Presentation is loading. Please wait.

Presentation is loading. Please wait.

6Mon: Rogue IPv6 Router Advertisement detection and mitigation and IPv6 address utilization network monitoring tool Institute of Informatics and Telematics.

Published byPeter Wade Modified over 8 years ago

Similar presentations

Presentation on theme: "6Mon: Rogue IPv6 Router Advertisement detection and mitigation and IPv6 address utilization network monitoring tool Institute of Informatics and Telematics."— Presentation transcript:

1 6Mon: Rogue IPv6 Router Advertisement detection and mitigation and IPv6 address utilization network monitoring tool Institute of Informatics and Telematics - CNR, Italy. Division of “Telematic Network of CNR Pisa” Terena Networking Conference 2012 21 - 24 May, Reykjavík, Iceland

2 Introduction IPv6 is present in our networks ▫Lack of troubleshooting and monitoring tools Let’s give a hand to network administrators ▫Address utilization  Finding associations between MAC, IPv4 and IPv6 addresses ▫Notification of network anomalies  Alert when a rogue router starts sending router advertisements ▫Mitigation  Neutralize the effects of rogue router advertisements Institute of Informatics and Telematics - CNRTNC2012, 21 - 24 May, Reykjavík, Iceland

3 6MoN Network monitoring tool capable to inspect ▫IPv6  ICMPv6: Router Advertisement, Neighbor Solicitation ▫IPv4  ARP, DHCP ▫Ethernet  802.1q Developed in Python ▫Scapy, packet manipulation library ▫Django, web framework Institute of Informatics and Telematics - CNRTNC2012, 21 - 24 May, Reykjavík, Iceland

4 6MoN Architecture ▫Minimal configuration: the switch port connected to 6MoN must be member of all VLAN we need to monitor Institute of Informatics and Telematics - CNRTNC2012, 21 - 24 May, Reykjavík, Iceland

5 Address utilization and correlation IPv4 146.48.96.30 IPv6 2a00:1620:c0:60::1a 2a00:1620:c0:60:21a:92ff:fe29:adb fe80::21a:68ff:fe9a:cab2 Hostname www.iit.cnr.it Hostname www.iit.cnr.it Username serverweb Username serverweb VLAN id 96 MAC 00:1a:68:9a:ca:b2 ICMPv6 NS Ethernet 802.1q Radius Accounting DNS ARP Institute of Informatics and Telematics - CNRTNC2012, 21 - 24 May, Reykjavík, Iceland

6 Address utilization and correlation Institute of Informatics and Telematics - CNRTNC2012, 21 - 24 May, Reykjavík, Iceland

7 Rogue Router Advertisement Institute of Informatics and Telematics - CNRTNC2012, 21 - 24 May, Reykjavík, Iceland

8 Notification and Mitigation, RA 6MoN keeps track of all captured RAs ▫Each discovered router can be marked as “Legal/Illegal” by network administrators Rogue RAs may cause network malfunctions ▫e. g. A misconfigured host starts sending RAs 6MoN sends mitigation RAs ▫According to established policies based on heuristic experience ▫By sending spoofed packets  router-lifetime=0  valid-lifetime=0 (if prefix wrong) Notifications are sent to network administrators ▫Event driven Institute of Informatics and Telematics - CNRTNC2012, 21 - 24 May, Reykjavík, Iceland

9 Rogue Router Advertisement Institute of Informatics and Telematics - CNRTNC2012, 21 - 24 May, Reykjavík, Iceland

10 Other utilities embedded in 6MoN Neighbor solicitation ▫Keeps track of IPv6 address utilization by listening to DAD and NS messages MacFind ▫Finds the switch physical port that is closest to a given mac-address (SNMP based) WatchARP ▫Observes IPv4 address utilization and keeps history of correlation of MAC and IPv4 usage Rogue DHCP notification ▫Discover “unofficial” DHCP servers connected to the network Institute of Informatics and Telematics - CNRTNC2012, 21 - 24 May, Reykjavík, Iceland

11 Neighbor Solicitation Institute of Informatics and Telematics - CNRTNC2012, 21 - 24 May, Reykjavík, Iceland

12 MacFind Institute of Informatics and Telematics - CNRTNC2012, 21 - 24 May, Reykjavík, Iceland

13 WatchARP Institute of Informatics and Telematics - CNRTNC2012, 21 - 24 May, Reykjavík, Iceland

14 Rogue DHCP server Institute of Informatics and Telematics - CNRTNC2012, 21 - 24 May, Reykjavík, Iceland

15 Conclusion 6MoN (beta) is available for download as VMware image ▫http://servizirete.pi.cnr.ithttp://servizirete.pi.cnr.it ▫advice: wait for version 2 New version is going to be available in June ▫Improved web interface ▫Optimized core algorithm ▫DHCPv6 rogue server detection More Info ▫grupporeti-dev@iit.cnr.it Institute of Informatics and Telematics - CNRTNC2012, 21 - 24 May, Reykjavík, Iceland

Download ppt "6Mon: Rogue IPv6 Router Advertisement detection and mitigation and IPv6 address utilization network monitoring tool Institute of Informatics and Telematics."

