IPv6_RH_security-csw07

IPv6_RH_security-csw07 - IPv6 prerequisite All about...

Info iconThis preview shows pages 1–7. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: IPv6 prerequisite All about Routing Header extension Security implications Solutions and workaround IPv6 Routing Header Security. Philippe BIONDI Arnaud EBALARD phil(at)secdev.org / philippe.biondi(at)eads.net arno(at)natisbad.org / arnaud.ebalard(at)eads.net EADS Innovation Works IW/SE/CS IT Sec lab Suresnes, FRANCE CanSecWest 2007 P. Biondi / A. Ebalard IPv6 Routing Header Security. 1/57 IPv6 prerequisite All about Routing Header extension Security implications Solutions and workaround Outline 1 IPv6 prerequisite IPv6 : the protocol Think different, Think IPv6 2 All about Routing Header extension Definition RH odds RH handling by IPv6 stacks 3 Security implications Advanced Network Discovery Bypassing filtering devices DoS Defeating Anycast 4 Solutions and workaround Filtering RH : problems and needs Practical filtering P. Biondi / A. Ebalard IPv6 Routing Header Security. 2/57 IPv6 prerequisite All about Routing Header extension Security implications Solutions and workaround IPv6 : the protocol Think different, Think IPv6 Outline 1 IPv6 prerequisite IPv6 : the protocol Think different, Think IPv6 2 All about Routing Header extension Definition RH odds RH handling by IPv6 stacks 3 Security implications Advanced Network Discovery Bypassing filtering devices DoS Defeating Anycast 4 Solutions and workaround Filtering RH : problems and needs Practical filtering P. Biondi / A. Ebalard IPv6 Routing Header Security. 3/57 IPv6 prerequisite All about Routing Header extension Security implications Solutions and workaround IPv6 : the protocol Think different, Think IPv6 Structural differences with IPv4 New header format From 14 to 8 fields Extension Header Information Flow Label Version Traffic Class Payload Length Next Header Hop Limit Source IPv6 Address Destination IPv6 Address 40 octets Next Header Taille variable Payload 20 4 8 8 8 16 128 8 128 32 bits P. Biondi / A. Ebalard IPv6 Routing Header Security. 4/57 IPv6 prerequisite All about Routing Header extension Security implications Solutions and workaround IPv6 : the protocol Think different, Think IPv6 Structural differences with IPv4 Chaining and extensions Goodbye IP options, welcome IPv6 extensions! Fragment Header IPv6 TCP TCP Data Next header IPv6 ICMPv6 ICMPv6 Next header IPv6 ESP ESP Next header UDP UDP Data Next header 1 2 3 IPv6 ICMPv6 ICMPv6 Next header Routing Header Routing Header Next header Fragment Header Next header P. Biondi / A. Ebalard IPv6 Routing Header Security. 5/57 IPv6 prerequisite All about Routing Header extension Security implications Solutions and workaround IPv6 : the protocol Think different, Think IPv6 Functional differences with IPv4 Forget all you knew about IPv4 Autoconfiguration Mechanisms ARP is gone. Replaced and extended by Neighbor Discovery Broadcast replaced by link-local scope multicast End-to-End principle Extended address space provides global addressing Releasing core routers from intensive computation....
View Full Document

This note was uploaded on 04/19/2008 for the course ECE 18731 taught by Professor Perrig during the Spring '08 term at Carnegie Mellon.

Page1 / 61

IPv6_RH_security-csw07 - IPv6 prerequisite All about...

This preview shows document pages 1 - 7. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online