SlideShare une entreprise Scribd logo

Gaweł mikołajczyk. i pv6 insecurities at first hop

Yury Chemerkin
Yury Chemerkin
Technologie
1  sur  40
Télécharger pour lire hors ligne
IPv6 insecurities at First Hop Gaweł Mikołajczyk gmikolaj@cisco.com
SETTING THE STAGE
IPv6 Neighbor Discovery Fundamentals RFC 4861, Neighbor Discovery for IP Version 6 (IPv6) RFC 4862, IPv6 Stateless Address Autoconfiguration Used for: Router discovery IPv6 Stateless Address Auto Configuration (SLAAC) IPv6 address resolution (replaces ARP) Neighbor Unreachability Detection (NUD) Duplicate Address Detection (DAD) Redirection Operates above ICMPv6 Relies heavily on multicast (including L2-multicast) Works with ICMP messages and messages “options”
IPv4 to IPv6 – Link model shift Announces default router Announces link parameters Router DHCP server „An IPv6 link” DHCP „An IPv4 link” server Assign addresses – Assign addresses IPv4 link model is DHCP-centric IPv6 link model is essentially distributed, with DHCP playing a Assign addresses minor role Announces default router Announces link parameters
Cisco Current Roadmap Securing Link Operations: IETF SAVI WG First Hop Trusted Device Certificate Advantages server – central administration, central operation – Complexity limited to first hop – Transitioning lot easier – Efficient for threats coming from the link – Efficient for threats coming from outside Time server Disadvantages – Applicable only to certain topologies – Requires first-hop to learn about end-nodes – First-hop is a bottleneck and single-point of failure
„TARGETING THE HOSTS”
IPv6 Address Resolution – comparing with IPv4 ARP Creates neighbor cache entry, resolving IPv6 address into MAC address. Messages: Neighbor Solicitation (NS), Neighbor Advertisement (NA) A B C ICMP type = 135 (Neighbor Solicitation) Src = A NS Dst = Solicited-node multicast address of B Data = B Option = link-layer address of A Query = what is B’s link-layer address? ICMP type = 136 (Neighbor Advertisement) Src = one B’s IF address NA Dst = A Data = B Option = link-layer address of B A and B can now exchange packets on this link
Attacking IPv6 Address Resolution Attacker can claim victim's IPv6 address. A B C NS Dst = Solicited-node multicast address of B Query = what is B’s link-layer address? NS Src = B or any C’s IF address NA Dst = A Data = B Option = link-layer address of C Countermeasures: Static Cache Entries, Address GLEAN, SeND (CGA) on routers, Integrity Guard (Address-Watch).
Address GLEAN Gleaning means inspecting the Binding table DHCP- IPv6 MAC VLAN IF server H1 H2 H3 A1 MACH1 100 P1 A21 MACH2 100 P2 A22 MACH2 100 P2 NS [IP source=A1, LLA=MACH1] A3 MACH3 100 P3 REQUEST [XID, SMAC = MACH2] REPLY[XID, IPA21, IPA22] data [IP source=A3, SMAC=MACH3] DAD NS [IP source=UNSPEC, target = A3] DHCP LEASEQUERY NA [IP source=A1, LLA=MACH3] DHCP LEASEQUERY_REPLY H1 H2 H3
IPv6 Duplicate Address Detection (DAD) Verify IPv6 address uniqueness, verify no neighbors claims the address Required (MUST) by SLAAC, recommended (SHOULD) by DHCP Messages: Neighbor Solicitation, Neighbor Advertisement A B C ICMP type = 135 (Neighbor Solicitation) Src = UNSPEC = 0::0 NS Dst = Solicited-node multicast address of A Data = A Query = Does anybody use A already? Node A starts using the address
Attack On DAD Attacker hacks any victim's DAD attempts. Victim can't configure IP address and can't communicate. DoS condition. A C Src = UNSPEC Dst = Solicited-node multicast address of A Data = A NS Query = Does anybody use A already? Src = any C’s IF address NA “it’s mine !” Dst = A Data = A Option = link-layer address of C
Device tracking Goal: to track active addresses (devices) on the link IPv6 MAC VLAN IF STATE A1 1 MACH1 H1 100 P1 REACH STALE H1 H2 H3 A21 21 MACH2 H2 100 P2 REACH A22 22 MACH2 H2 100 P2 REACH Address A3 MACH3 100 P3 STALE GLEAN Binding table – Keep track of device state – Probe devices when becoming stale – Remove inactive devices from the binding table – Record binding creation/deletion/changes DAD NS [IP source=UNSPEC, target = A1] NA [target = A1LLA=MACH1] DAD NS [IP source=UNSPEC, target = A3]
IPv6 Source Guard Validating the source address of IPv6 traffic sourced from the link IPv6 MAC VLAN IF Binding table A1 MACA1 100 P1 H1 H2 H3 A21 MACA21 100 P2 A22 MACA22 100 P2 A3 MACA3 100 P3 Address GLEAN DAD NS [IP source=UNSPEC, target = A3] DHCP LEASEQUERY NA [target = A1LLA=MACA3] DHCP LEASEQUERY_REPLY P3 ::A3, MACA3 P1:: data, src= A1, SMAC = MACA1 – Allow traffic sourced with known IP/SMAC P2:: data src= A21, SMAC = MACA21 – Deny traffic sources P3:: data src= A3, SMAC = MACA3 with unknown IP/SMAC
„TARGETING THE ROUTER”
Why should you care about router stealing? $ ifconfig en1 en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500 ether 00:26:bb:xx:xx:xx inet6 fe80::226:bbff:fexx:xxxx%en1 IPv6 Network? Is there an prefixlen 64 scopeid 0x6 inet 10.19.19.118 netmask 0xfffffe00 broadcast 10.19.19.255 media: autoselect status: active $ ping6 -I en1 ff02::1%en1 PING6(56=40+8+8 bytes) fe80::226:bbff:fexx:xxxx%en1 --> ff02::1 16 bytes from fe80::226:bbff:fexx:xxxx%en1, icmp_seq=0 hlim=64 time=0.140 ms . . . Are there any IPv6 peers? 16 bytes from fe80::cabc:c8ff:fec3:fdef%en1, icmp_seq=3 hlim=64 time=402.112 ms ^C --- ff02::1%en1 ping6 statistics --- 4 packets transmitted, 4 packets received, +142 duplicates, 0.0% packet loss round-trip min/avg/max/std-dev = 0.140/316.721/2791.178/412.276 ms $ ndp -an Neighbor Linklayer Address Netif Expire St Flgs Prbs Configure a tunnel, enable forwarding, transmit RA 2001:xxxx:xxxx:1:3830:abff:9557:e33c 0:24:d7:5:6b:f0 en1 23h59m30s S . . . $ ndp -an | wc -l 64
IPv6 Router Discovery  Find default/first-hop routers  Discover on-link prefixes => which destinations are neighbors Messages: Router Advertisements (RA), Router Solicitations (RS) B A Internet ICMP Type = 133 (Router Solicitation) RS Src = UNSPEC (or Host link-local address) Dst = All-routers multicast address (FF02::2) Query = please send RA ICMP Type = 134 (Router Advertisement) RA Src = Router link-local address Dst = All-nodes multicast address (FF02::1) Data = router lifetime, retranstime, autoconfig flag Option = Prefix, lifetime Use B as default gateway
Attacking IPv6 Router Discovery Attacker tricks victim into accepting him as default router Based on rogue Router Advertisements The most frequent threat by non-malicious user B A C Internet RA Src = B’s link-local address Dst = All-nodes Data = router lifetime=0 Src = C’s link-local address RA Dst = All-nodes Data = router lifetime, autoconfig flag Options = subnet prefix, slla Node A sending off-link traffic to C
IPv6 RA-Guard – Securing Router Discovery A C RA “I am the default gateway” Verification Router Advertisement Option: succeeded? prefix(s) Forward RA Switch selectively accepts or rejects RAs based on various criteria – ACL (configuration) based, learning-based or challenge (SeND) based. Hosts see only allowed RAs, and RAs with allowed content. More countermeasures: static routing, SeND, VLAN segmentation, PACL.
