sa safer er si six
play

Sa Safer er Si Six IP IPv6 v6 Se Security urity in a Nut - PowerPoint PPT Presentation

Nov 13, 2023 •214 likes •551 views

Sa Safer er Si Six IP IPv6 v6 Se Security urity in a Nut utsh shel ell Joha hann nna a Ull llrich ich I think there is a world market for maybe five computers Thomas Watson Reasons nicholsoncartoons.com.au connect.de

  1. Sa Safer er Si Six IP IPv6 v6 Se Security urity in a Nut utsh shel ell Joha hann nna a Ull llrich ich

  3. „I think there is a world market for maybe five computers “ Thomas Watson

  4. Reasons nicholsoncartoons.com.au connect.de Pattern Address class Range 0 A 0 – 127 10 B 129 – 191 110 C 192 – 223 1110 D 224 – 239 1111 E 240 – 255 networkworld.com

  5. „Computers in the future may […] weigh only 1.5 tons “ Popular Mechanics, 1949

  6. in Workshop on Offensive Technologies, 2014

  8. WHAT IS NEW?

  9. Remember the IPv4 Format … 0 1 3 4 IHL Total Length Vers. Type of Service Identification Fragment Offset Flag Time to Live Protocol Header Checksum Source Address Destination Address Variable header size Minimal length of 20 byte

  10. IPv6 Header Format 0 1 4 3 Flow Label Traffic Class Ver. Next Header Payload Length Hop Limit Source Address Destination Address

  11. What happend to …? Replaced by Replaced by Traffic Class Payload Length 0 1 3 4 IHL Total Length Vers. Type of Service Identification Fragment Offset Flag Time to Live Protocol Header Checksum Source Address Destination Address Just renamed to Hop Limit Dropped due to overhead in routers Extended to 128 bit each Moved to so-called Extension Headers

  12. IPv6 Header Format 0 1 4 3 Flow Label Traffic Class Ver. Next Header Payload Length Hop Limit Source Address Destination Address

  13. SECURITY VULNERABILITIES

  14. Extension Headers IPv6 Extension IPv6 Header Protocol Protocol … Transport Layer IPv6 Extension Protocol Protocol Protocol • Hop-by-Hop Options Header • Destination Options Header • Routing Header • Fragment Header

  15. Internet Control Message Protocol Internet Control Internet Control Message Protocol v4 Message Protocol v6 IPv4 IPv6 Address Resolution Protocol Stateless General Neighbor + = + Address control Discovery ICMPv6 Autoconfig messages Protocol Don‘t block ICMPv6 totally!

  16. Router Advertisments OK. OK. Das ist Netzwerk X. OK. OK.

  17. Router Advertisments OK. OK. Das ist Netzwerk X. OK. OK.

  18. Router Advertisements OK. OK. OK. Das ist Netzwerk Y.

  19. Routing Loops IPv4 network D: IPv4 A Encapsulation in IPv4 IPv4 A IPv4 B Prefix A Prefix B Decapsulation D: Prefix B (IPv4 A) IPv6 network

  20. Teredo Server Loop Bubble packet Bubble packet Teredo server Indefinite loop

  21. Multicast Listener MLD General Query MLD Report Node A … see next talk … Router Sent to all router multicast! Attacker

  22. PRIVACY VULNERABILITIES

  23. IPv6 Addresses General Format Prefix Interface Identifier 64 bit 64 bit Interface Identifier Modified EUI-Format, Privacy Extension, DHCP, Manually assigned, etc.

  24. Reconaissance End nodes Routers • Source: Malone D., „Observation of IPv6 Addresses “, 2008

  25. Reconnaissance 18 446 744 073 709 551 616 Interface Identifier in one /64 Educated guess necessary:

  26. Example: Limit search by Reverse DNS Reverse DNS: [IPv6 address].ip6.arp NXDOMAIN NOERROR (empty non-terminals)

  27. METHODOLOGY

  29. Countermeasures

  31. Future Challenges Addressing Securing the Local Network Reconnaissance

  32. Generation Next – Generation Best? IPv4 as intended IPv4 as known IPv6 as intended IPv6 as known

  33. Thank you! Johanna Ullrich SBA Research jullrich@sba-research.org Engineering & Technology, August 2012

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The Safer Wealden Partnership Delivering Safer Communities in a Two Tier Area Dr Jeremy

The Safer Wealden Partnership Delivering Safer Communities in a Two Tier Area Dr Jeremy

The Safer Wealden Partnership Delivering Safer Communities in a Two Tier Area Dr Jeremy Leach Public Health Development Manager Wealden District Council A Presentation in Two Parts Part 1 Organisation of the Safer Wealden Partnership

252 views • 9 slides
Building From The Ground Up: Safer Foundation Diane Williams President and CEO, Safer

Building From The Ground Up: Safer Foundation Diane Williams President and CEO, Safer

Building From The Ground Up: Safer Foundation Diane Williams President and CEO, Safer Foundation CSOSA Conference December, 2010 www.s aferfoundation.org www.s aferfoundation.org 1 Todays Presentation Who we are How we operate

