Computer networks were designed to be simple and routers do not validate the integrity of the processed traffic. Consequently, an attacker can modify his or her traffic with the aim of confusing any analyser that intercepts the traffic, e.g. monitoring and security software or lawful interception. This paper studies the … Read More
Behaviour of various operating systems during SLAAC, DAD, and ND
Libor PolčákThis post contains the report from the study phase of the behaviour of various operating systems during SLAAC and DAD analysis for our paper called “A New Approach for Detection of Host Identity in IPv6 Networks”, which will be presented at DCNET 2013. This post also contains PCAP files that … Read More
Optimizing network tracking tool for management of BUT campus network
Peter DrienkoThis article describes optimization of the database structure in Zabbix monitoring tool using automatic partitioning. With this optimization we achieved a decrease of the processor utilization on the Zabbix server and a significant decrease in the growth of data on its hard drive. Last Updated: 27th of May, 2014. Introduction … Read More
Deploying IPv6 – practical problems from the campus perspective
Tomas Podermanski, Matej Gregr, Miroslav ŠvédaOn February 2011, IANA has run out of IPv4 addresses. On April 2011, APNIC pool reached the final /8 IPv4 address block. Projected address pool exhaustion for other RIRs varies from the beginning of the 2012 to the end of 2014. This situation pushes organizations to think about transition to IPv6. Unfortunately IPv4 and IPv6 are incompatible protocols that make the transition more difficult and raise new security issues. This paper shares experiences of deploying IPv6 in the university campus network, describes the most significant troubles that we have been faced with and describes the best practices in the practical IPv6 deployment. The article discusses differences in IPv6 and IPv4 networks with focus on the first hop security, autoconfiguration (SLAAC, DHCP, DHCPv6) and different client’s support.
Analysis of tunneled traffic
Matej GregrTraditional firewall techniques usually permit traffic according to IP addresses or port numbers. More advanced firewalls inspect even packet’s payload – e.g. http traffic. However, neither of these techniques is sufficient when dealing with IPv6 transition techniques. An attacker can easily avoid a security policy in a network by using … Read More
Flow Based Monitoring of IPv6
Tomas Podermanski, Matej Gregr, Miroslav ŠoltésProtocol IPv6 puts new challenges for network administrators in the context of user identification. Unlike IPv4, an IPv6 address no longer uniquely identifies a user or PC. IPv6 address can be randomly generated and keeps changing in time. The presentation describes the system developed at the Brno University of Technology, … Read More
User Identification in IPv6 Network
Tomas Podermanski, Matej Gregr, Miroslav ŠvédaUsers in IPv4 networks typically use only one IP address per interface configured either statically or dynamically via DHCPv4 server. Several techniques can be used to detect violation of that policy. However, IPv6 protocol brings new techniques and possibilities to obtain an IPv6 address. New concepts – autoconfiguration, multiple IPv6 addresses per interface or temporary IPv6 addresses providing privacy for end users introduce new challenges for users identification. Network administrators have to collect additional information for user identification from more sources, e.g. DHCPv6 log, routers neighbor cache, Radius logs, syslog etc. This paper presents analysis of IPv6 address assignment used in current networks together with guidelines how to identify a user in IPv6 networks.
Deploying IPv6 in University Campus Network – Practical Problems
Tomas Podermanski, Matej GregrIPv4 addresses are still running out. Global IPv4 address pool administered by IANA organization is depleted together with IPv4 pool of APNIC Routing Registry. This situation pushes organizations to think about IPv6 transition. Unfortunately IPv4 and IPv6 are incompatible protocols which raise new security issues and problems with user monitoring and accounting. The article shares experiences of deploying IPv6 on the university campus network and describes the most significant troubles that we have been faced with. It describes and compares differences in first hop security in IPv6 and IPv4 networks. Issues connected with user addressing, accounting and monitoring are also discussed. The experience is mainly based on the deployment of IPv6 on the campus network at Brno University of Technology which is one of the biggest universities in the Czech Republic.
Fake router detection – practical experience
Matej Gregr6to4 (RFC 3056) is a transition mechanism allowing users to communicate with IPv6 enabled sites and services with minimal manual configuration. Globally unique IPv4 address is the only prerequisite. Together with anycast prefix for 6to4 routers (defined in RFC 3068) provides a simple solution, how even an end site can … Read More
Network Monitoring Based on IP Data Flows
Martin ZadnikDo you monitor your network? Try to answer the following questions. Which users and which services use the most network bandwidth, and do they exceed authorised limits? Do users use only the permitted services, or do they occasionally “chat” with friends during work hours? Is my network scanned or assaulted by attackers? NetFlow will answer these and other questions.
In the network world, NetFlow is synonymous with monitoring IP data flows. A flow is generally defined as a sequence of packets which share a common feature and pass through an observation point. In the NetFlow terminology this definition is narrowed down to a one-way packet sequence with identical source and destination IP addresses, source and destination ports and protocol number. Various indicators are monitored for each such quintuple, for instance, the duration or the amount of data transferred for a flow.