IPv6 Stateless Address Auto-Configuration (SLAAC) Stateless, based on prefix information delivered in Router Advertisements. Messages: Router Advertisements, Router Solicitations B A Internet ICMP Type = 133 (Router Solicitation) RS Src = UNSPEC (or Host link-local address) Dst = All-routers multicast address (FF02::2) Query = please send RA ICMP Type = 134 (Router Advertisement) RA Src = Router link-local address Dst = All-nodes multicast address (FF02::1) Computes X::x, Y::y, Z::z Data = router lifetime, retranstime, autoconfig flag and DADs them Options = Prefix X,Y,Z, lifetime NS Source traffic with X::x, Y::y, Z::z
Attacking IPv6 Stateless Address Auto-Configuration Attacker spoofs Router Advertisement with false on-link prefix Victim generates IP address with this prefix Access router drops outgoing packets from victim (ingress filtering) Incoming packets can't reach victim B A C Internet Src = B’s link-local address RA Dst = All-nodes Options = prefix X Preferred lifetime = 0 Deprecates X::A Src = B’s link-local address Computes BAD::A RA Dst = All-nodes and DAD it Options = prefix BAD, Preferred lifetime Node A sourcing off-link traffic to B with BAD::A Router B filters out BAD::A
Cryptographically Generated Addresses CGA RFC 3972 (Simplified) Each devices has a RSA key pair (no need for cert) Ultra light check for validity Prevent spoofing a valid CGA address RSA Keys Priv Pub Modifier Public Key SHA-1 Subnet Prefix Signature CGA Params Subnet Interface Prefix Identifier SeND Messages Crypto. Generated Address
Using SeND for router authorization Subject Name Certificate Authority Certificate Authority CA0 contains the list of authorized IPv6 Certificate C0 prefixes 1 provision Router certificate CR Router certificate 3 request provision 2 A Router R host ROUTER ADVERTISEMENT (SRC = R) Certificate Path Solicit (CPS): I trust CA0, who are you R? 4 5 Certificate Path Advertise (CPA): I am R, this is my certificate CR signed by CA0 6 Verify CR against CA0 Each node takes care of its own security 7 Verifies router legitimacy Insert R as default route Verifies address ownership
SeND Deployment Challenges with boundaries ADMINISTRATIVE BOUNDARY CA CA CA Router Router Host Host Nodes must be provisioned with CA certificate(s) A chain of trust is easy to establish within the administrative boundaries, but very hard outside Very few IPv6 stacks support SeND today
„EXHAUSTING THE CACHE”
Reconnaissance in IPv6? Easy with Multicast. No need for reconnaissance anymore 3 site-local multicast addresses (not enabled by default) FF05::2 all-routers, FF05::FB mDNSv6, FF05::1:3 all DHCP servers Several link-local multicast addresses (enabled by default) FF02::1 all nodes, FF02::2 all routers, FF02::F all UPnP, … Source Destination Payload Attacker FF05::1:3 DHCP Attack 2001:db8:2::50 2001:db8:1::60 2001:db8:3::70 http://www.iana.org/assignments/ipv6-multicast-addresses/
Remote address resolution cache exhaustion X Gateway PFX::/64 X scanning 2 64 addresses (ping PFX::a, PFX::b, …PFX::z) Dst = Solicited-node multicast address of PFX::a Query = what is PFX::a ’s link-layer address? NS 3 seconds history Dst = Solicited-node multicast address of PFX::b Query = what is PFX::b ’s link-layer address? NS Dst = Solicited-node multicast address of PFX::z Query = what is PFX::z’s link-layer address? NS Countermeasures: address provisioning mechanisms and filtering on routers, Destination Guard on switches
Destination guard – mitigating cache exhaustion L3 switch host B Internet Binding table Neighbor cache Address glean Scanning {P/64} Src=D1 Src=Dn Lookup D1 NO found Forward packet Mitigate prefix-scanning attacks and Protect ND cache Useful at last-hop router and L3 distribution switch Drops packets for destinations without a binding entry
Mitigating Remote Neighbor Cache Exhaustion Built-in rate limiter but no option to tune it Since 15.1(3)T: ipv6 nd cache interface-limit Or IOS-XE 2.6: ipv6 nd resolution data limit Destination-guard is coming with First Hop Security phase 3 Using a /64 on point-to-point links => a lot of addresses to scan! Using /127 could help (RFC 6164) Internet edge/presence: a target of choice Ingress ACL permitting traffic to specific statically configured (virtual) IPv6 addresses only Using infrastructure ACL prevents this scanning iACL: edge ACL denying packets addressed to your routers Easy with IPv6 because new addressing scheme can be done 
YOUR IPS CAN HELP, PROBABLY
Detecting native IPv6 Traffic Example: ICMPv6 Traffic for Neigbor discovery / Router advertisements
Usage of Dual-Stack on all Engines Service HTTP
What your IPS should support now Can detect IPv6 tunnels in IPv4 IPv6 in IPv4 IPv6 in MPLS tunnel Teredo destination IP address Teredo source port Teredo destination port Teredo data packet And more? Detect DNS request for ISATAP Detect traffic to 6to4 anycast server
Intrusion Prevention for L2 Security ICMPv6 Signatures for Attack mitigation and visibility, including NA, NS, RA, RS.
IPS for Virtual Switching with ERSPAN Extends the Local SPAN to send packets outside local host (VEM) Can be used to monitor the traffic on ERSPAN DST Virtual Switch remotely ID:2 ID:1 One or more source: NAM Type: Ethernet, Vethernet, Port-Channel, VLAN Direction: Receive (Ingress) / Transmit (Egress) / Both Management IP based destination Console ERSPAN VMkernel ERSPAN ID provides segmentation NEXUS 1000v Permit protocol type header 0x88be for ERSPAN GRE VM VM VM VM ESXi
PUTTING IT ALL TOGETHER
Features for IPv6 First-Hop Security Switches do/will integrate a set of monitoring, inspection and guard features for a variety of security-centric purposes: 1. RA-guard 2. Address NDP address glean/inspection (NDP+DHCP+data) 3. Integrity guard (Address watch/ownership enforcement) 4. Device Tracking 5. DHCP-guard 6. DAD/Resolution proxy 7. Source-guard (SAVI) 8. Destination-guard 9. DHCP L2 relay Ask your vendor.for current support and serious roadmap. cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-roadmap.html
First Hop Security Phase I in 2010 Protecting against Rogue RA Port ACL (see later) blocks all ICMPv6 Router Advertisements from hosts interface FastEthernet3/13 RA switchport mode access ipv6 traffic-filter ACCESS_PORT in RA access-group mode prefer port RA-guard feature in host mode (12.2(33)SXI4 & 12.2(54)SG ): also dropping all RA received on this port interface FastEthernet3/13 RA switchport mode access RA ipv6 nd raguard access-group mode prefer port RA
IPv6 Snooping Phase II and III Phase II Phase III  DHCP Guard  Destination Guard  Source Guard  Prefix Guard  Multi Switch operation  DAD Proxy  RA Throttler  Binding Table Recovery  NDP Multicast Suppress  SVI support
The bottom line Look inside NetFlow records Protocol 41: IPv6 over IPv4 or 6to4 tunnels IPv4 address: 192.88.99.1 (6to4 anycast server) UDP 3544, the public part of Teredo, yet another tunnel Look into DNS server log for resolution of ISATAP Beware of the IPv6 latent threat: Your IPv4-only network may be vulnerable to IPv6 attacks now.
THANK YOU.