455 views • 31 slides
Safer Surrey A Whole Family Approach Safer Surrey is a whole system approach spanning

Safer Surrey A Whole Family Approach Safer Surrey is a whole system approach spanning

Safer Surrey A Whole Family Approach Safer Surrey is a whole system approach spanning Children, Schools and Families. Supported by the Surrey Safeguarding Children Board (SSCB) it encompasses all of our partners. Whole System provision

238 views • 21 slides
Safer Market Street March 6, 2015 Engineering Public Hearing Safer Market Street: Vision Zero in

Safer Market Street March 6, 2015 Engineering Public Hearing Safer Market Street: Vision Zero in

Safer Market Street March 6, 2015 Engineering Public Hearing Safer Market Street: Vision Zero in Action Vision Zero: The Citys p olicy Auto vs. Bike/Ped commitment to eliminate all Collisions traffic fatalities by 2024 100% Market

598 views • 10 slides
IM Injections: Is There A Safer Way???? By Jackie Rothermel, RN PICO CO Question tion? If

IM Injections: Is There A Safer Way???? By Jackie Rothermel, RN PICO CO Question tion? If

IM Injections: Is There A Safer Way???? By Jackie Rothermel, RN PICO CO Question tion? If nurses on 5B medical- surgical unit at UPMC St. Margaret Hospital received current evidence regarding safer IM injections, will they consider

370 views • 13 slides
Accelerating nanotech innovations through a safer-by-design approach 2 - 10 May 2019 European

Accelerating nanotech innovations through a safer-by-design approach 2 - 10 May 2019 European

SAFER NANOMATERIALS Accelerating nanotech innovations through a safer-by-design approach 2 - 10 May 2019 European Scientific Institute, Archamps, France (Greater Geneva) www.safernanodesign.eu The problem... Philippe Sabatier, UNIVERSIT

325 views • 7 slides
Presentation by Dr Paul Grime Chair of UK Safer Needles Network European Biosafety Summit, Dublin

Presentation by Dr Paul Grime Chair of UK Safer Needles Network European Biosafety Summit, Dublin

Presentation by Dr Paul Grime Chair of UK Safer Needles Network European Biosafety Summit, Dublin 1 June 2011 Safer Needles Network UK The Safer Needles Network is made up of trade unions, professional organisations, clinicians, government

467 views • 9 slides
Californias Safer Consumer Products Independent Review Panel June 14, 2017 Meredith Williams,

Californias Safer Consumer Products Independent Review Panel June 14, 2017 Meredith Williams,

Californias Safer Consumer Products Independent Review Panel June 14, 2017 Meredith Williams, Deputy Director, Safer Products and Workplaces Program Karl Palmer, Branch Chief, Safer Consumer Products Branch Cal/EPA Department of Toxic

882 views • 65 slides
Safer Internet Day 10 February 2015 Get involved! The partners Introduction to Childnet

Safer Internet Day 10 February 2015 Get involved! The partners Introduction to Childnet

Safer Internet Day 10 February 2015 Get involved! The partners Introduction to Childnet Educating young people, Coordinating Safer Creating innovative parents and carers and Internet Day in the UK educational resources the childrens

188 views • 15 slides
Towards safer Concurrent Device Drivers Making Safer Concurrent Device Drivers. Modeling RMoX

Towards safer Concurrent Device Drivers Making Safer Concurrent Device Drivers. Modeling RMoX

Concurrent Device Drivers Martin Ellis Motivation Towards safer Concurrent Device Drivers Making Safer Concurrent Device Drivers. Modeling RMoX Drivers in CSP Previous Work The Problem Our Technique Resource Driver Martin Ellis

605 views • 32 slides
SEkFER S@IFE R www . safer - jobs . com Looking Ahead a t Aims . To increase fraud prevention

SEkFER S@IFE R www . safer - jobs . com Looking Ahead a t Aims . To increase fraud prevention

SEkFER S@IFE R www . safer - jobs . com Looking Ahead a t Aims . To increase fraud prevention work To increase job board activit y To increase volume of fraud intelli g enc e To improve SAFE Rjobs visibilit y S@IFE R www . safer -

564 views • 21 slides
IHI Expedition Expedition: Making Mental Health Care Safer in the Hospital Setting Session 2:

IHI Expedition Expedition: Making Mental Health Care Safer in the Hospital Setting Session 2:

4/27/2015 December 16, 2014 These presenters have nothing to disclose IHI Expedition Expedition: Making Mental Health Care Safer in the Hospital Setting Session 2: Making the Physical Environment Safer Richard Wohl James F. ODea, PhD,

436 views • 15 slides
Addendum to Safer Plymouth Governance Presentation Feedback from Consultation Event 11.9.19 The

Addendum to Safer Plymouth Governance Presentation Feedback from Consultation Event 11.9.19 The

Addendum to Safer Plymouth Governance Presentation Feedback from Consultation Event 11.9.19 The consultation event was open to existing members of the Safer Plymouth partnership theme groups and to the Trauma Informed Plymouth Network membership.

