A Closer Look at Tunneling, Security, and Ubuntu
Download
Report
Transcript A Closer Look at Tunneling, Security, and Ubuntu
IPv6: A Closer Look at
Tunneling, Security, and
Ubuntu
Saroj Patil
Nadine Sundquist
CS526-S2008
University of Colorado, Colorado Springs
Dr. C. Edward Chow
May 12, 2008
CS-526 IPv6: A Closer Look at Tunneling, Security, and Ubuntu
1
Roadmap
•
•
•
•
•
IPv6 (Internet Protocol Version 6) Basics
Tunneling
IPv6 Security Examples
Ubuntu Test Network
Future Work
• What’s our motivation?
– IPv6 will define networking and the continuation of
last semester’s project in IPv6.
May 12, 2008
CS-526 IPv6: A Closer Look at Tunneling, Security, and Ubuntu
2
IPv6 Overview
• IPv6 (Internet Protocol version 6) is a network
protocol used in packet-switched networks.
• 128 bit IPv6 instead of 32 bit IPv4 addresses.
• The following are examples of IPv6 addresses:
• 4BF5:AA12:0216:FEBC:BA5F:039A:BE9A:2176
• ABCD::BCD:0:0:0
• The IP header has changed to provide new
fields and to deprecate other fields.
• Changes in the architecture where new TCP/IP
services provided.
May 12, 2008
CS-526 IPv6: A Closer Look at Tunneling, Security, and Ubuntu
3
IPv6 over IPv4 Tunneling
(Sending an IPv6 packet over an IPv4
network)
• Encapsulate an IPv6 packet into an IPv4 header.
• Send the packet across the IPv4 network.
• Strip off the IPv4 header when the packet arrives
at the IPv6 destination.
May 12, 2008
CS-526 IPv6: A Closer Look at Tunneling, Security, and Ubuntu
4
IPv6 Security Concerns
Spoofing by taking advantage of IPv6 over IPv4
tunnels
May 12, 2008
CS-526 IPv6: A Closer Look at Tunneling, Security, and Ubuntu
5
Port Scanning
and Randomly Scanning Worms:
Inefficient/Useless
Slammer worm crippled the
Internet in 10 minutes in IPv4.
Slammer worm would take 28
years to find its first host in
IPv6 if scanning at 1 million
packets per second with a
subnet of 10,000 hosts.
May 12, 2008
CS-526 IPv6: A Closer Look at Tunneling, Security, and Ubuntu
6
Ubuntu Test Network
Router:
Ubuntu2
2001:db8:0:1::2
192.168.2.52
IPv6
network
Host:
Ubuntu1
2001:db8:0:1::1
May 12, 2008
Tunnel
IPv4 network
Router:
Ubuntu3
2001:db8:0:2::3
192.168.2.53
IPv6
network
Host:
Ubuntu4
2001:db8:0:2::4
CS-526 IPv6: A Closer Look at Tunneling, Security, and Ubuntu
7
Tunneling on Ubuntu2
(Set up the Interfaces)
May 12, 2008
CS-526 IPv6: A Closer Look at Tunneling, Security, and Ubuntu
8
How do I set up the sit1 interface?
•
•
•
•
•
•
Specify sit1 as the tunnel interface using IPv4.
Bring up the sit1 interface.
Specify your own IPv6 address.
Add to your routing table the remote IPv6 network.
Specify that IPv6 forwarding is enabled.
Make sure the firewall is not blocking IPv6.
May 12, 2008
CS-526 IPv6: A Closer Look at Tunneling, Security, and Ubuntu
9
SUCCESS!!! Ping Ubuntu1 to
Ubuntu4 and Ubuntu4 to Ubuntu1.
May 12, 2008
CS-526 IPv6: A Closer Look at Tunneling, Security, and Ubuntu
10
Further Work
• Look at other operating systems to see
how compatible they are with IPv6
(Already tried Fedora Core, Windows
Server 2008, and Ubuntu).
• Research other GUI tools that exist on top
of operating systems to facilitate tunneling
and firewall management.
May 12, 2008
CS-526 IPv6: A Closer Look at Tunneling, Security, and Ubuntu
11
References
•
•
•
•
•
•
•
•
Cisco Systems. “IPv6 Security: Session Sec-2003”. Retrieved from
http://www.seanconvery.com/SEC-2003.pdf.
Gai, Silvano. IPv6: The new Protocol for Internet and Intranets. 2007,
December 1). Retrieved March 5, 2008, from http://www.ip6.com/us/book/ .
Google: Keywords Ubuntu and IPv6. Retrieved March 20, 2008, from
google.com.
Leon-Garcia, A. & Widjaja, I. (2004). Communication Networks:
Fundamental Concepts and Key Architectures New York: McGraw-Hill
Companies, Inc.
Microsoft Corporation. Microsoft Windows Server System. Introduction to IP
Version 6. http://download.microsoft.com/download/e/9/b/e9bd20d3-cc8d4162-aa60-3aa3abc2b2e9/IPv6.doc
Tantayakul, Kuljaree. Configuring IPv6 Tunnels and Routing Table on
Windows XP, Ubuntu Linus, and FreeBSD. Retrieved March 7, 2008, from
http://ipv6.coe.psu.ac.th.
Ubuntu Forums. Retrieved April 25, 3008, from http://www.ubuntu.com.
May 12, 2008
CS-526 IPv6: A Closer Look at Tunneling, Security, and Ubuntu
12