Recommandé

Name Based Net Architectures
Name Based Net ArchitecturesName Based Net Architectures
Name Based Net Architectureswebhostingguy
 
2006 aodv-group-presentation
2006 aodv-group-presentation2006 aodv-group-presentation
2006 aodv-group-presentationnishant kumar
 
Building Linux IPv6 DNS Server (Draft Copy)
Building Linux IPv6 DNS Server (Draft Copy)Building Linux IPv6 DNS Server (Draft Copy)
Building Linux IPv6 DNS Server (Draft Copy)Hari
 
Hossein Taghavi : Codes on Graphs
Hossein Taghavi : Codes on GraphsHossein Taghavi : Codes on Graphs
Hossein Taghavi : Codes on Graphsknowdiff
 
IPv6 - Neighbour Discovery
IPv6 - Neighbour DiscoveryIPv6 - Neighbour Discovery
IPv6 - Neighbour DiscoveryHeba_a
 
1 bonica tutorial_segment_routing
1 bonica tutorial_segment_routing1 bonica tutorial_segment_routing
1 bonica tutorial_segment_routinghptoga
 
Lecture04
Lecture04Lecture04
Lecture04sean chen
 
Understanding i pv6 2
Understanding i pv6 2Understanding i pv6 2
Understanding i pv6 2srmanjuskp
 

Recommandé

Name Based Net Architectures
Name Based Net ArchitecturesName Based Net Architectures
Name Based Net Architectureswebhostingguy
 
2006 aodv-group-presentation
2006 aodv-group-presentation2006 aodv-group-presentation
2006 aodv-group-presentationnishant kumar
 
Building Linux IPv6 DNS Server (Draft Copy)
Building Linux IPv6 DNS Server (Draft Copy)Building Linux IPv6 DNS Server (Draft Copy)
Building Linux IPv6 DNS Server (Draft Copy)Hari
 
Hossein Taghavi : Codes on Graphs
Hossein Taghavi : Codes on GraphsHossein Taghavi : Codes on Graphs
Hossein Taghavi : Codes on Graphsknowdiff
 
IPv6 - Neighbour Discovery
IPv6 - Neighbour DiscoveryIPv6 - Neighbour Discovery
IPv6 - Neighbour DiscoveryHeba_a
 
1 bonica tutorial_segment_routing
1 bonica tutorial_segment_routing1 bonica tutorial_segment_routing
1 bonica tutorial_segment_routinghptoga
 
Lecture04
Lecture04Lecture04
Lecture04sean chen
 
Understanding i pv6 2
Understanding i pv6 2Understanding i pv6 2
Understanding i pv6 2srmanjuskp
 
Performance analysis and implementation for nonbinary quasi cyclic ldpc decod...
Performance analysis and implementation for nonbinary quasi cyclic ldpc decod...Performance analysis and implementation for nonbinary quasi cyclic ldpc decod...
Performance analysis and implementation for nonbinary quasi cyclic ldpc decod...ijwmn
 
FR1.L09 - PREDICTIVE QUANTIZATION OF DECHIRPED SPOTLIGHT-MODE SAR RAW DATA IN...
FR1.L09 - PREDICTIVE QUANTIZATION OF DECHIRPED SPOTLIGHT-MODE SAR RAW DATA IN...FR1.L09 - PREDICTIVE QUANTIZATION OF DECHIRPED SPOTLIGHT-MODE SAR RAW DATA IN...
FR1.L09 - PREDICTIVE QUANTIZATION OF DECHIRPED SPOTLIGHT-MODE SAR RAW DATA IN...grssieee
 
Iccsit 2010 paper1
Iccsit 2010 paper1Iccsit 2010 paper1
Iccsit 2010 paper1hanums1
 
Implementation of Forward Scheduling (GOS Factor) on BSC 6600 CDMA EvDO Rev.A
Implementation of Forward Scheduling (GOS Factor) on BSC 6600 CDMA EvDO Rev.AImplementation of Forward Scheduling (GOS Factor) on BSC 6600 CDMA EvDO Rev.A
Implementation of Forward Scheduling (GOS Factor) on BSC 6600 CDMA EvDO Rev.ARay KHASTUR
 
IPv6 Address Planning
IPv6 Address PlanningIPv6 Address Planning
IPv6 Address PlanningAPNIC
 
Ipv6 course
Ipv6 courseIpv6 course
Ipv6 courserinnocente
 
OrientDB distributed architecture 1.1
OrientDB distributed architecture 1.1OrientDB distributed architecture 1.1
OrientDB distributed architecture 1.1Luca Garulli
 
Iccsit 2010 rljit
Iccsit 2010 rljitIccsit 2010 rljit
Iccsit 2010 rljithanums1
 
Introduction to ipv6 v1.3
Introduction to ipv6 v1.3Introduction to ipv6 v1.3
Introduction to ipv6 v1.3Karunakant Rai
 
Rapid Software Communications Architecture (SCA) Development for DSPs with Sp...
Rapid Software Communications Architecture (SCA) Development for DSPs with Sp...Rapid Software Communications Architecture (SCA) Development for DSPs with Sp...
Rapid Software Communications Architecture (SCA) Development for DSPs with Sp...ADLINK Technology IoT
 
Lar
LarLar
Laranandvvpc
 
6421 b Module-04
6421 b Module-046421 b Module-04
6421 b Module-04Bibekananada Jena
 
8086 labmanual
8086 labmanual8086 labmanual
8086 labmanualiravi9
 
The L2F Spoken Web Search system for Mediaeval 2012
The L2F Spoken Web Search system for Mediaeval 2012The L2F Spoken Web Search system for Mediaeval 2012
The L2F Spoken Web Search system for Mediaeval 2012MediaEval2012
 
Ilnp
IlnpIlnp
Ilnpyckim486
 
An experimental study of the skype peer to-peer vo ip system
An experimental study of the skype peer to-peer vo ip systemAn experimental study of the skype peer to-peer vo ip system
An experimental study of the skype peer to-peer vo ip systemxiaoran815
 
Tap Lenh Ho 8051
Tap Lenh Ho 8051Tap Lenh Ho 8051
Tap Lenh Ho 8051kakaruchi
 
Microcontroller Instruction Set atmel
Microcontroller Instruction Set atmelMicrocontroller Instruction Set atmel
Microcontroller Instruction Set atmelRuderocker Billy
 
Chapter 25. implementing i pv6 routing
Chapter 25. implementing i pv6 routingChapter 25. implementing i pv6 routing
Chapter 25. implementing i pv6 routingVishnu Vardhan
 
IPv6_Quick_Start_Guide
IPv6_Quick_Start_GuideIPv6_Quick_Start_Guide
IPv6_Quick_Start_GuideParthiban Nallathambi
 
IP Routing on z/OS
IP Routing on z/OSIP Routing on z/OS
IP Routing on z/OSzOSCommserver
 