351 views • 3 slides
Advancing Sustainability: Advancing Sustainability: Seeking Safer Alternatives Seeking Safer

Advancing Sustainability: Advancing Sustainability: Seeking Safer Alternatives Seeking Safer

Advancing Sustainability: Advancing Sustainability: Seeking Safer Alternatives Seeking Safer Alternatives to Products and Processes to Products and Processes April 2010 April 2010 Nike, Inc. Product Chemistry Regulation Proliferation (US)

531 views • 10 slides
10 good reasons to choose GripTop GripTop covers are virtually invisible when dressed to

10 good reasons to choose GripTop GripTop covers are virtually invisible when dressed to

Making danger zones safer Additional safety where it matters most Helping to prevent accidents and save lives Contributing to the success of the New Deal for Transport through safer roads This is the GripTop promise

441 views • 6 slides
A1303 Safer Roads Project Stow-Cum-Quy to A11 Flyover Parish Council Presentation 4 th December

A1303 Safer Roads Project Stow-Cum-Quy to A11 Flyover Parish Council Presentation 4 th December

A1303 Safer Roads Project Stow-Cum-Quy to A11 Flyover Parish Council Presentation 4 th December 2017 AGENDA The Department for Transport (DfT) Safer Roads Fund EuroRAP pathfinder project Funded countermeasures Way forward

202 views • 19 slides
CS615 - System Administration Networking II Department of Computer Science Stevens Institute of

CS615 - System Administration Networking II Department of Computer Science Stevens Institute of

CS615 - System Administration Slide 1 CS615 - System Administration Networking II Department of Computer Science Stevens Institute of Technology Jan Schaumann jschauma@stevens.edu https://stevens.netmeister.org/615/ Networking II March 2,

695 views • 68 slides
61A Lecture 35 No lab on Tuesday 11/25 & Wednesday 11/26 The week of 12/1: Homework 10

61A Lecture 35 No lab on Tuesday 11/25 & Wednesday 11/26 The week of 12/1: Homework 10

Announcements Homework 9 (6 pts) due Wednesday 11/26 @ 11:59pm Homework Party Monday 6pm-8pm in 2050 VLSB Guest in live lecture, TA Soumya Basu, on Monday 11/24 Optional Scheme recursive art contest due Monday 12/1 @ 11:59pm No

199 views • 3 slides
Network Topology JOHNNY JACOBS Networks as Graphs Simplified abstraction Intuitive

Network Topology JOHNNY JACOBS Networks as Graphs Simplified abstraction Intuitive

Network Topology JOHNNY JACOBS Networks as Graphs Simplified abstraction Intuitive Nodes are hosts, routers, switches Edges are connections Allows simulation Convenient Cost effective What is Topology? Generally

353 views • 21 slides
Quest for Engagement: Innovative Library Instruction with Games-Based Learning Maura A. Smale,

Quest for Engagement: Innovative Library Instruction with Games-Based Learning Maura A. Smale,

Quest for Engagement: Innovative Library Instruction with Games-Based Learning Maura A. Smale, NYC College of Technology, CUNY Mary Snyder Broussard, Lycoming College Scott Rice, Appalachian State University ACRL National Conference,

464 views • 42 slides
CSE 6345 Mobile Computer Systems Topic 3 : Mobile IP With Dr. Mohan Kumar Kumar 1 Mobile IP

CSE 6345 Mobile Computer Systems Topic 3 : Mobile IP With Dr. Mohan Kumar Kumar 1 Mobile IP

CSE 6345 Mobile Computer Systems Topic 3 : Mobile IP With Dr. Mohan Kumar Kumar 1 Mobile IP Internet Access Access to information IP connectivity PDAs, cellular phones etc. Kumar 2 Mobile IP Internet Access Access to information IP

367 views • 34 slides
CompSci 356: Computer Network Architectures Lecture 20: Domain Name System (DNS) and Content

CompSci 356: Computer Network Architectures Lecture 20: Domain Name System (DNS) and Content

CompSci 356: Computer Network Architectures Lecture 20: Domain Name System (DNS) and Content distribution networks Chapter 9.3.1 Xiaowei Yang xwy@cs.duke.edu Overview Domain Name System Content Distribution Networks Domain Name

777 views • 50 slides
Presented by: Mark Elkins Invitation to ICANN GNSO ISPCP The Internet Service Providers

Presented by: Mark Elkins Invitation to ICANN GNSO ISPCP The Internet Service Providers

Presented by: Mark Elkins Invitation to ICANN GNSO ISPCP The Internet Service Providers Connectivity Providers Constituency, ICANN Generic Names Supporting Organization What is ICANN Internet Corporation for Assigned Names and

130 views • 9 slides
Network Threats & Attacks 1 Internet Structure backbone ISP local network Internet

Network Threats & Attacks 1 Internet Structure backbone ISP local network Internet

CS 134 Winter 2018 Lecture 16 Network Threats & Attacks 1 Internet Structure backbone ISP local network Internet service Autonomous system (AS) is a provider (ISP) collection of IP networks under control local network of a single

769 views • 54 slides

More recommend