Similar presentations

10: ICMPv6 Neighbor Discovery

10: ICMPv6 Neighbor Discovery
1 IPv6. 2 Problem: 32-bit address space will be completely allocated by 2008. Solution: Design a new IP with a larger address space, called the IP version.

1 IPv6. 2 Problem: 32-bit address space will be completely allocated by Solution: Design a new IP with a larger address space, called the IP version.
Fear the Evil FOCA Attacking Internet Connections with IPv6 Chema

Fear the Evil FOCA Attacking Internet Connections with IPv6 Chema
© 2006 Cisco Systems, Inc. All rights reserved.IP6FD v2.0—2-1 IPv6 Operations Defining and Configuring Neighbor Discovery.

© 2006 Cisco Systems, Inc. All rights reserved.IP6FD v2.0—2-1 IPv6 Operations Defining and Configuring Neighbor Discovery.
IP ADDRESS MANAGEMENT [IPAM]

IP ADDRESS MANAGEMENT [IPAM]
Computer Networks21-1 Chapter 21. Network Layer: Address Mapping, Error Reporting, and Multicasting 21.1 Address Mapping 21.2 ICMP 21.3 IGMP 21.4 ICMPv6.

Computer Networks21-1 Chapter 21. Network Layer: Address Mapping, Error Reporting, and Multicasting 21.1 Address Mapping 21.2 ICMP 21.3 IGMP 21.4 ICMPv6.
5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.

5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.
Host Autoconfiguration ALTTC, Ghaziabad. IPv4 Address and IPv6 equivalents ALTTC, Ghaziabad.

Host Autoconfiguration ALTTC, Ghaziabad. IPv4 Address and IPv6 equivalents ALTTC, Ghaziabad.
IST 201 Chapter 9. TCP/IP Model Application Transport Internet Network Access.

IST 201 Chapter 9. TCP/IP Model Application Transport Internet Network Access.
CCNA2 Module 4. Discovering and Connecting to Neighbors Enable and disable CDP Use the show cdp neighbors command Determine which neighboring devices.

CCNA2 Module 4. Discovering and Connecting to Neighbors Enable and disable CDP Use the show cdp neighbors command Determine which neighboring devices.
1 Semester 2 Module 4 Learning about Other Devices Yuda college of business James Chen

1 Semester 2 Module 4 Learning about Other Devices Yuda college of business James Chen
Chapter 8b Intro to Routing & Switching.  Upon completion of this chapter, you should be able to:  Describe the structure of an IPv4 address.  Describe.

Chapter 8b Intro to Routing & Switching.  Upon completion of this chapter, you should be able to:  Describe the structure of an IPv4 address.  Describe.
CCNPv5 Minimizing Service Loss and Data Theft in a Campus Network 1 Minimizing Service Loss and Data Theft in a Switched BCMSN Module 8 – Sec 2.

CCNPv5 Minimizing Service Loss and Data Theft in a Campus Network 1 Minimizing Service Loss and Data Theft in a Switched BCMSN Module 8 – Sec 2.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 10: DHCP Routing & Switching.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 10: DHCP Routing & Switching.
Instructor & Todd Lammle

Instructor & Todd Lammle
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 10: DHCP Routing and Switching Essentials.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 10: DHCP Routing and Switching Essentials.
Wireless and Switch Security NETS David Mitchell.

Wireless and Switch Security NETS David Mitchell.
System Configuration: DHCP and Autoconfiguration Chapter 6.

System Configuration: DHCP and Autoconfiguration Chapter 6.
1 CCNA 2 v3.1 Module 4. 2 CCNA 2 Module 4 Learning about Devices.

1 CCNA 2 v3.1 Module 4. 2 CCNA 2 Module 4 Learning about Devices.
Guide to TCP/IP Fourth Edition

Guide to TCP/IP Fourth Edition

Similar presentations

Ads by Google