The Impact of IPv6 on Penetration Testing

In this paper we discuss the impact the use of IPv6 has on remote penetration testing of servers and web applications. Several modifications to the penetration testing process are proposed to accommodate IPv6. Among these modifications are ways of performing fragmentation attacks, host discovery and brute-force protection. We also propose new checks for IPv6-specific vulnerabilities, such as bypassing firewalls using extension headers and reaching internal hosts through available transition mechanisms. The changes to the penetration testing process proposed in this paper can be used by security companies to make their penetration testing process applicable to IPv6 targets

Case Study - IPv6 based building automation solution integration into an IPv4 Network Service Provider infrastructure

The case study presents a case study describing an Internet Protocol (IP) version 6 (v6) introduction to an IPv4 Internet Service Provider (ISP) network infrastructure. The case study driver is an ISP willing to introduce a new “killer” service related to Internet of Things (IoT) style building automation. The provider and cooperation of third party companies specialized in building automation will provide the service. The ISP has to deliver the network access layer and to accommodate the building automation solution traffic throughout its network infrastructure. The third party companies are system integrators and building automation solution vendors. IPv6 is suitable for such solutions due to the following reasons. The operator can’t accommodate large number of IPv4 embedded devices in its current network due to the lack of address space and the fact that many of those will need clear 2 way IP communication channel. The Authors propose a strategy for IPv6 introduction into operator infrastructure based on the current network architecture present service portfolio and several transition mechanisms. The strategy has been applied in laboratory with setup close enough to the current operator’s network. The criterion for a successful experiment is full two-way IPv6 application layer connectivity between the IPv6 server and the IPv6 Internet of Things (IoT) cloud

Evaluation of IPv6 transition mechanisms using QoS service policies

IPv6 networks are rarely fully IPv6 from end to end particularly when interconnected over other providers core data networks, hence the need for IPv6 transition methods or mechanisms. Previous studies have identified some potential impact on performance where transitions occur. This study considered implementations where Quality of Service (QoS) service policies have been applied in the IPv6 network to determine if the transition mechanisms were able to guarantee the same performance and level of service when the IPv6 traffic transitions over a core IPv4 network. Using a test lab, traffic generators and data capture tools the study was able to fully test the transition mechanisms using data rates and link speeds that replicated equipment and traffic levels used in real world implementations. The study showed that the Quality of Service classes applied were maintained across the transition network providing the service guarantees required for a range of traffic classes. Results indicated that the transition implementations on the devices used (Cisco ISR 4351) translate the QoS settings from IPv6 to IPV4 and vice versa were highly effective and with negligible additional impact on performance occurring due to the additional processing required

Filtering Network Traffic Based on Protocol Encapsulation Rules

Packet filtering is a technology at the foundation of many traffic analysis tasks. While languages and tools for packet filtering have been available for many years, none of them supports filters operating on the encapsulation relationships found in each packet. This represents a problem as the number of possible encapsulations used to transport traffic is steadily increasing and we cannot define exactly which packets have to be captured. This paper presents our early work on an algorithm that models protocol filtering patterns (including encapsulation constraints) as Finite State Automata and supports the composition of multiple expressions within the same filter. The resulting, optimized filter is then translated into executable code. The above filtering algorithms are available in the NetBee open source library, which provides some basic tools for handling network packets (e.g., a tcpdump-like program) and APIs to build more advanced tool

Phase Changes in the Evolution of the IPv4 and IPv6 AS-Level Internet Topologies

In this paper we investigate the evolution of the IPv4 and IPv6 Internet topologies at the autonomous system (AS) level over a long period of time.We provide abundant empirical evidence that there is a phase transition in the growth trend of the two networks. For the IPv4 network, the phase change occurred in 2001. Before then the network's size grew exponentially, and thereafter it followed a linear growth. Changes are also observed around the same time for the maximum node degree, the average node degree and the average shortest path length. For the IPv6 network, the phase change occurred in late 2006. It is notable that the observed phase transitions in the two networks are different, for example the size of IPv6 network initially grew linearly and then shifted to an exponential growth. Our results show that following decades of rapid expansion up to the beginning of this century, the IPv4 network has now evolved into a mature, steady stage characterised by a relatively slow growth with a stable network structure; whereas the IPv6 network, after a slow startup process, has just taken off to a full speed growth. We also provide insight into the possible impact of IPv6-over-IPv4 tunneling deployment scheme on the evolution of the IPv6 network. The Internet topology generators so far are based on an inexplicit assumption that the evolution of Internet follows non-changing dynamic mechanisms. This assumption, however, is invalidated by our results.Our work reveals insights into the Internet evolution and provides inputs to future AS-Level Internet models.Comment: 12 pages, 21 figures; G. Zhang et al.,Phase changes in the evolution of the IPv4 and IPv6 AS-Level Internet topologies, Comput. Commun. (2010

Solutions for IPv6-based mobility in the EU project MobyDick

Proceedings of the WTC 2002, 18th World Telecommunications Congress, Paris, France, 22 -27 September, 2002.Mobile Internet technology is moving towards a packet-based or, more precisely, IPv6-based network. Current solutions on Mobile IPv6 and other related QoS and AAA matters do not offer the security and quality users have come to take for granted. The EU IST project Moby Dick has taken on the challenge of providing a solution that integrates QoS, mobility and AAA in a heterogeneous access environment. This paper focuses on the mobility part of the project, describes and justifies the handover approach taken, shows how QoS-aware and secure handover is achieved, and introduces the project's paging concept. It shows that a transition to a fully integrated IP-RAN and IP-Backbone has become a distinct option for the future.Publicad