Presentation is loading. Please wait.

Presentation is loading. Please wait.

Passive IP Addresses draft-baker-opsec-passive-ip- address.

Published byLeslie Warner Modified over 8 years ago

Similar presentations

Presentation on theme: "Passive IP Addresses draft-baker-opsec-passive-ip- address."— Presentation transcript:

1 Passive IP Addresses draft-baker-opsec-passive-ip- address

2 Problem It is possible to use a traceroute to identify routers on a path More generally, ICMP and other traffic from routers identifies them to equipment that has no primary need to know As a result, such equipment is subject to attacks

3 Principle of Least Privilege Folks that have no need to know something shouldn’t know it.

4 Possible solutions draft-behringer-lla-only Use only link-local addresses Send ICMP from the loopback address But now I can attack the loopback address Use a ULA BCP 38 issue – PMTU fails

5 Desirements I’d like to say “requirements” It would be nice to be able to have a remote network identify which operator to ask a question of Router addresses SHOULD be in ipv6.arpa It would be nice to have a way to not attack the router so identified

6 Passive IPv6 Addresses Two attributes on an interface address: Should I respond using it in ICMP? Should I process messages sent to it? An address that I send to folks who have no need to know my address “should be used” and “should not be processed” An address my operator uses to manage me “should not be used” and “should be processed”

7

Download ppt "Passive IP Addresses draft-baker-opsec-passive-ip- address."

Similar presentations

1 IP Forwarding Relates to Lab 3. Covers the principles of end-to-end datagram delivery in IP networks.

1 IP Forwarding Relates to Lab 3. Covers the principles of end-to-end datagram delivery in IP networks.
Chapter 6: Static Routing

Chapter 6: Static Routing
1 IPv6. 2 Problem: 32-bit address space will be completely allocated by 2008. Solution: Design a new IP with a larger address space, called the IP version.

1 IPv6. 2 Problem: 32-bit address space will be completely allocated by Solution: Design a new IP with a larger address space, called the IP version.
CCNP Network Route IPV-6 Part-III IPV-6 Static Routing: R1(Conf t)# ip routing  (Turn on Routing) R1(Conf t)# ipv6 unicast-routing  (Turn on ipv6 routing)

CCNP Network Route IPV-6 Part-III IPV-6 Static Routing: R1(Conf t)# ip routing  (Turn on Routing) R1(Conf t)# ipv6 unicast-routing  (Turn on ipv6 routing)
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Introduction to IPv4 Introduction to Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Introduction to IPv4 Introduction to Networks.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
Computer Networks21-1 Chapter 21. Network Layer: Address Mapping, Error Reporting, and Multicasting 21.1 Address Mapping 21.2 ICMP 21.3 IGMP 21.4 ICMPv6.

Computer Networks21-1 Chapter 21. Network Layer: Address Mapping, Error Reporting, and Multicasting 21.1 Address Mapping 21.2 ICMP 21.3 IGMP 21.4 ICMPv6.
思科网络技术学院理事会. 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

思科网络技术学院理事会. 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
CCNA2 Module 4. Discovering and Connecting to Neighbors Enable and disable CDP Use the show cdp neighbors command Determine which neighboring devices.

CCNA2 Module 4. Discovering and Connecting to Neighbors Enable and disable CDP Use the show cdp neighbors command Determine which neighboring devices.
1 Semester 2 Module 4 Learning about Other Devices Yuda college of business James Chen

1 Semester 2 Module 4 Learning about Other Devices Yuda college of business James Chen
CSCI 4550/8556 Computer Networks Comer, Chapter 23: An Error Reporting Mechanism (ICMP)

CSCI 4550/8556 Computer Networks Comer, Chapter 23: An Error Reporting Mechanism (ICMP)
Chapter 8b Intro to Routing & Switching.  Upon completion of this chapter, you should be able to:  Describe the structure of an IPv4 address.  Describe.

Chapter 8b Intro to Routing & Switching.  Upon completion of this chapter, you should be able to:  Describe the structure of an IPv4 address.  Describe.
Draft-tsou-bfd-ds-lite-02 Tina Tsou. Problem to solve – There is no status information of DS-Lite tunnel, e.g. tunnel up or down, which brings difficulties.

Draft-tsou-bfd-ds-lite-02 Tina Tsou. Problem to solve – There is no status information of DS-Lite tunnel, e.g. tunnel up or down, which brings difficulties.
Helper Protocols Protocols that either make it easier for IP to do its job, or extend the capabilities of the network layer.

Helper Protocols Protocols that either make it easier for IP to do its job, or extend the capabilities of the network layer.
Instructor & Todd Lammle

Instructor & Todd Lammle
1 CCNA 2 v3.1 Module 4. 2 CCNA 2 Module 4 Learning about Devices.

1 CCNA 2 v3.1 Module 4. 2 CCNA 2 Module 4 Learning about Devices.
1 ICMP – Using Ping and Trace CCNA Semester 2. 2 172.30.1.20 172.30.1.25.

1 ICMP – Using Ping and Trace CCNA Semester
Click to edit Master subtitle style Chapter 17: Troubleshooting Tools Instructor:

Click to edit Master subtitle style Chapter 17: Troubleshooting Tools Instructor:
1 Chapter Overview IP (v4) Address IPv6. 2 IPv4 Addresses Internet Protocol (IP) is the only network layer protocol with its own addressing system and.

1 Chapter Overview IP (v4) Address IPv6. 2 IPv4 Addresses Internet Protocol (IP) is the only network layer protocol with its own addressing system and.
Protocol Headers Pre DA SA 0800h … version H L 6 TCP Header Data FCS

Protocol Headers Pre DA SA 0800h … version H L 6 TCP Header Data FCS

Similar presentations

Ads by Google