APNIC Hackathon IPv4 & IPv6 security & threat comparisons
APNIC Hackathon IPv4 & IPv6 security & threat comparisonsAPNIC Hackathon IPv4 & IPv6 security & threat comparisons
APNIC Hackathon IPv4 & IPv6 security & threat comparisonsAPNIC
 

Contenu connexe

Tendances

Performance analysis and implementation for nonbinary quasi cyclic ldpc decod...
Performance analysis and implementation for nonbinary quasi cyclic ldpc decod...Performance analysis and implementation for nonbinary quasi cyclic ldpc decod...
Performance analysis and implementation for nonbinary quasi cyclic ldpc decod...ijwmn
 
FR1.L09 - PREDICTIVE QUANTIZATION OF DECHIRPED SPOTLIGHT-MODE SAR RAW DATA IN...
FR1.L09 - PREDICTIVE QUANTIZATION OF DECHIRPED SPOTLIGHT-MODE SAR RAW DATA IN...FR1.L09 - PREDICTIVE QUANTIZATION OF DECHIRPED SPOTLIGHT-MODE SAR RAW DATA IN...
FR1.L09 - PREDICTIVE QUANTIZATION OF DECHIRPED SPOTLIGHT-MODE SAR RAW DATA IN...grssieee
 
Iccsit 2010 paper1
Iccsit 2010 paper1Iccsit 2010 paper1
Iccsit 2010 paper1hanums1
 
Implementation of Forward Scheduling (GOS Factor) on BSC 6600 CDMA EvDO Rev.A
Implementation of Forward Scheduling (GOS Factor) on BSC 6600 CDMA EvDO Rev.AImplementation of Forward Scheduling (GOS Factor) on BSC 6600 CDMA EvDO Rev.A
Implementation of Forward Scheduling (GOS Factor) on BSC 6600 CDMA EvDO Rev.ARay KHASTUR
 
IPv6 Address Planning
IPv6 Address PlanningIPv6 Address Planning
IPv6 Address PlanningAPNIC
 
OrientDB distributed architecture 1.1
OrientDB distributed architecture 1.1OrientDB distributed architecture 1.1
OrientDB distributed architecture 1.1Luca Garulli
 
Iccsit 2010 rljit
Iccsit 2010 rljitIccsit 2010 rljit
Iccsit 2010 rljithanums1
 
Introduction to ipv6 v1.3
Introduction to ipv6 v1.3Introduction to ipv6 v1.3
Introduction to ipv6 v1.3Karunakant Rai
 
Rapid Software Communications Architecture (SCA) Development for DSPs with Sp...
Rapid Software Communications Architecture (SCA) Development for DSPs with Sp...Rapid Software Communications Architecture (SCA) Development for DSPs with Sp...
Rapid Software Communications Architecture (SCA) Development for DSPs with Sp...ADLINK Technology IoT
 
8086 labmanual
8086 labmanual8086 labmanual
8086 labmanualiravi9
 
The L2F Spoken Web Search system for Mediaeval 2012
The L2F Spoken Web Search system for Mediaeval 2012The L2F Spoken Web Search system for Mediaeval 2012
The L2F Spoken Web Search system for Mediaeval 2012MediaEval2012
 
An experimental study of the skype peer to-peer vo ip system
An experimental study of the skype peer to-peer vo ip systemAn experimental study of the skype peer to-peer vo ip system
An experimental study of the skype peer to-peer vo ip systemxiaoran815
 
Tap Lenh Ho 8051
Tap Lenh Ho 8051Tap Lenh Ho 8051
Tap Lenh Ho 8051kakaruchi
 
Microcontroller Instruction Set atmel
Microcontroller Instruction Set atmelMicrocontroller Instruction Set atmel
Microcontroller Instruction Set atmelRuderocker Billy
 

Tendances (18)

Performance analysis and implementation for nonbinary quasi cyclic ldpc decod...
Performance analysis and implementation for nonbinary quasi cyclic ldpc decod...Performance analysis and implementation for nonbinary quasi cyclic ldpc decod...
Performance analysis and implementation for nonbinary quasi cyclic ldpc decod...
 
FR1.L09 - PREDICTIVE QUANTIZATION OF DECHIRPED SPOTLIGHT-MODE SAR RAW DATA IN...
FR1.L09 - PREDICTIVE QUANTIZATION OF DECHIRPED SPOTLIGHT-MODE SAR RAW DATA IN...FR1.L09 - PREDICTIVE QUANTIZATION OF DECHIRPED SPOTLIGHT-MODE SAR RAW DATA IN...
FR1.L09 - PREDICTIVE QUANTIZATION OF DECHIRPED SPOTLIGHT-MODE SAR RAW DATA IN...
 
Iccsit 2010 paper1
Iccsit 2010 paper1Iccsit 2010 paper1
Iccsit 2010 paper1
 
Implementation of Forward Scheduling (GOS Factor) on BSC 6600 CDMA EvDO Rev.A
Implementation of Forward Scheduling (GOS Factor) on BSC 6600 CDMA EvDO Rev.AImplementation of Forward Scheduling (GOS Factor) on BSC 6600 CDMA EvDO Rev.A
Implementation of Forward Scheduling (GOS Factor) on BSC 6600 CDMA EvDO Rev.A
 
IPv6 Address Planning
IPv6 Address PlanningIPv6 Address Planning
IPv6 Address Planning
 
Ipv6 course
Ipv6 courseIpv6 course
Ipv6 course
 
OrientDB distributed architecture 1.1
OrientDB distributed architecture 1.1OrientDB distributed architecture 1.1
OrientDB distributed architecture 1.1
 
Iccsit 2010 rljit
Iccsit 2010 rljitIccsit 2010 rljit
Iccsit 2010 rljit
 
Introduction to ipv6 v1.3
Introduction to ipv6 v1.3Introduction to ipv6 v1.3
Introduction to ipv6 v1.3
 
Rapid Software Communications Architecture (SCA) Development for DSPs with Sp...
Rapid Software Communications Architecture (SCA) Development for DSPs with Sp...Rapid Software Communications Architecture (SCA) Development for DSPs with Sp...
Rapid Software Communications Architecture (SCA) Development for DSPs with Sp...
 
Lar
LarLar
Lar
 
6421 b Module-04
6421 b Module-046421 b Module-04
6421 b Module-04
 
8086 labmanual
8086 labmanual8086 labmanual
8086 labmanual
 
The L2F Spoken Web Search system for Mediaeval 2012
The L2F Spoken Web Search system for Mediaeval 2012The L2F Spoken Web Search system for Mediaeval 2012
The L2F Spoken Web Search system for Mediaeval 2012
 
Ilnp
IlnpIlnp
Ilnp
 
An experimental study of the skype peer to-peer vo ip system
An experimental study of the skype peer to-peer vo ip systemAn experimental study of the skype peer to-peer vo ip system
An experimental study of the skype peer to-peer vo ip system
 
Tap Lenh Ho 8051
Tap Lenh Ho 8051Tap Lenh Ho 8051
Tap Lenh Ho 8051
 
Microcontroller Instruction Set atmel
Microcontroller Instruction Set atmelMicrocontroller Instruction Set atmel
Microcontroller Instruction Set atmel
 

Similaire à Gaweł mikołajczyk. i pv6 insecurities at first hop

Chapter 25. implementing i pv6 routing
Chapter 25. implementing i pv6 routingChapter 25. implementing i pv6 routing
Chapter 25. implementing i pv6 routingVishnu Vardhan
 
APNIC Hackathon IPv4 & IPv6 security & threat comparisons
APNIC Hackathon IPv4 & IPv6 security & threat comparisonsAPNIC Hackathon IPv4 & IPv6 security & threat comparisons
APNIC Hackathon IPv4 & IPv6 security & threat comparisonsAPNIC
 
