Covert6: A Tool to Corroborate the Existence of IPv6 Covert Channels

Covert channels are any communication channel that can be exploited to transfer information in a manner that violates the system’s security policy. Research in the field has shown that, like many communication channels, IPv4 and the TCP/IP protocol suite have been susceptible to covert channels, which could be exploited to leak data or be used for anonymous communications. With the introduction of IPv6, researchers are acutely aware that many vulnerabilities of IPv4 have been remediated in IPv6. However, a proof of concept covert channel system was demonstrated in 2006. A decade later, IPv6 and its related protocols have undergone major changes, which has introduced a need to reevaluate the current state of covert channels within IPv6. The current research demonstrates the corroboration of covert channels in IPv6 by building a tool that establishes a covert channel against a simulated enterprise network. This is further validated against multiple channel criteria

Graphical Tool for IPv6 Packet Generation

Práce se zabývá vytvořením grafického rozhraní pro generování IPv6 paketů, pomocí kterého bude možné vytvářet korektní pakety s různými nastaveními. Je zde popsána architektura TCP/IP a následně IPv6 včetně jeho rozšiřujících hlaviček. Popsáno je také několik z dostupných nástrojů pro generování IPv6 paketů. Další část je věnována návrhu aplikace a její implementace pomocí jazyka Python a knihoven wxPython a Scapy.This thesis is targeted on creation of graphic interface for generating IPv6 packets which can be used for creation of correct packets with different options. It describes TCP/IP model of network and IPv6 including extension headers. In next part is presented some of existing tools for IPv6 packet generating. Last part includes user interface design and implementation using Python and wxPython and Scapy libraries.

On SRv6 Security

SRv6 is a routing architecture that can provide hybrid cooperation between a centralized network controller and network nodes: IPv6 routers maintain the multi-hop ECMP-aware segments, whereas the controller, responsible for the Traffic Engineering policy, combines them to form a source-routed path through the network. Since the state of the flow is defined at the ingress to the network and then is contained in a specific packet header, called Segment Routing Header (SRH), the importance of such a header itself is vital. Motivated by the increasing success and widespread deployment of such approaches and technologies, this paper introduces the context and discusses some of the issues tied to possible tampering with the Segment Routing Header content. Finally, some details of an experimental testbed aimed at evaluating the above issues are provided

The Impact of IPv6 on Penetration Testing

In this paper we discuss the impact the use of IPv6 has on remote penetration testing of servers and web applications. Several modifications to the penetration testing process are proposed to accommodate IPv6. Among these modifications are ways of performing fragmentation attacks, host discovery and brute-force protection. We also propose new checks for IPv6-specific vulnerabilities, such as bypassing firewalls using extension headers and reaching internal hosts through available transition mechanisms. The changes to the penetration testing process proposed in this paper can be used by security companies to make their penetration testing process applicable to IPv6 targets

Segment Routing v6 - Security Issues and Experimental Results

SRv6 can provide hybrid cooperation between a centralized network controller and network nodes. IPv6 routers maintain multi-hop ECMP-aware segments, whereas the controller establishes a source-routed path through the network. Since the state of the flow is defined at the ingress to the network and then is contained in a specific packet header, called Segment Routing Header (SRH), the importance of such a header itself is vital. Motivated by the need to study and investigate this technology, this paper discusses some security-related issues of Segment Routing. A SRv6 capable experimental testbed is built and detailed. Finally, an experimental test campaign is performed and results are evaluated and discussed

Source-specific routing

Source-specific routing (not to be confused with source routing) is a routing technique where routing decisions depend on both the source and the destination address of a packet. Source-specific routing solves some difficult problems related to multihoming, notably in edge networks, and is therefore a useful addition to the multihoming toolbox. In this paper, we describe the semantics of source-specific packet forwarding, and describe the design and implementation of a source-specific extension to the Babel routing protocol as well as its implementation - to our knowledge, the first complete implementation of a source-specific dynamic routing protocol, including a disambiguation algorithm that makes our implementation work over widely available networking APIs. We further discuss interoperability between ordinary next-hop and source-specific dynamic routing protocols. Our implementation has seen a moderate amount of deployment, notably as a testbed for the IETF Homenet working group

Threats and Surprises behind IPv6 Extension Headers

The concept of Extension Headers, newly introduced with IPv6, is elusive and enables new types of threats in the Internet. Simply dropping all traffic containing any Extension Header — a current practice by operators-seemingly is an effective solution, but at the cost of possibly dropping legitimate traffic as well. To determine whether threats indeed occur, and evaluate the actual nature of the traffic, measurement solutions need to be adapted. By implementing these specific parsing capabilities in flow exporters and performing measurements on two different production networks, we show it is feasible to quantify the metrics directly related to these threats, and thus allow for monitoring and detection. Analysing the traffic that is hidden behind Extension Headers, we find mostly benign traffic that directly affects end-user QoE: simply dropping all traffic containing Extension Headers is thus a bad practice with more consequences than operators might be aware of

Security Principles of Smart Grid Networks

Increased power consumption and power supply variability require implementation of modern tools for intelligent management and control of grid networks. One of the most promising advancements in technology is the Smart Grid network. Unfortunately, this technology is still rapidly evolving and at this point contains many security issues. As recent attacks have shown, only some of these issues are known. This paper is using a systematic approach to detect these issues and to analyze all types of attacks on the Smart Grid networks. The last part of the paper proposes solution models for securing Smart Grid networks against found vulnerabilities

Optimizing Router Performance

To support its development of networking hardware and software, Juniper Networks conducts research into enhancements to the protocols used on the Internet, in coordination with standards bodies such as the Internet Engineering Task Force. We helped Juniper Networks with two specific research objectives. The first was to design and implement an improved algorithm by which Internet hosts can establish the appropriate packet size to maximize bandwidth while avoiding packet fragmentation. We produced a working implementation of the improved algorithm in the Linux kernel. The second objective was to measure the effect of different Internet Protocol extension headers (specifically, Routing Header Type 0, the Segment Routing Header, and the Compressed Routing Header) on router performance. We produced code for running simple benchmarks locally, as well as a formal Internet Draft specifying the procedure so that it can be run by Juniper Networks on high-performance benchmarking hardware