Methodology for DNS Cache Poisoning Vulnerability Analysis of DNS64 Implementations

The trustworthy operation of the DNS service is a very important precondition for a secure Internet. As we point it out, DNS cache poisoning could be even more dangerous if it is performed against DNS64 servers. Based on RCF 5452, we give an introduction to the three main components of DNS cache poisoning vulnerability, namely Transaction ID prediction, source port number prediction, and birthday paradox based attack, which is possible if a DNS or DNS64 server sends out multiple equivalent queries (with identical QNAME, QTYPE, and QCLASS fields) concurrently. We design and implement a methodology and a testbed, which can be used for the systematic testing of DNS or DNS64 implementations, whether they are susceptible to these three vulnerabilities. We perform the tests with the following DNS64 implementations: BIND, PowerDNS, Unbound, TOTD (two versions) and mtd64-ng. As for the testbed, we use three virtual Linux machines executed by a Windows 7 host. As for tools, we use VMware Workstation 12 Player for virtualization, Wireshark and tshark for monitoring, dns64perf for Transaction ID and source port predictability tests, and our currently developed "birthday-test" program for concurrently sent multiple equivalent queries testing. Our methodology can be used for DNS cache poisoning vulnerablility analysis of further DNS or DNS64 implementations. A testbed with the same structure may be used for security vulnerablility analysis of DNS or DNS64 servers and also NAT64 gateways concerning further threats

A Comprehensive Survey on the Most Important IPv4aaS IPv6 Transition Technologies, their Implementations and Performance Analysis

As the central public IPv4 address pool has already been exhausted, the deployment of IPv6 has become inevitable. However, the users still require IPv4 Internet access due to some IPv4-only applications. The IPv4aaS (IPv4-as-a-Service) IPv6 transition technologies facilitate that ISPs provide IPv4 service to their customers while using only IPv6 in their access and core networks. This paper discusses the widely used IPv4aaS IPv6 transition technologies in ISP/enterprise networks; we explain their operations, advantages, properties and consider their performances. There are currently many IPv6 transition technologies, nevertheless, in this paper, the five most prominent IPv4aaS IPv6 transition technologies are discussed, namely 464XLAT, Dual-Stack Lite, Lightweight 4over6, MAP-E, and MAP-T. Moreover, the deployment and implementations of these technologies are being analysed and inspected. This paper also overviews the benchmarking methodology for IPv6 transition technologies and surveys several papers that investigated metrics and tools utilized in analysing the performance of different IPv6 transition technologies

Transient-based Automatic Incident Detection Method for Intelligent Transport Systems

One of the major problems of traffic in big cities today is the occurrence of congestion phenomena on the road network, which has several serious effects not only on the lives of drivers, but also on city inhabitants. In order to deal with these phenomena, it is essential to have an in-depth understanding of the processes that lead to the occurrence of congestion and its spilling over into contiguous areas of the city

