DHCPv6-Shield: Protecting Against Rogue DHCPv6 Servers

Slides:



Advertisements
Similar presentations
73rd IETF meeting, November 16-21, 2008
Advertisements

Dynamic Allocation of Shared IPv4 Addresses draft-csf-dhc-dynamic-shared-v4allocation-00 Q. Sun, Y. Cui, I. Farrer, Y. Lee, Q. Sun, M. Boucadair IETF 89,
Deployment Considerations for Dual-stack Lite IETF 80 Prague Yiu Lee, Roberta Magione, Carl Williams, Christian Jacquenet Mohamed Boucadair.
Security Assessment of the Internet Protocol version 4 (IPv4) draft-ietf-opsec-ip-security Fernando Gont project carried out on behalf of UK CPNI 76th.
On the implementation of TCP urgent data (draft-gont-tcpm-urgent-data) Fernando Gont & A. Yourtchenko 73rd IETF meeting, November 16-21, 2008 Minneapolis,
Mitigating Teredo Routing Loop Attacks (draft-gont-6man-teredo-loops-00 ) Fernando Gont on behalf of UK CPNI IETF 79 November 7-12, Beijing, China.
Security implications of Network Address Translators (NATs) (draft-gont-behave-nat-security) Fernando Gont Pyda Srisuresh UTN/FRH EMC Corporation 76th.
Ongoing work at the IETF on TCP and IP security Fernando Gont project carried out on behalf of UK CPNI HACK.LU 09 Conference October 28-30, Luxembourg.
Port randomization (draft-ietf-tsvwg-port-randomization) Michael Larsen & Fernando Gont 73rd IETF Meeting, November 16-21, 2008 Minneapolis, MN, USA.
Ongoing work at the IETF on TCP and IP security Fernando Gont project carried out on behalf of UK CPNI HACK.LU 09 Conference October 28-30, Luxembourg.
Draft-vandevelde-v6ops-ra-guard-01.txt1 IPv6 RA-Guard G. Van de Velde, E. Levy- Abegnoli, C. Popoviciu, J. Mohacsi IETF 71, March 11/14th 2008 Philadelphia.
Layer 2 Security – No Longer Ignored Security Possibilities at Layer 2 Allan Alton, BSc CISA CISSP NetAnalyst UBC October 18, 2007.
DHCPv6 and other IPv6 docs Ralph Droms IETF 55, Atlanta.
IPv6 RADIUS attributes for IPv6 access networks draft-lourdelet-radext-ipv6-access-01 Glen Zorn, Benoit Lourdelet Wojciech Dec, Behcet Sarikaya Radext/dhc.
ICMP attacks against TCP draft-ietf-tcpm-icmp-attacks-01.txt Fernando Gont (UTN/FRH) 67 th IETF Meeting, San Diego, California, USA November 5-10, 2006.
Dynamic IPv4 Provisioning for Lightweight 4over6 draft-liu-softwire-lw4over6-dhcp-deployment-04 C. Liu (Presenter), Q. Sun, J. Wu 1.
IPv6, the Protocol of the Future, Today Mathew Harris.
A SAVI Solution for DHCP Draf-ietf-savi-dhcp-06 J. Bi, J. Wu, G. Yao, F. Baker IETF79, Beijing Nov. 9, 2010.
1 Behcet Sarikaya Frank Xia Ted Lemon July 2011 DHCPv6 Prefix Delegation as IPv6 Migration Tool in Mobile Networks IETF 81
1 UDP Encapsulation of 6RD IETF 78 Maastricht 2010 July 30.
DHC WG IETF 55, 11/18/ /18/2002IETF 552 Agenda Administrivia, agenda bashingRalph Droms Use of IPsec for Securing DHCPv4 Messages Exchanged Between.
Draft-chown-v6ops-port-scanning-implications-02 IPv6 Implications for TCP/UDP Port Scanning Tim Chown IETF 65, March 23rd 2006 Dallas,
1 Miscellaneous Capabilities for IP Network Infrastructure IETF 64 Vancouver, BC, Canada November 2005.
Guidance for Running Multiple IPv6 Prefixes (draft-liu-v6ops-running-multiple-prefixes-02) Bing Liu, Sheng Jiang (Speaker), Yang Bo IETF91
RFC 4477 DHCP: Dual-Stack Issues Speaker: Ching-Chen Chang Date:
November 2005IETF 64, Vancouver, Canada1 EAP-POTP The Protected One-Time Password EAP Method Magnus Nystrom, David Mitton RSA Security, Inc.
HOMEGATE IPv6 Issues IETF76 November Overview Lack of widespread availability of IPv6-capable home gateways impacts IPv6 service enablement Specifications.
Attacking on IPv6 W.lilakiatsakun Ref: ipv6-attack-defense-33904http://
An Address Management Mechanism for Blocking External Communications in IPv6 Networks 1.
DHCP Option for SNMP Notifications 55 th IETF – Atlanta November 2002 draft-bakke-dhc-snmp-trap-01.txt Mark Bakke, Cisco Systems