APNIC Hackathon IPv4 & IPv6 security & threat comparisons
APNIC Hackathon IPv4 & IPv6 security & threat comparisonsAPNIC Hackathon IPv4 & IPv6 security & threat comparisons
APNIC Hackathon IPv4 & IPv6 security & threat comparisonsSiena Perry
 
Name Based Net Architectures
Name Based Net ArchitecturesName Based Net Architectures
Name Based Net Architectureswebhostingguy
 
AusNOG 2015 - Some fairly recent IPv6 IETF RFCs, discussions and topics
AusNOG 2015 - Some fairly recent IPv6 IETF RFCs, discussions and topicsAusNOG 2015 - Some fairly recent IPv6 IETF RFCs, discussions and topics
AusNOG 2015 - Some fairly recent IPv6 IETF RFCs, discussions and topicsMark Smith
 
Implementing an IPv6 Enabled Environment for a Public Cloud Tenant
Implementing an IPv6 Enabled Environment for a Public Cloud TenantImplementing an IPv6 Enabled Environment for a Public Cloud Tenant
Implementing an IPv6 Enabled Environment for a Public Cloud TenantShixiong Shang
 
IETF 106 - IPv6 Formal Anycast Addresses and Functional Anycast Addresses
IETF 106 - IPv6 Formal Anycast Addresses and Functional Anycast AddressesIETF 106 - IPv6 Formal Anycast Addresses and Functional Anycast Addresses
IETF 106 - IPv6 Formal Anycast Addresses and Functional Anycast AddressesMark Smith
 
Windows Server 2012 Seminar 4 - De mogelijkheden van Direct Access
Windows Server 2012 Seminar 4 - De mogelijkheden van Direct AccessWindows Server 2012 Seminar 4 - De mogelijkheden van Direct Access
Windows Server 2012 Seminar 4 - De mogelijkheden van Direct AccessCompuTrain. De IT opleider.
 
Neighbor Discovery Deep Dive – IPv6-Networking-Referat
Neighbor Discovery Deep Dive – IPv6-Networking-ReferatNeighbor Discovery Deep Dive – IPv6-Networking-Referat
Neighbor Discovery Deep Dive – IPv6-Networking-ReferatDigicomp Academy AG
 
OpenStack Icehouse Over IPv6
OpenStack Icehouse Over IPv6OpenStack Icehouse Over IPv6
OpenStack Icehouse Over IPv6Shixiong Shang
 
DHCP,ARP in networks
DHCP,ARP in networksDHCP,ARP in networks
DHCP,ARP in networksssuser15869a
 
IPv6 The Big Move
IPv6 The Big MoveIPv6 The Big Move
IPv6 The Big Movefrenildand
 

Similaire à Gaweł mikołajczyk. i pv6 insecurities at first hop (20)

Chapter 25. implementing i pv6 routing
Chapter 25. implementing i pv6 routingChapter 25. implementing i pv6 routing
Chapter 25. implementing i pv6 routing
 
IPv6_Quick_Start_Guide
IPv6_Quick_Start_GuideIPv6_Quick_Start_Guide
IPv6_Quick_Start_Guide
 
IP Routing on z/OS
IP Routing on z/OSIP Routing on z/OS
IP Routing on z/OS
 
APNIC Hackathon IPv4 & IPv6 security & threat comparisons
APNIC Hackathon IPv4 & IPv6 security & threat comparisonsAPNIC Hackathon IPv4 & IPv6 security & threat comparisons
APNIC Hackathon IPv4 & IPv6 security & threat comparisons
 
APNIC Hackathon IPv4 & IPv6 security & threat comparisons
APNIC Hackathon IPv4 & IPv6 security & threat comparisonsAPNIC Hackathon IPv4 & IPv6 security & threat comparisons
APNIC Hackathon IPv4 & IPv6 security & threat comparisons
 
Name Based Net Architectures
Name Based Net ArchitecturesName Based Net Architectures
Name Based Net Architectures
 
AusNOG 2015 - Some fairly recent IPv6 IETF RFCs, discussions and topics
AusNOG 2015 - Some fairly recent IPv6 IETF RFCs, discussions and topicsAusNOG 2015 - Some fairly recent IPv6 IETF RFCs, discussions and topics
AusNOG 2015 - Some fairly recent IPv6 IETF RFCs, discussions and topics
 
Title Subtitle
Title SubtitleTitle Subtitle
Title Subtitle
 
Title Subtitle
Title SubtitleTitle Subtitle
Title Subtitle
 
IPv6 DHCP
IPv6 DHCPIPv6 DHCP
IPv6 DHCP
 
Fedv6tf-fhs
Fedv6tf-fhsFedv6tf-fhs
Fedv6tf-fhs
 
IPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCTIPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCT
 
Implementing an IPv6 Enabled Environment for a Public Cloud Tenant
Implementing an IPv6 Enabled Environment for a Public Cloud TenantImplementing an IPv6 Enabled Environment for a Public Cloud Tenant
Implementing an IPv6 Enabled Environment for a Public Cloud Tenant
 
IETF 106 - IPv6 Formal Anycast Addresses and Functional Anycast Addresses
IETF 106 - IPv6 Formal Anycast Addresses and Functional Anycast AddressesIETF 106 - IPv6 Formal Anycast Addresses and Functional Anycast Addresses
IETF 106 - IPv6 Formal Anycast Addresses and Functional Anycast Addresses
 
Windows Server 2012 Seminar 4 - De mogelijkheden van Direct Access
Windows Server 2012 Seminar 4 - De mogelijkheden van Direct AccessWindows Server 2012 Seminar 4 - De mogelijkheden van Direct Access
Windows Server 2012 Seminar 4 - De mogelijkheden van Direct Access
 
Neighbor Discovery Deep Dive – IPv6-Networking-Referat
Neighbor Discovery Deep Dive – IPv6-Networking-ReferatNeighbor Discovery Deep Dive – IPv6-Networking-Referat
Neighbor Discovery Deep Dive – IPv6-Networking-Referat
 
Tech f42
Tech f42Tech f42
Tech f42
 
OpenStack Icehouse Over IPv6
OpenStack Icehouse Over IPv6OpenStack Icehouse Over IPv6
OpenStack Icehouse Over IPv6
 
DHCP,ARP in networks
DHCP,ARP in networksDHCP,ARP in networks
DHCP,ARP in networks
 
IPv6 The Big Move
IPv6 The Big MoveIPv6 The Big Move
IPv6 The Big Move
 

Plus de Yury Chemerkin

Security Vulnerability Notice SE-2012-01-PUBLIC [Security vulnerabilities in ...
Security Vulnerability Notice SE-2012-01-PUBLIC [Security vulnerabilities in ...Security Vulnerability Notice SE-2012-01-PUBLIC [Security vulnerabilities in ...
Security Vulnerability Notice SE-2012-01-PUBLIC [Security vulnerabilities in ...Yury Chemerkin
 
Red october. detailed malware description
Red october. detailed malware descriptionRed october. detailed malware description
Red october. detailed malware descriptionYury Chemerkin
 
Comment crew indicators of compromise
Comment crew indicators of compromiseComment crew indicators of compromise
Comment crew indicators of compromiseYury Chemerkin
 
Appendix g iocs readme
Appendix g iocs readmeAppendix g iocs readme
Appendix g iocs readmeYury Chemerkin
 
