Covert6: A Tool to Corroborate the Existence of IPv6 Covert Channels

Covert channels are any communication channel that can be exploited to transfer information in a manner that violates the system’s security policy. Research in the field has shown that, like many communication channels, IPv4 and the TCP/IP protocol suite have been susceptible to covert channels, which could be exploited to leak data or be used for anonymous communications. With the introduction of IPv6, researchers are acutely aware that many vulnerabilities of IPv4 have been remediated in IPv6. However, a proof of concept covert channel system was demonstrated in 2006. A decade later, IPv6 and its related protocols have undergone major changes, which has introduced a need to reevaluate the current state of covert channels within IPv6. The current research demonstrates the corroboration of covert channels in IPv6 by building a tool that establishes a covert channel against a simulated enterprise network. This is further validated against multiple channel criteria

Insights into the issue in IPv6 adoption: a view from the Chinese IPv6 Application mix

Published onlineThis is the author accepted manuscript. The final version is available from Wiley via the DOI in this record.Although IPv6 has been standardized more than 15 years ago, its deployment is still very limited. China has been strongly pushing IPv6, especially due to its limited IPv4 address space. In this paper, we describe measurements from a large Chinese academic network, serving a significant population of IPv6 hosts. We show that despite its expected strength, China is struggling as much as the western world to increase the share of IPv6 traffic. To understand the reasons behind this, we examine the IPv6 applicative ecosystem. We observe a significant IPv6 traffic growth over the past 3 years, with P2P file transfers responsible for more than 80% of the IPv6 traffic, compared with only 15% for IPv4 traffic. Checking the top websites for IPv6 explains the dominance of P2P, with popular P2P trackers appearing systematically among the top visited sites, followed by Chinese popular services (e.g., Tencent), as well as surprisingly popular third-party analytics including Google. Finally, we compare the throughput of IPv6 and IPv4 flows. We find that a larger share of IPv4 flows get a high-throughput compared with IPv6 flows, despite IPv6 traffic not being rate limited. We explain this through the limited amount of HTTP traffic in IPv6 and the presence of Web caches in IPv4. Our findings highlight the main issue in IPv6 adoption, that is, the lack of commercial content, which biases the geographic pattern and flow throughput of IPv6 traffic. Copyright © 2014 John Wiley & Sons, Ltd

DESIGN A SECURITY FIREWALL POLICY TO FILTER INCOMING TRAFFIC IN PACKET SWITCHED NETWORKS USING CLASSIFICATION METHODS

Firewalls are core elements in network security. However, managing firewall rules, especially for enterprise networks, has become complex and error-prone. Firewall filtering rules have to be carefully written and organized in order to correctly implement the security policy. In addition, inserting or modifying a filtering rule requires to overcome and filter a range of special attacks or issues in network. In this paper, we present a machine learning based algorithm that filter Denial of Service (DoS) attacks in networks. This filtering algorithm has been designed by using a classification algorithm based on principal component and correlation based filters. We show good quality and performance of our algorithm experimentally by executing our algorithm on a several packet flow data sets.Firewalls are core elements in network security. However, managing firewall rules, especially for enterprise networks, has become complex and error-prone. Firewall filtering rules have to be carefully written and organized in order to correctly implement the security policy. In addition, inserting or modifying a filtering rule requires to overcome and filter a range of special attacks or issues in network. In this paper, we present a machine learning based algorithm that filter Denial of Service (DoS) attacks in networks. This filtering algorithm has been designed by using a classification algorithm based on principal component and correlation based filters. We show good quality and performance of our algorithm experimentally by executing our algorithm on a several packet flow data sets

Modelos de QoS en redes IPv6, integración con otras redes

La propuesta de esta línea de investigación es promover el uso y el estudio de IPv6. En particular usar las nuevas posibilidades que brinda el protocolo con respecto al manejo de la QoS. Es importante notar que el protocolo ya está lo suficientemente maduro como para usarse de forma masiva. La QoS es una de las características que IPv6 contempla desde su diseño y es necesario explotarla para dar un tratamiento diferenciado a las distintas clases de tráfico.Eje: Arquitectura, redes y sistemas operativosRed de Universidades con Carreras en Informática (RedUNCI

Modelos de QoS en redes IPv6, integración con otras redes

La propuesta de esta línea de investigación es promover el uso y el estudio de IPv6. En particular usar las nuevas posibilidades que brinda el protocolo con respecto al manejo de la QoS. Es importante notar que el protocolo ya está lo suficientemente maduro como para usarse de forma masiva. La QoS es una de las características que IPv6 contempla desde su diseño y es necesario explotarla para dar un tratamiento diferenciado a las distintas clases de tráfico.Eje: Arquitectura, redes y sistemas operativosRed de Universidades con Carreras en Informática (RedUNCI

Network Neutrality and the Need for a Technological Turn in Internet Scholarship

To most social scientists, the technical details of how the Internet actually works remain arcane and inaccessible. At the same time, convergence is forcing scholars to grapple with how to apply regulatory regimes developed for traditional media to a world in which all services are provided via an Internet-based platform. This chapter explores the problems caused by the lack of familiarity with the underlying technology, using as its focus the network neutrality debate that has dominated Internet policy for the past several years. The analysis underscores a surprising lack of sophistication in the current debate. Unfamiliarity with the Internet’s architecture has allowed some advocates to characterize prioritization of network traffic as an aberration, when in fact it is a central feature designed into the network since its inception. The lack of knowledge has allowed advocates to recast pragmatic engineering concepts as supposedly inviolable architectural principles, effectively imbuing certain types of political advocacy with a false sense of scientific legitimacy. As the technologies comprising the network continue to change and the demands of end users create pressure on the network to further evolve, the absence of technical grounding risks making the status quo seem like a natural construct that cannot or should not be changed

Optimizing The MPLS Support For Real Time IPv6-Flows Using MPLS-PHS Approach.

The huge coverage space of IPv6 addresses and providing guaranteed support for the ever increasing customer demand, results in the dealing with bigger packet header-size compared to the payload-size especially in some real time video and audio applications, consequently more bandwidth is wasting

REVIEW ON IPV6 SECURITY VULNERABILITY ISSUES AND MITIGATION METHODS

ABSTRACT One of the main purposes of Internet Protocol version 6 (IPv6

NGN and WiMAX: Putting the pieces together

With the exponential rise in the number of multimedia applications available, the best-effort service provided by the Internet today is insufficient. Researchers have been working on new architectures like the Next Generation Network (NGN) which, by definition, will ensure Quality of Service (QoS) in an all-IP based network [1]. For this approach to become a reality, reservation of bandwidth is required per application per user. WiMAX (Worldwide Interoperability for Microwave Access) is a wireless communication technology which has predefined levels of QoS which can be provided to the user [4]. IPv6 has been created as the successor for IPv4 and resolves issues like the availability of IP addresses and QoS. This paper provides a design to use the power of WiMAX as an NSP (Network Service Provider) for NGN using IPv6. The use of the Traffic Class (TC) field and the Flow Label (FL) field of IPv6 has been explained for making QoS requests and grants [6], [7]. Using these fields, the processing time is reduced and routing is simplified. Also, we define the functioning of the ASN gateway and the NGN gateway (NGNG) which are edge node interfaces in the NGNWiMAX design. These gateways ensure QoS management through built in functions and by certain physical resources and networking capabilities