IPv6 security for WLCG sites (preparing for ISGC2016 talk) David Kelsey (STFC-RAL) HEPiX IPv6 WG, CERN 22 Jan 2016.
79th IETF – Beijing, November 2010 OSPF Enhancement for Signal and Network Element Compatibility for Wavelength Switched Optical Networks Young
IETF 77 RADEXT WG RADIUS Accounting extensions for IPv6 draft-maglione-radext-ipv6-acct-extensions-01 R. Maglione – Telecom Italia B. Varga - Magyar Telekom.
DHCP options for PAA Status report of draft-ietf-dhc-paa-option-01.txt Lionel Morand IETF-65, Dallas.
Dynamic Allocation of Shared IPv4 Addresses draft-ietf-dhc-dynamic-shared-v4allocation-01 Q. Sun, Y. Cui, I. Farrer, Y. Lee, Q. Sun, M. Boucadair IETF.
1 Brian Carpenter Sheng Jiang IETF 85 November 2012 Next steps for 6renum work.
IETF 78 RADIUS extensions for DS-Lite draft-maglione-softwire-dslite-radius-ext-00 R. Maglione – Telecom Italia A. Durand – Juniper Networks.
DHCP Privacy Considerations Tomek Mrugalski IETF90, Toronto IETF-90 DHC WG1.
Lightweight 4over6: An Extension to DS-Lite Architecture draft-cui-softwire-b4-translated-ds-lite-09 Y. Cui, Q. Sun, M. Boucadair, T. Tsou, Y. Lee and.
Sheng Jiang (Speaker) Xu Chen Xuan Song Huawei Neighbor Cache Protection in Neighbor Discover Protocol draft-jiang-v6ops-nc-prtection-01 IETF 77 V6OPS.
Security Implications of Predictable Fragment Identification Values
Host Scanning in IPv6 Networks (draft-gont-opsec-ipv6-host-scanning) IETF 84 Vancouver, Canada. July 29-August 3, 2012.
Security Implications of IPv6 on IPv4 Networks
Booting up on the Home Link
GRE-in-UDP Encapsulation
Lightweight 4over6 deployment with DHCPv4 over DHCPv6
Lionel Morand DHCP options for PAA Lionel Morand
PANA Discussion in DSL Forum Warsaw Meeting
Gunter Van de Velde Kiran Kumar Chitimaneni Warren Kumari
Current Issues with DNS Configuration Options for SLAAC
76th IETF meeting, November 8-13, 2009
Radius Attribute for MAP draft-jiang-softwire-map-radius-03
ND-Shield: Protecting against Neighbor Discovery Attacks
DHCP Anonymity Profile Update
TCP for DNS security considerations
November 7-12, Beijing,China.
Signaled PID When Multiplexing Multiple Payloads over RSVP-TE LSPs draft-ali-mpls-sig-pid-multiplexing-case-00.txt Zafar Ali, Cisco Systems.
CERNET2 IPv6-only Practice: Backbone, Servers, Clients and 4aaS
draft-ietf-ospf-lls-interface-id-00
BFD for VXLAN draft-spallagatti-bfd-vxlan
A YANG Data Model for Microwave Radio Link draft-mwdt-ccamp-mw-yang-00
Comparing draft-ietf-mpls-sfc and draft-malis-mpls-sfc-encapsulation
Update on DHCPv6 On-Demand Mobility Extension draft
IETF BIER, November 2017, Singapore
draft-bashandy-isis-srv6-extensions-04
IETF-104 (Prague) DHC WG Next steps
Requirements for IPv6 Routers draft-ietf-v6ops-ipv6rtr-reqs-00
IETF103 IS-IS V6/MT Deployment Considerations draft-chunduri-lsr-isis-preferred-path-routing-01 Uma Chunduri [Huawei USA] Jeff Tantsura [Apstra] LSR WG,
M. Boucadair, J. Touch, P. Levis and R. Penno
Presentation transcript:

DHCPv6-Shield: Protecting Against Rogue DHCPv6 Servers (draft-gont-opsec-dhcpv6-shield) Fernando Gont Will Liu SI6 Networks Huawei Technologies IETF 85 Atlanta, GA, USA. November 4-9, 2012

Introduction DHCPv6-Shield is IPv6's “DHCP-snooping” Lightweight protection for DHCPv6-based attacks Blocks malicious DHCPv6-server packets at layer-2 Only DHCPv6-server packets received on a specific port will be allowed Complements RA-Guard Almost no point in deploying RA-Guard without DHCPv6-shield RA-Guard specified in three documents We have no RFC for DHCPv6 Shield

Changes since previous version Aligned the document with draft-ietf-v6ops-ra- guard-implementation

Moving forward Adopt as opsec wg item?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.