Appendix f (digital) ssl certificates
Appendix f (digital) ssl certificatesAppendix f (digital) ssl certificates
Appendix f (digital) ssl certificatesYury Chemerkin
 
Appendix e (digital) md5s
Appendix e (digital) md5sAppendix e (digital) md5s
Appendix e (digital) md5sYury Chemerkin
 
Appendix d (digital) fqd ns
Appendix d (digital) fqd nsAppendix d (digital) fqd ns
Appendix d (digital) fqd nsYury Chemerkin
 
6071f3f4 40e6-4c7b-8868-3b0b21a9f601
6071f3f4 40e6-4c7b-8868-3b0b21a9f6016071f3f4 40e6-4c7b-8868-3b0b21a9f601
6071f3f4 40e6-4c7b-8868-3b0b21a9f601Yury Chemerkin
 
Zane lackey. security at scale. web application security in a continuous depl...
Zane lackey. security at scale. web application security in a continuous depl...Zane lackey. security at scale. web application security in a continuous depl...
Zane lackey. security at scale. web application security in a continuous depl...Yury Chemerkin
 
Windows 8. important considerations for computer forensics and electronic dis...
Windows 8. important considerations for computer forensics and electronic dis...Windows 8. important considerations for computer forensics and electronic dis...
Windows 8. important considerations for computer forensics and electronic dis...Yury Chemerkin
 
The stuxnet computer worm. harbinger of an emerging warfare capability
The stuxnet computer worm. harbinger of an emerging warfare capabilityThe stuxnet computer worm. harbinger of an emerging warfare capability
The stuxnet computer worm. harbinger of an emerging warfare capabilityYury Chemerkin
 
Stuxnet. analysis, myths, realities
Stuxnet. analysis, myths, realitiesStuxnet. analysis, myths, realities
Stuxnet. analysis, myths, realitiesYury Chemerkin
 
Stuxnet redux. malware attribution & lessons learned
Stuxnet redux. malware attribution & lessons learnedStuxnet redux. malware attribution & lessons learned
Stuxnet redux. malware attribution & lessons learnedYury Chemerkin
 
Sophos ransom ware fake antivirus
Sophos ransom ware fake antivirusSophos ransom ware fake antivirus
Sophos ransom ware fake antivirusYury Chemerkin
 
Six months later – a report card on google’s demotion of pirate sites
Six months later – a report card on google’s demotion of pirate sitesSix months later – a report card on google’s demotion of pirate sites
Six months later – a report card on google’s demotion of pirate sitesYury Chemerkin
 
Security in the cloud planning guide
Security in the cloud planning guideSecurity in the cloud planning guide
Security in the cloud planning guideYury Chemerkin
 
Security configuration recommendations for apple i os 5 devices
Security configuration recommendations for apple i os 5 devicesSecurity configuration recommendations for apple i os 5 devices
Security configuration recommendations for apple i os 5 devicesYury Chemerkin
 
Render man. hacker + airplanes = no good can come of this
Render man. hacker + airplanes = no good can come of thisRender man. hacker + airplanes = no good can come of this
Render man. hacker + airplanes = no good can come of thisYury Chemerkin
 

Plus de Yury Chemerkin (20)

Security Vulnerability Notice SE-2012-01-PUBLIC [Security vulnerabilities in ...
Security Vulnerability Notice SE-2012-01-PUBLIC [Security vulnerabilities in ...Security Vulnerability Notice SE-2012-01-PUBLIC [Security vulnerabilities in ...
Security Vulnerability Notice SE-2012-01-PUBLIC [Security vulnerabilities in ...
 
Red october. detailed malware description
Red october. detailed malware descriptionRed october. detailed malware description
Red october. detailed malware description
 
Comment crew indicators of compromise
Comment crew indicators of compromiseComment crew indicators of compromise
Comment crew indicators of compromise
 
Appendix g iocs readme
Appendix g iocs readmeAppendix g iocs readme
Appendix g iocs readme
 
Appendix f (digital) ssl certificates
Appendix f (digital) ssl certificatesAppendix f (digital) ssl certificates
Appendix f (digital) ssl certificates
 
Appendix e (digital) md5s
Appendix e (digital) md5sAppendix e (digital) md5s
Appendix e (digital) md5s
 
Appendix d (digital) fqd ns
Appendix d (digital) fqd nsAppendix d (digital) fqd ns
Appendix d (digital) fqd ns
 
6071f3f4 40e6-4c7b-8868-3b0b21a9f601
6071f3f4 40e6-4c7b-8868-3b0b21a9f6016071f3f4 40e6-4c7b-8868-3b0b21a9f601
6071f3f4 40e6-4c7b-8868-3b0b21a9f601
 
Jp3 13
Jp3 13Jp3 13
Jp3 13
 
Zane lackey. security at scale. web application security in a continuous depl...
Zane lackey. security at scale. web application security in a continuous depl...Zane lackey. security at scale. web application security in a continuous depl...
Zane lackey. security at scale. web application security in a continuous depl...
 
Windows 8. important considerations for computer forensics and electronic dis...
Windows 8. important considerations for computer forensics and electronic dis...Windows 8. important considerations for computer forensics and electronic dis...
Windows 8. important considerations for computer forensics and electronic dis...
 
The stuxnet computer worm. harbinger of an emerging warfare capability
The stuxnet computer worm. harbinger of an emerging warfare capabilityThe stuxnet computer worm. harbinger of an emerging warfare capability
The stuxnet computer worm. harbinger of an emerging warfare capability
 
Stuxnet. analysis, myths, realities
Stuxnet. analysis, myths, realitiesStuxnet. analysis, myths, realities
Stuxnet. analysis, myths, realities
 
Stuxnet redux. malware attribution & lessons learned
Stuxnet redux. malware attribution & lessons learnedStuxnet redux. malware attribution & lessons learned
Stuxnet redux. malware attribution & lessons learned
 
Sophos ransom ware fake antivirus
Sophos ransom ware fake antivirusSophos ransom ware fake antivirus
Sophos ransom ware fake antivirus
 
Six months later – a report card on google’s demotion of pirate sites
Six months later – a report card on google’s demotion of pirate sitesSix months later – a report card on google’s demotion of pirate sites
Six months later – a report card on google’s demotion of pirate sites
 
Security in the cloud planning guide
Security in the cloud planning guideSecurity in the cloud planning guide
Security in the cloud planning guide
 
Security configuration recommendations for apple i os 5 devices
Security configuration recommendations for apple i os 5 devicesSecurity configuration recommendations for apple i os 5 devices
Security configuration recommendations for apple i os 5 devices
 
Render man. hacker + airplanes = no good can come of this
Render man. hacker + airplanes = no good can come of thisRender man. hacker + airplanes = no good can come of this
Render man. hacker + airplanes = no good can come of this
 
Msft oracle brief
Msft oracle briefMsft oracle brief
Msft oracle brief
 

Dernier

Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 

Dernier (20)

Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 

Gaweł mikołajczyk. i pv6 insecurities at first hop

  • 1. IPv6 insecurities at First Hop Gaweł Mikołajczyk gmikolaj@cisco.com
  • 3. IPv6 Neighbor Discovery Fundamentals RFC 4861, Neighbor Discovery for IP Version 6 (IPv6) RFC 4862, IPv6 Stateless Address Autoconfiguration Used for: Router discovery IPv6 Stateless Address Auto Configuration (SLAAC) IPv6 address resolution (replaces ARP) Neighbor Unreachability Detection (NUD) Duplicate Address Detection (DAD) Redirection Operates above ICMPv6 Relies heavily on multicast (including L2-multicast) Works with ICMP messages and messages “options”
  • 4. IPv4 to IPv6 – Link model shift Announces default router Announces link parameters Router DHCP server „An IPv6 link” DHCP „An IPv4 link” server Assign addresses – Assign addresses IPv4 link model is DHCP-centric IPv6 link model is essentially distributed, with DHCP playing a Assign addresses minor role Announces default router Announces link parameters
  • 5. Cisco Current Roadmap Securing Link Operations: IETF SAVI WG First Hop Trusted Device Certificate Advantages server – central administration, central operation – Complexity limited to first hop – Transitioning lot easier – Efficient for threats coming from the link – Efficient for threats coming from outside Time server Disadvantages – Applicable only to certain topologies – Requires first-hop to learn about end-nodes – First-hop is a bottleneck and single-point of failure
  • 7. IPv6 Address Resolution – comparing with IPv4 ARP Creates neighbor cache entry, resolving IPv6 address into MAC address. Messages: Neighbor Solicitation (NS), Neighbor Advertisement (NA) A B C ICMP type = 135 (Neighbor Solicitation) Src = A NS Dst = Solicited-node multicast address of B Data = B Option = link-layer address of A Query = what is B’s link-layer address? ICMP type = 136 (Neighbor Advertisement) Src = one B’s IF address NA Dst = A Data = B Option = link-layer address of B A and B can now exchange packets on this link
  • 8. Attacking IPv6 Address Resolution Attacker can claim victim's IPv6 address. A B C NS Dst = Solicited-node multicast address of B Query = what is B’s link-layer address? NS Src = B or any C’s IF address NA Dst = A Data = B Option = link-layer address of C Countermeasures: Static Cache Entries, Address GLEAN, SeND (CGA) on routers, Integrity Guard (Address-Watch).
  • 9. Address GLEAN Gleaning means inspecting the Binding table DHCP- IPv6 MAC VLAN IF server H1 H2 H3 A1 MACH1 100 P1 A21 MACH2 100 P2 A22 MACH2 100 P2 NS [IP source=A1, LLA=MACH1] A3 MACH3 100 P3 REQUEST [XID, SMAC = MACH2] REPLY[XID, IPA21, IPA22] data [IP source=A3, SMAC=MACH3] DAD NS [IP source=UNSPEC, target = A3] DHCP LEASEQUERY NA [IP source=A1, LLA=MACH3] DHCP LEASEQUERY_REPLY H1 H2 H3
  • 10. IPv6 Duplicate Address Detection (DAD) Verify IPv6 address uniqueness, verify no neighbors claims the address Required (MUST) by SLAAC, recommended (SHOULD) by DHCP Messages: Neighbor Solicitation, Neighbor Advertisement A B C ICMP type = 135 (Neighbor Solicitation) Src = UNSPEC = 0::0 NS Dst = Solicited-node multicast address of A Data = A Query = Does anybody use A already? Node A starts using the address
  • 11. Attack On DAD Attacker hacks any victim's DAD attempts. Victim can't configure IP address and can't communicate. DoS condition. A C Src = UNSPEC Dst = Solicited-node multicast address of A Data = A NS Query = Does anybody use A already? Src = any C’s IF address NA “it’s mine !” Dst = A Data = A Option = link-layer address of C
  • 12. Device tracking Goal: to track active addresses (devices) on the link IPv6 MAC VLAN IF STATE A1 1 MACH1 H1 100 P1 REACH STALE H1 H2 H3 A21 21 MACH2 H2 100 P2 REACH A22 22 MACH2 H2 100 P2 REACH Address A3 MACH3 100 P3 STALE GLEAN Binding table – Keep track of device state – Probe devices when becoming stale – Remove inactive devices from the binding table – Record binding creation/deletion/changes DAD NS [IP source=UNSPEC, target = A1] NA [target = A1LLA=MACH1] DAD NS [IP source=UNSPEC, target = A3]
  • 13. IPv6 Source Guard Validating the source address of IPv6 traffic sourced from the link IPv6 MAC VLAN IF Binding table A1 MACA1 100 P1 H1 H2 H3 A21 MACA21 100 P2 A22 MACA22 100 P2 A3 MACA3 100 P3 Address GLEAN DAD NS [IP source=UNSPEC, target = A3] DHCP LEASEQUERY NA [target = A1LLA=MACA3] DHCP LEASEQUERY_REPLY P3 ::A3, MACA3 P1:: data, src= A1, SMAC = MACA1 – Allow traffic sourced with known IP/SMAC P2:: data src= A21, SMAC = MACA21 – Deny traffic sources P3:: data src= A3, SMAC = MACA3 with unknown IP/SMAC
  • 15. Why should you care about router stealing? $ ifconfig en1 en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500 ether 00:26:bb:xx:xx:xx inet6 fe80::226:bbff:fexx:xxxx%en1 IPv6 Network? Is there an prefixlen 64 scopeid 0x6 inet 10.19.19.118 netmask 0xfffffe00 broadcast 10.19.19.255 media: autoselect status: active $ ping6 -I en1 ff02::1%en1 PING6(56=40+8+8 bytes) fe80::226:bbff:fexx:xxxx%en1 --> ff02::1 16 bytes from fe80::226:bbff:fexx:xxxx%en1, icmp_seq=0 hlim=64 time=0.140 ms . . . Are there any IPv6 peers? 16 bytes from fe80::cabc:c8ff:fec3:fdef%en1, icmp_seq=3 hlim=64 time=402.112 ms ^C --- ff02::1%en1 ping6 statistics --- 4 packets transmitted, 4 packets received, +142 duplicates, 0.0% packet loss round-trip min/avg/max/std-dev = 0.140/316.721/2791.178/412.276 ms $ ndp -an Neighbor Linklayer Address Netif Expire St Flgs Prbs Configure a tunnel, enable forwarding, transmit RA 2001:xxxx:xxxx:1:3830:abff:9557:e33c 0:24:d7:5:6b:f0 en1 23h59m30s S . . . $ ndp -an | wc -l 64
  • 16. IPv6 Router Discovery  Find default/first-hop routers  Discover on-link prefixes => which destinations are neighbors Messages: Router Advertisements (RA), Router Solicitations (RS) B A Internet ICMP Type = 133 (Router Solicitation) RS Src = UNSPEC (or Host link-local address) Dst = All-routers multicast address (FF02::2) Query = please send RA ICMP Type = 134 (Router Advertisement) RA Src = Router link-local address Dst = All-nodes multicast address (FF02::1) Data = router lifetime, retranstime, autoconfig flag Option = Prefix, lifetime Use B as default gateway
  • 17. Attacking IPv6 Router Discovery Attacker tricks victim into accepting him as default router Based on rogue Router Advertisements The most frequent threat by non-malicious user B A C Internet RA Src = B’s link-local address Dst = All-nodes Data = router lifetime=0 Src = C’s link-local address RA Dst = All-nodes Data = router lifetime, autoconfig flag Options = subnet prefix, slla Node A sending off-link traffic to C
  • 18. IPv6 RA-Guard – Securing Router Discovery A C RA “I am the default gateway” Verification Router Advertisement Option: succeeded? prefix(s) Forward RA Switch selectively accepts or rejects RAs based on various criteria – ACL (configuration) based, learning-based or challenge (SeND) based. Hosts see only allowed RAs, and RAs with allowed content. More countermeasures: static routing, SeND, VLAN segmentation, PACL.
