IPv6 Routing Header Security.pdf

(3842 KB) Pobierz

IPv6prerequisite

AllaboutRoutingHeaderextension

Securityimplications

Solutionsandworkaround

IPv6RoutingHeaderSecurity.

PhilippeBIONDIArnaudEBALARD

phil(at)secdev.org / philippe.biondi(at)eads.net

arno(at)natisbad.org / arnaud.ebalard(at)eads.net

EADSInnovationWorks—IW/SE/CS

ITSeclab

Suresnes,FRANCE

CanSecWest2007

P.Biondi/A.Ebalard

IPv6RoutingHeaderSecurity.

1/57

813354149.104.png

813354149.115.png

813354149.126.png

813354149.137.png

813354149.001.png

813354149.012.png

813354149.022.png

813354149.033.png

813354149.044.png

813354149.055.png

813354149.063.png

813354149.064.png

813354149.065.png

813354149.066.png

813354149.067.png

813354149.068.png

813354149.069.png

813354149.070.png

813354149.071.png

813354149.072.png

813354149.073.png

IPv6prerequisite

AllaboutRoutingHeaderextension

Securityimplications

Solutionsandworkaround

Outline

1 IPv6prerequisite

IPv6:theprotocol

Thinkdierent,ThinkIPv6

2 AllaboutRoutingHeaderextension

Deﬁnition

RHodds

RHhandlingbyIPv6stacks

3 Securityimplications

AdvancedNetworkDiscovery

Bypassingﬁlteringdevices

DoS

DefeatingAnycast

4 Solutionsandworkaround

FilteringRH:problemsandneeds

Practicalﬁltering

P.Biondi/A.Ebalard

IPv6RoutingHeaderSecurity.

2/57

813354149.074.png

813354149.075.png

813354149.076.png

813354149.077.png

813354149.078.png

813354149.079.png

813354149.080.png

813354149.081.png

813354149.082.png

813354149.083.png

813354149.084.png

813354149.085.png

813354149.086.png

813354149.087.png

813354149.088.png

IPv6prerequisite

AllaboutRoutingHeaderextension

Securityimplications

Solutionsandworkaround

IPv6:theprotocol

Thinkdierent,ThinkIPv6

Outline

1 IPv6prerequisite

IPv6:theprotocol

Thinkdierent,ThinkIPv6

2 AllaboutRoutingHeaderextension

Deﬁnition

RHodds

RHhandlingbyIPv6stacks

3 Securityimplications

AdvancedNetworkDiscovery

Bypassingﬁlteringdevices

DoS

DefeatingAnycast

4 Solutionsandworkaround

FilteringRH:problemsandneeds

Practicalﬁltering

P.Biondi/A.Ebalard

IPv6RoutingHeaderSecurity.

3/57

813354149.089.png

813354149.090.png

813354149.091.png

813354149.092.png

813354149.093.png

813354149.094.png

813354149.095.png

813354149.096.png

813354149.097.png

813354149.098.png

813354149.099.png

813354149.100.png

813354149.101.png

813354149.102.png

813354149.103.png

IPv6prerequisite

AllaboutRoutingHeaderextension

Securityimplications

Solutionsandworkaround

IPv6:theprotocol

Thinkdierent,ThinkIPv6

StructuraldierenceswithIPv4

Newheaderformat

From14to8ﬁelds

32 bits

4

8

20

Version

Traffic Class

Payload Length

Flow Label

8

16

128

8

Next Header

Hop Limit

Source IPv6 Address

40 octets

128

Destination IPv6 Address

8

Next Header

Taille variable

Extension Header Information

Payload

P.Biondi/A.Ebalard

IPv6RoutingHeaderSecurity.

4/57

813354149.105.png

813354149.106.png

813354149.107.png

813354149.108.png

813354149.109.png

813354149.110.png

813354149.111.png

813354149.112.png

813354149.113.png

813354149.114.png

813354149.116.png

813354149.117.png

813354149.118.png

813354149.119.png

813354149.120.png

813354149.121.png

813354149.122.png

813354149.123.png

813354149.124.png

813354149.125.png

813354149.127.png

813354149.128.png

813354149.129.png

813354149.130.png

813354149.131.png

813354149.132.png

813354149.133.png

813354149.134.png

813354149.135.png

813354149.136.png

813354149.138.png

813354149.139.png

813354149.140.png

813354149.141.png

813354149.142.png

813354149.143.png

813354149.144.png

813354149.145.png

813354149.146.png

813354149.147.png

813354149.002.png

813354149.003.png

813354149.004.png

813354149.005.png

813354149.006.png

813354149.007.png

813354149.008.png

813354149.009.png

813354149.010.png

813354149.011.png

813354149.013.png

813354149.014.png

813354149.015.png

813354149.016.png

IPv6prerequisite

AllaboutRoutingHeaderextension

Securityimplications

Solutionsandworkaround

IPv6:theprotocol

Thinkdierent,ThinkIPv6

StructuraldierenceswithIPv4

Chainingandextensions

GoodbyeIPoptions,welcomeIPv6extensions!

1

IPv6

ICMPv6

ICMPv6

Next header

IPv6

TCP

Data

2

TCP

Next header

3

IPv6

ESP

UDP

Data

ESP

UDP

Next header

Next header

Routing

Header

Fragment

Header

ICMPv6

IPv6

Routing

Header

Next header

Fragment

Header

Next header

ICMPv6

Next header

P.Biondi/A.Ebalard

IPv6RoutingHeaderSecurity.

5/57

813354149.017.png

813354149.018.png

813354149.019.png

813354149.020.png

813354149.021.png

813354149.023.png

813354149.024.png

813354149.025.png

813354149.026.png

813354149.027.png

813354149.028.png

813354149.029.png

813354149.030.png

813354149.031.png

813354149.032.png

813354149.034.png

813354149.035.png

813354149.036.png

813354149.037.png

813354149.038.png

813354149.039.png

813354149.040.png

813354149.041.png

813354149.042.png

813354149.043.png

813354149.045.png

813354149.046.png

813354149.047.png

813354149.048.png

813354149.049.png

813354149.050.png

813354149.051.png

813354149.052.png

813354149.053.png

813354149.054.png

813354149.056.png

813354149.057.png

813354149.058.png

813354149.059.png

813354149.060.png

813354149.061.png

813354149.062.png

Plik z chomika:

Inne pliki z tego folderu:

IPV6 Transition IPV6 Products and Setup.pdf (206 KB)
Integrating IPv6 into an IPv4 Network.pdf (3358 KB)
IPv6 Addressing & Routing Protocols.pdf (2212 KB)
IPv6 Host configuration.pdf (1787 KB)
IPV BGP Routing.pdf (322 KB)

Inne foldery tego chomika:

Zgłoś jeśli naruszono regulamin