Online
 
Wednesday, 07 January 2009
  
 
Home
English Language
Indonesia Language
Computer
Website
Gallery
Health
Ebook
Tips
Movies
Lyrics
Add Site
Free Super SEO
Tags
Wallpaper

Free Download Toolbar

 
Related Sponsor:
More article:
Related Content:

IPv6 Network - 6to4 Security Issues
 

IPv6 Network - 6to4 Security Issues
In theory, hosts should be able to handle all possible incorrect and even intentionally harmful packets that they receive. Unfortunately, this isn’t always the case in practice, so more often than not, it’s necessary to have filters or firewalls in place to filter out unwanted packets. Chapter 9 has more information about security issues and packet filtering in particular. However, there are some security issues that are specific to 6to4 tunneling that are best discussed here.

It is currently considered “best current practice” (BCP)4 by the IETF for Internet Service Providers to make sure they only forward packets from their customers to the rest of the Internet if those packets have a source address that actually belongs to the customer in question. This is called “anti-spoofing” or “ingress” filtering. With anti-spoofing filters in effect, a customer can still attack hosts elsewhere on the Internet (either by choice or because their computer has been turned into a “zombie” after being infected with malicious software), but the packets involved in such an attack are simple to trace back and relatively straightforward to filter out. 6to4 allows people to create packets with spoofed IPv6 addresses and encapsulate them in legitimate IPv4 packets, thereby bypassing anti-spoofing filters that may be in effect. (However, many ISPs don’t have anti-spoofing filters in place.) An attacker can do this either by addressing packets directly to the IPv4 address of the target, or by routing them over a 6to4 relay.


To reject the most obvious attacks that use 6to4, most systems filter out several ranges of invalid 6to4 addresses (see Listings 3-9 and 3-10). Additionally, it’s conceivable that in the future 6to4 hosts, routers and/or relays will start rejecting 6to4 packets where the IPv4 address in the outer header doesn’t match the embedded IPv4 address in the 6to4 IPv6 address in the inner header. So when using 6to4, make sure there is always a one-to-one relationship between the 48-bit 6to4 prefix and the IPv4 address used for 6to4 to avoid problems in this area.

 

Tags: Add more tags...,
This entry was posted on . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a comment.
Users' Comments (0)

Comment an article
  Name
  E-mail
   Title
Available characters: 4000
 Notify me of follow-up comments
This image contains a scrambled text, it is using a combination of colors, font size, background, angle in order to disallow computer to automate reading. You will have to reproduce it to post on my homepage
Enter what you see:

No comment posted
Your Ad Here
Natural 143
Statistic


Last Post

 
Top!
G-Map
Copy Right ©2008 - Great Excess
 Top!