The Impact of IPv6 on Penetration Testing

In this paper we discuss the impact the use of IPv6 has on remote penetration testing of servers and web applications. Several modifications to the penetration testing process are proposed to accommodate IPv6. Among these modifications are ways of performing fragmentation attacks, host discovery and brute-force protection. We also propose new checks for IPv6-specific vulnerabilities, such as bypassing firewalls using extension headers and reaching internal hosts through available transition mechanisms. The changes to the penetration testing process proposed in this paper can be used by security companies to make their penetration testing process applicable to IPv6 targets

Description and Experience of the Clinical Testbeds

This deliverable describes the up-to-date technical environment at three clinical testbed demonstrator sites of the 6WINIT Project, including the adapted clinical applications, project components and network transition technologies in use at these sites after 18 months of the Project. It also provides an interim description of early experiences with deployment and usage of these applications, components and technologies, and their clinical service impact

IMPLEMENTASI DAN ANALISIS MEKANISME TRANSISI IPV4 KE IPV6 MENGGUNAKAN METODE DUAL STACK

ABSTRAKSI: Semakin pesatnya perkembangan internet di dunia, berdampak pada alokasi IP yang disediakan. IPv4 yang dipakai saat ini tidak mampu memenuhi kebutuhan pengalamatan yang semakin bertambah. Sebagai salah satu langkah untuk mengatasi hal tersebut maka dikembangkanlah IPv6. Proses implementasi IPv6, memerlukan perubahan terhadap infrastruktur komunikasi, baik di sisi terminal, aplikasi maupun di sisi jaringan. Booming IPv6 tidak dapat diprediksi terjadinya. Oleh karena itu diperlukanlah sekenario implementasi IPv6 khususnya bagi penyelenggara telekomunikasi.Pada tugas akhir ini akan diimplementasikan dan dianalisis transisi IPv4 menuju IPng/IPv6 dengan menggunakan mekanisme transisi dual stack. Mekanisme ini merupakan mekanisme yang telah direkomendasikan oleh pemerintah Indonesia sebagai transisi IP. Penggunaan implementasi ini pada aplikasi end-to-end antara server dank lien dengan menggunakan parameter QOS.Dari percobaan yang telah dilaksanakan, mekanisme ini bisa dan berhasil diterapkan sebagai salah satu mekanisme transisi IPv4 menuju IPv6. Perlu beberapa konfigurasi didalamnya terutama Dual IPv4 dan IPv6 protokol stack dan juga DNS6/4 yang berfungsi sebagai translator domain.Dari hasil penelitian didapatkan performansi yang cukup bagus antara kedua klien (pengguna IPv4 dan pengguna IPv6). Namun karena implementasi IPv6 masih dalam tahap ujicoba maka untuk beberapa kasus terutama yang berkaitan denga waktu transmisi IPv6 sedikit dibawah jika disbanding IPv4.Kata Kunci : transisi, dual stack, QOSABSTRACT: The more rapid development of internet in the world, have an impact on IP allocation provided. IPv4 is used today not able to meet the growing needs addressing. As one step to resolve the matter, is developing IPv6. IPv6 implementation process, requiring changes in the communication infrastructure, both in the terminal, the application or on the network side. Booming IPv6 unpredictable occurrence. Therefore scenario requires the implementation of IPv6, especially for telecommunications carriers.In this final task will be implemented and analysed the transition of IPv4 to IPng/IPv6 using Dual Stack transition mechanism. This mechanism is a mechanism that has been recommended by the government of Indonesia between as the IP transition. Use of this implementation on the application end-to-end between the serverand since the spleen using QoS parameters.From the experiment that have been emplemented, this mechanism can and successfully applied as one of the IPv4 to IPv6 transition mechanisms. Need some configuration it, especially dual IPv4 and IPv6 protocol stack and also DNS6/4 that server as domain translator.From the result showed a fairly good performance between the two clients (users of IPv4 and IPv6 users). However, due to the implementation of IPv6 is still in testing stage then for some cases, especially relating to premises IPv6 slightly below the transmission time when compared to IPv4.Keyword: transition, dual stack, QO

