPv6 Network Security.

IPv6 Network Security.
2: Comparing IPv4 and IPv6 Rick Graziani Cabrillo College

2: Comparing IPv4 and IPv6 Rick Graziani Cabrillo College
1 Address Resolution Protocol (ARP) Relates to Lab 2. This module is about the address resolution protocol.

1 Address Resolution Protocol (ARP) Relates to Lab 2. This module is about the address resolution protocol.
Internet Control Protocols Savera Tanwir. Internet Control Protocols ICMP ARP RARP DHCP.

Internet Control Protocols Savera Tanwir. Internet Control Protocols ICMP ARP RARP DHCP.
資 管 Lee Lesson 12 IPv6 Mobility. 資 管 Lee Lesson Objectives Components of IPv6 mobility IPv6 mobility messages and options IPv6 mobility data structures.

資 管 Lee Lesson 12 IPv6 Mobility. 資 管 Lee Lesson Objectives Components of IPv6 mobility IPv6 mobility messages and options IPv6 mobility data structures.
IPv6: Neighbor Discovery

IPv6: Neighbor Discovery
CSCI 4550/8556 Computer Networks Comer, Chapter 23: An Error Reporting Mechanism (ICMP)

CSCI 4550/8556 Computer Networks Comer, Chapter 23: An Error Reporting Mechanism (ICMP)
LOGO IPv6 Application Analysis Xi Chen

LOGO IPv6 Application Analysis Xi Chen
Doc.: IEEE 802.11-11/1183r0 Submission September 2011 Masataka Ohta, Tokyo Institute of TechnologySlide 1 IP over Congested WLAN Date: 2011-09-19 Authors:

Doc.: IEEE /1183r0 Submission September 2011 Masataka Ohta, Tokyo Institute of TechnologySlide 1 IP over Congested WLAN Date: Authors:
Guide to TCP/IP Fourth Edition

Guide to TCP/IP Fourth Edition
ICMPv6 Presented by Dr.Apichan Kanjanavapastit. Introduction Another protocol that has been modified in version 6 of the TCP/IP protocol suite is ICMP.

ICMPv6 Presented by Dr.Apichan Kanjanavapastit. Introduction Another protocol that has been modified in version 6 of the TCP/IP protocol suite is ICMP.
1 CMPT 471 Networking II ICMPv6 © Janice Regan, 2012.

1 CMPT 471 Networking II ICMPv6 © Janice Regan, 2012.

Similar presentations

Ads by Google