Implantação e análise do protocolo IPv6 com foco na mobilidade

Dissertação (mestrado)—Universidade de Brasília, Instituto de Ciências Exatas, Departamento de Ciência Da Computação, 2015.A Internet tem crescido exponencialmente desde a sua implantação comercial em meados de 1980. A pilha de protocolo TCP / IP foi projetada para permitir a comunicação entre os hosts através de redes. Na sua versão 4, o protocolo IP foi capaz de suportar o crescimento da Internet até ao presente momento, mas o seu endereçamento de 32 bits está esgotado, e não há mais endereços disponíveis para uma redistribuição. Além deste fato, há o conceito de utilização de dispositivos com suporte a mobilidade, uma realidade que requer soluções robustas e acessíveis. Esse assunto é o cerne do desenvolvimento deste trabalho. O problema abordado nesta pesquisa é como implementar o protocolo IPv6 em uma rede corporativa, seguindo as normas, sem interferir com a sua capacidade operacional e fazer uso deste recurso de mobilidade, dando condições para alcançar uma otimização na transmissão de dados entre as Organizações Militares (OM ), distribuídas por todo o país, realizando uma análise a respeito tanto a migração do IPv4 para o IPv6 nas infra-estruturas de rede do Exército Brasileiro, com foco em mobilidade no âmbito deste novo protocolo. Este trabalho pretende alertar os envolvidos nos setores brasileiros de tecnologia do Exército sobre o atraso atual em relação ao resto do mundo na adoção deste protocolo, estreitar o ponto sob conceitos de mobilidade para comunicação, seus laços dando uma atenção especial que com este aplicação, todo o pessoal poderia ser capaz de se conectar em diferentes organizações militares, usando suas credenciais de sua organização, permitindo que um único registro pode ser usado em diferentes pontos sem perda ou restrição de qualquer acesso aos serviços. Através do estudo e análise das normas e requisitos de transição do IPv4 para o IPv6, bem como o uso de IPv6 móvel, este estudo se concentra na identificação configurações físicas e lógicas que podem apoiar ou impedir a sua correta aplicação por meio de um ambiente simulado em uma organização específica exército brasileiro descrito como uma prova de conceito. Este ambiente teve uma análise topológica e verificação das métricas de QoS das aplicações instaladas sobre o meio ambiente e com isso foi possível avaliar a sua viabilidade e impacto sobre os ambientes envolvidos.The Internet has grown exponentially since its commercial deployment in the middle of 1980's. The stack of TCP / IP protocol was designed to enable communication between hosts over networks. In its version 4, the IP protocol was able to support the growth of the Internet until the present time, but its 32-bit addressability is exhausted, and there is no more addresses available to be redistributed. In addition to this fact there is the concept of using devices with mobility support, a reality that requires robust and affordable solutions. That subject is the core of the development of this work. The problem addressed in this research is how to deploy IPv6 protocol in a corporate network by following the standards, without interfering with its operational capacity and make use of this mobility feature, giving conditions to achieve an optimization in data transmission between the Military Organizations (OM), distributed all over the country, performing an analysis regarding both the migration from IPv4 to IPv6 in the Brazilian Army network infrastructures, focusing on under this new protocol mobility. This work intend to alert those involved in Brazilian Army technology sectors about the current delay in relation to the rest of the world in the adoption of this protocol, narrow the point under concepts of mobility to communication, their ties giving an special attention that with this implementation, all personnel could be able to connect in different military organizations, using their credentials from their organization, allowing a single register can be used in different points without loss or restriction of any access to services. Through the study and analysis of standards and requirements of transition from IPv4 to IPv6, as well as the use of mobile IPv6, this study is focused on identifying physical and logical configurations that may support or prevent the its correct implementation by using an simulated environment in an specific Brazilian Army organization described as a Proof of Concept. This environment had a topological analysis and verification of QoS metrics of applications installed on the environment and with this was possible to assess their feasibility and impact on the involved environments

Modelo de referencia de transición de IPv4 a IPv6 para el sector gobierno de Perú

Ante el inminente agotamiento de las direcciones IPv4, se requiere que las organizaciones inicien la transición de sus redes y contenidos hacia el protocolo IPv6, por lo que la presente tesis tiene como finalidad proponer un modelo de referencia para iniciar el proceso de transición hacia el protocolo IPv6 en las Instituciones Públicas del Gobierno de Perú, debido a que a la fecha de publicado el presente trabajo, a nivel de gobierno, las instituciones públicas que están relacionadas directamente con el desarrollo de las telecomunicaciones y de las tecnologías de información en el Perú, no han considerado la elaboración de una metodología y/o documentos técnicos que permita a las instituciones públicas prepararse para iniciar el despliegue del protocolo IPv6 en sus redes y contenidos. El contar con un modelo de referencia y los documentos técnicos necesarios permite dinamizar la adopción del nuevo protocolo, esto se evidencia en la revisión de las acciones que vienen realizando diversos países como: Argentina, Brasil, Colombia, Chile, Estados Unidos y España, quienes a parte de definir una estrategia nacional de transición hacia IPv6, han elaborado modelos de referencia y documentos técnicos de apoyo específicos para que sus instituciones públicas puedan iniciar la transición hacia el nuevo protocolo IPv6. En ese sentido, el aporte principal del presente trabajo es presentar un modelo de referencia y documentos técnicos que sirvan de apoyo para iniciar la transición hacia el protocolo IPv6 en las instituciones públicas a nivel del Gobierno Peruano.Tesi

Enabling Dns64perf++ for Benchmarking the Caching Performance of DNS64 Servers

The dns64perf++ DNS64 benchmarking program is the world’s first standard DNS64 benchmarking tool, which complies with the compulsory requirements of RFC 8219 on benchmarking methodology for IPv6 transition technologies including DNS64. The aim of our current effort is to enable dns64perf++ for benchmarking the caching performance of DNS64 servers, which was qualified as optional by the RFC, but can be important in practice, and thus make dns64perf++ the world’s first standard DNS64 benchmarking tool that provides all the features described in the RFC. In this paper, we disclose our goals, design considerations as well as implementation decisions. We also provide a simple case study to demonstrate the operability of the new feature