A New Approach Of Network Intrusion Detection In 6TO4 Tunneling

Recent growth of internet users which almost reach the limit of IPv4 address space, make engineers must implement IPv6 to the system. However, the implementation of IPv6 is not easy due to many reasons like compatibility of hardware. Hence, transition mechanisms were proposed to help migration process from IPv4 to IPv6 network. However, there are security considerations of this mechanism due to the double encapsulation of packets. Basically, this mechanism encapsulates IPv6 packets with IPv4 datagram to allow transmission. Attacker from IPv6 network can use this tunneling mechanism to send intrusion without being detected by Network Intrusion Detection System. Normally NIDS only capable to decapsulate packet once, and NIDS like Snort cannot detect payload with protocol 41. Thus, a new approach is needed to handle decapsulation of second layer of packet, and extraction for the needed information for detection. This design adds a secondary decapsulation process of NIDS when NIDS detects a 6to4 packets. The design will decapsulate the second layer, and extract the information from the payload and continue to the detection process. The detection process itself is signature-based, where intrusions’ unique and repetitive information are defined inside the ruleset. The design implemented to Java-based NIDS for testing purpose, and run under attack simulations. According to the test, all attacks are detected as True Positive detection with several reply packets detected as False Negative detection

Case Study - IPv6 based building automation solution integration into an IPv4 Network Service Provider infrastructure

The case study presents a case study describing an Internet Protocol (IP) version 6 (v6) introduction to an IPv4 Internet Service Provider (ISP) network infrastructure. The case study driver is an ISP willing to introduce a new “killer” service related to Internet of Things (IoT) style building automation. The provider and cooperation of third party companies specialized in building automation will provide the service. The ISP has to deliver the network access layer and to accommodate the building automation solution traffic throughout its network infrastructure. The third party companies are system integrators and building automation solution vendors. IPv6 is suitable for such solutions due to the following reasons. The operator can’t accommodate large number of IPv4 embedded devices in its current network due to the lack of address space and the fact that many of those will need clear 2 way IP communication channel. The Authors propose a strategy for IPv6 introduction into operator infrastructure based on the current network architecture present service portfolio and several transition mechanisms. The strategy has been applied in laboratory with setup close enough to the current operator’s network. The criterion for a successful experiment is full two-way IPv6 application layer connectivity between the IPv6 server and the IPv6 Internet of Things (IoT) cloud

Ipv6 Migration Framework For Government Agencies In Malaysia

Malaysia adalah sebahagian daripada negara-negara dunia yang berusaha untuk berhijrah ke protokol Internet Versi 6 (lPv6) Malaysia is involved in the worldwide effort to migrate to IPv6 due to the giobal IPv4 address depletion and other IPv4 limitations as well as to derive IPv6 benefits

A practical approach to network-based processing

The usage of general-purpose processors externally attached to routers to play virtually the role of active coprocessors seems a safe and cost-effective approach to add active network capabilities to existing routers. This paper reviews this router-assistant way of making active nodes, addresses the benefits and limitations of this technique, and describes a new platform based on it using an enhanced commercial router. The features new to this type of architecture are transparency, IPv4 and IPv6 support, and full control over layer 3 and above. A practical experience with two applications for path characterization and a transport gateway managing multi-QoS is described.Most of this work has been funded by the IST project GCAP (Global Communication Architecture and Protocols for new QoS services over IPv6 networks) IST-1999-10 504. Further development and application to practical scenarios is being supported by IST project Opium (Open Platform for Integration of UMTS Middleware) IST-2001-36063 and the Spanish MCYT under projects TEL99-0988-C02-01 and AURAS TIC2001-1650-C02-01.Publicad

Network performance evaluation of 6to4 tunneling

Several types of IPv6 transition mechanisms have been developed to facilitate the migration of IPv4 to the new protocol, IPv6. Although all transition mechanisms have the same objective, the process necessitates compliance with their respective capabilities. This paper focuses on the evaluation of the transition mechanisms namely 6to4 tunneling in terms of data transmission. The assessment is based upon experimental work that is conducted on a controlled environment. User-to-user network performance software is used to obtain the throughput, round trip time and tunneling overhead for TCP and UDP transmission protocol. The performance of TCP and UDP through 6to4 tunnel is then compared over the native IPv4 and IPv6 environment. As a result, the findings prove the ease of TCP data transmission via the tunnel compared to both native networks. In contrast, the UDP implementations show the slight difference for them. © 2012 IEEE

Performance analysis of tunnel broker through open virtual private network

Tunnel Broker uses automatic configuration tunneling mechanism for IPv6 clients connected to IPv4 internet. Connectivity between clients and service providers in IPv6 is urgently needed. Open VPN as a provider implemented configures it by a VPN network, so IPv6 and IPv4 public IP clients can easily connect to the server. In this research focused on the performance of tunnel broker mechanism by utilizing open VPN as access to the network. IPv6 tunnel broker is developed by installing Open VPN and providing IPv6 IPs. Implementation of public IP usage in observing the performance of tunnel broker development is done in BCN Telkom Laboratory Network. The measurement results show that TCP and UDP throughput of IPv6 is slightly higher than IPv4. The research using OpenVPN as a server Tunnel Broker for client access to the server is still rarely done, especially in the field of the network based on Internet Protocol