  • 19. IPv6 Stateless Address Auto-Configuration (SLAAC) Stateless, based on prefix information delivered in Router Advertisements. Messages: Router Advertisements, Router Solicitations B A Internet ICMP Type = 133 (Router Solicitation) RS Src = UNSPEC (or Host link-local address) Dst = All-routers multicast address (FF02::2) Query = please send RA ICMP Type = 134 (Router Advertisement) RA Src = Router link-local address Dst = All-nodes multicast address (FF02::1) Computes X::x, Y::y, Z::z Data = router lifetime, retranstime, autoconfig flag and DADs them Options = Prefix X,Y,Z, lifetime NS Source traffic with X::x, Y::y, Z::z
  • 20. Attacking IPv6 Stateless Address Auto-Configuration Attacker spoofs Router Advertisement with false on-link prefix Victim generates IP address with this prefix Access router drops outgoing packets from victim (ingress filtering) Incoming packets can't reach victim B A C Internet Src = B’s link-local address RA Dst = All-nodes Options = prefix X Preferred lifetime = 0 Deprecates X::A Src = B’s link-local address Computes BAD::A RA Dst = All-nodes and DAD it Options = prefix BAD, Preferred lifetime Node A sourcing off-link traffic to B with BAD::A Router B filters out BAD::A
  • 21. Cryptographically Generated Addresses CGA RFC 3972 (Simplified) Each devices has a RSA key pair (no need for cert) Ultra light check for validity Prevent spoofing a valid CGA address RSA Keys Priv Pub Modifier Public Key SHA-1 Subnet Prefix Signature CGA Params Subnet Interface Prefix Identifier SeND Messages Crypto. Generated Address
  • 22. Using SeND for router authorization Subject Name Certificate Authority Certificate Authority CA0 contains the list of authorized IPv6 Certificate C0 prefixes 1 provision Router certificate CR Router certificate 3 request provision 2 A Router R host ROUTER ADVERTISEMENT (SRC = R) Certificate Path Solicit (CPS): I trust CA0, who are you R? 4 5 Certificate Path Advertise (CPA): I am R, this is my certificate CR signed by CA0 6 Verify CR against CA0 Each node takes care of its own security 7 Verifies router legitimacy Insert R as default route Verifies address ownership
  • 23. SeND Deployment Challenges with boundaries ADMINISTRATIVE BOUNDARY CA CA CA Router Router Host Host Nodes must be provisioned with CA certificate(s) A chain of trust is easy to establish within the administrative boundaries, but very hard outside Very few IPv6 stacks support SeND today
  • 25. Reconnaissance in IPv6? Easy with Multicast. No need for reconnaissance anymore 3 site-local multicast addresses (not enabled by default) FF05::2 all-routers, FF05::FB mDNSv6, FF05::1:3 all DHCP servers Several link-local multicast addresses (enabled by default) FF02::1 all nodes, FF02::2 all routers, FF02::F all UPnP, … Source Destination Payload Attacker FF05::1:3 DHCP Attack 2001:db8:2::50 2001:db8:1::60 2001:db8:3::70 http://www.iana.org/assignments/ipv6-multicast-addresses/
  • 26. Remote address resolution cache exhaustion X Gateway PFX::/64 X scanning 2 64 addresses (ping PFX::a, PFX::b, …PFX::z) Dst = Solicited-node multicast address of PFX::a Query = what is PFX::a ’s link-layer address? NS 3 seconds history Dst = Solicited-node multicast address of PFX::b Query = what is PFX::b ’s link-layer address? NS Dst = Solicited-node multicast address of PFX::z Query = what is PFX::z’s link-layer address? NS Countermeasures: address provisioning mechanisms and filtering on routers, Destination Guard on switches
  • 27. Destination guard – mitigating cache exhaustion L3 switch host B Internet Binding table Neighbor cache Address glean Scanning {P/64} Src=D1 Src=Dn Lookup D1 NO found Forward packet Mitigate prefix-scanning attacks and Protect ND cache Useful at last-hop router and L3 distribution switch Drops packets for destinations without a binding entry
  • 28. Mitigating Remote Neighbor Cache Exhaustion Built-in rate limiter but no option to tune it Since 15.1(3)T: ipv6 nd cache interface-limit Or IOS-XE 2.6: ipv6 nd resolution data limit Destination-guard is coming with First Hop Security phase 3 Using a /64 on point-to-point links => a lot of addresses to scan! Using /127 could help (RFC 6164) Internet edge/presence: a target of choice Ingress ACL permitting traffic to specific statically configured (virtual) IPv6 addresses only Using infrastructure ACL prevents this scanning iACL: edge ACL denying packets addressed to your routers Easy with IPv6 because new addressing scheme can be done 
  • 29. YOUR IPS CAN HELP, PROBABLY
  • 30. Detecting native IPv6 Traffic Example: ICMPv6 Traffic for Neigbor discovery / Router advertisements
  • 31. Usage of Dual-Stack on all Engines Service HTTP
  • 32. What your IPS should support now Can detect IPv6 tunnels in IPv4 IPv6 in IPv4 IPv6 in MPLS tunnel Teredo destination IP address Teredo source port Teredo destination port Teredo data packet And more? Detect DNS request for ISATAP Detect traffic to 6to4 anycast server
  • 33. Intrusion Prevention for L2 Security ICMPv6 Signatures for Attack mitigation and visibility, including NA, NS, RA, RS.
  • 34. IPS for Virtual Switching with ERSPAN Extends the Local SPAN to send packets outside local host (VEM) Can be used to monitor the traffic on ERSPAN DST Virtual Switch remotely ID:2 ID:1 One or more source: NAM Type: Ethernet, Vethernet, Port-Channel, VLAN Direction: Receive (Ingress) / Transmit (Egress) / Both Management IP based destination Console ERSPAN VMkernel ERSPAN ID provides segmentation NEXUS 1000v Permit protocol type header 0x88be for ERSPAN GRE VM VM VM VM ESXi
  • 35. PUTTING IT ALL TOGETHER
  • 36. Features for IPv6 First-Hop Security Switches do/will integrate a set of monitoring, inspection and guard features for a variety of security-centric purposes: 1. RA-guard 2. Address NDP address glean/inspection (NDP+DHCP+data) 3. Integrity guard (Address watch/ownership enforcement) 4. Device Tracking 5. DHCP-guard 6. DAD/Resolution proxy 7. Source-guard (SAVI) 8. Destination-guard 9. DHCP L2 relay Ask your vendor.for current support and serious roadmap. cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-roadmap.html
  • 37. First Hop Security Phase I in 2010 Protecting against Rogue RA Port ACL (see later) blocks all ICMPv6 Router Advertisements from hosts interface FastEthernet3/13 RA switchport mode access ipv6 traffic-filter ACCESS_PORT in RA access-group mode prefer port RA-guard feature in host mode (12.2(33)SXI4 & 12.2(54)SG ): also dropping all RA received on this port interface FastEthernet3/13 RA switchport mode access RA ipv6 nd raguard access-group mode prefer port RA
  • 38. IPv6 Snooping Phase II and III Phase II Phase III  DHCP Guard  Destination Guard  Source Guard  Prefix Guard  Multi Switch operation  DAD Proxy  RA Throttler  Binding Table Recovery  NDP Multicast Suppress  SVI support
  • 39. The bottom line Look inside NetFlow records Protocol 41: IPv6 over IPv4 or 6to4 tunnels IPv4 address: 192.88.99.1 (6to4 anycast server) UDP 3544, the public part of Teredo, yet another tunnel Look into DNS server log for resolution of ISATAP Beware of the IPv6 latent threat: Your IPv4-only network may be vulnerable to IPv6 attacks now.