Presentation is loading. Please wait.

Presentation is loading. Please wait.

Kako uspešno vpeljati IPv6 v Windows okolje in preživeti

Published byJessica Dickerson Modified over 6 years ago

Similar presentations

Presentation on theme: "Kako uspešno vpeljati IPv6 v Windows okolje in preživeti"— Presentation transcript:

1

2 Kako uspešno vpeljati IPv6 v Windows okolje in preživeti
Luka Manojlovic

3 IPv4 – 4 octetcs == 4*8 = 32 bit address
IPv4 vs IPv6 IPv4 – 4 octetcs == 4*8 = 32 bit address – private address public address Around 4 billion addresses but... Where is China?!  IPv6 – 16 octects == 16x8 = 128 bit address: Two octetcs are devided by : so we have 8 units : 2001:0:5ef5:79fd:38c0:c950:3eb2:62dc = 2001:0000:5ef5:79fd:38c0:c950:3eb2:62dc 2001:0:5ef5:79fd:38::62dc = 2001:0:5ef5:79fd:38:0000:0000:62dc 2001:0:5ef5:79fd:38::62dc = 2001:0:5ef5:79fd:0038::62dc ::1 = fe80::MACtoHEX link local addresses

4 Subnetting? /32? /48? /64? /64 for everyone! ISPs delegate prefixes to end costumers

5 No broadcast Link local only multicast ICMPv6 is a MUST for IPv6 to work

6 Features IPv6 Autoconfiguration IPSec Mobility – active sessions And the most important thing! Huge address space!

7 IPv6 header VS IPv4 header
No header lenght – fixed 40 byte No identification field – Even in IPv4 useless No checksum – It‘s made on higher layers No fragmentation field No options IPv6 header VS IPv4 header No header lenght – fixed 40 byte No identification field – Even in IPv4 useless No checksum – It‘s made on higher layers No fragmentation field No options

8 Every option is called „Extension header“
Fragmentation // ICMPv6 type 2 – packet too big Source routing IPsec Destination options

9 Standardised but still sometimes we find strange implementations by various vendors...
Attacks on IPv6 Developed over 15 years ago – with security perspective of that time ARP spoofing in IPv4 world == Neighbour discovery spoofing ARP request == neighbour solicitation ARP response = neighnour advertisment Duplicate address mechanisms and DOS Neighbour solicitation? Yes, IP is in use –> Loop = DOS Hostile router advertisments

10 Man in the middle attacks Router advertisment flood
We send our router advertisment + spoofed router advertisment with liftime = 0 Router advertisment flood Windows XXX DOS – cpu 100% - firewall does not help  All routers -> lifetime =0 everything become „link – local“

11 Man in the middle attacks Router advertisment flood
We send our router advertisment + spoofed router advertisment with liftime = 0 Router advertisment flood Windows XXX DOS – cpu 100% - firewall does not help  All routers -> lifetime =0 everything become „link – local“

12 Stateful autoconfiguration and flags M and O
Router sends router advertisment – from this we get gateway In case both flags in router advertisment are set to 0: We have the same scenario as Stateless autoconfiguration – so we get globaly routed IPv6 address but we do not request and aditional info from DHCPv6 server In case that both flags in router advertisment are set to 1 M flag means – from DHCPv6 get stateful IPv6 (public address) O flag means – from DHCPv6 get other options (DNS, NTP...) M = 0 / O = 1 means – from DHCPv6 get other options (DNS) IP will be calculated by client... M = 1 / O = 0 means – from DHCPv6 get IP address but no other configuration – probably useless combination of flags...

13 Examples Exchange / mail server trick:
Set-NetIPInterface –InterfaceIndex <number> -Dhcp Disabled – on all servers that have static IP address Exchange / mail server trick: mail.domain.com (A an AAAA record – so IPv4 & IPv6) mail-v4.domain.com (A record only – IPv4 only)

14

15 Izpolnite anketo! Vam je bilo predavanje všeč?
Ste se naučili kaj novega? Vaše mnenje nam veliko pomeni! Da bo NT konferenca prihodnje leto še boljša, vas prosimo, da izpolnite anketo o zadovoljstvu, ki jo najdete v svojem NTK spletnem profilu.

16 5/14/2018 2:55 PM © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Kako uspešno vpeljati IPv6 v Windows okolje in preživeti"

Similar presentations

10: ICMPv6 Neighbor Discovery

10: ICMPv6 Neighbor Discovery
Introduction to IPv6 Presented by: Minal Mishra. Agenda IP Network Addressing IP Network Addressing Classful IP addressing Classful IP addressing Techniques.

Introduction to IPv6 Presented by: Minal Mishra. Agenda IP Network Addressing IP Network Addressing Classful IP addressing Classful IP addressing Techniques.
ZyXEL Confidential Address Autoconfiguration Feng Zou SW2 ZyXEL Communications Corp. 04/11/2006.

ZyXEL Confidential Address Autoconfiguration Feng Zou SW2 ZyXEL Communications Corp. 04/11/2006.
Future Directions For IP Architectures Ipv6 Cs686 Sadik Gokhan Caglar.

Future Directions For IP Architectures Ipv6 Cs686 Sadik Gokhan Caglar.
IPv6 The New Internet Protocol Integrated Network Services Almerindo Graziano.

IPv6 The New Internet Protocol Integrated Network Services Almerindo Graziano.
CPSC 441 - Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-

CPSC Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
Auto Configuration and Mobility Options in IPv6 By: Hitu Malhotra and Sue Scheckermann.

Auto Configuration and Mobility Options in IPv6 By: Hitu Malhotra and Sue Scheckermann.
IPv6 Overview Brent Frye EECS710. Overview Google Drive Microsoft Cloud Drive Dropbox Paid-for alternatives 2.

IPv6 Overview Brent Frye EECS710. Overview Google Drive Microsoft Cloud Drive Dropbox Paid-for alternatives 2.
EE 545 – BOGAZICI UNIVERSITY. Agenda Introduction to IP What happened IPv5 Disadvantages of IPv4 IPv6 Overview Benefits of IPv6 over IPv4 Questions -

EE 545 – BOGAZICI UNIVERSITY. Agenda Introduction to IP What happened IPv5 Disadvantages of IPv4 IPv6 Overview Benefits of IPv6 over IPv4 Questions -
IPv6 Internet Protocol Version 6. 2003-2004 - Information management 2 Groep T Leuven – Information department 2/24 Internet Protocol Version 6 (IPv6)

IPv6 Internet Protocol Version Information management 2 Groep T Leuven – Information department 2/24 Internet Protocol Version 6 (IPv6)
Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv4 20.3 IPv6.

Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv IPv6.
1 IPv6. 2 Problem: 32-bit address space will be completely allocated by 2008. Solution: Design a new IP with a larger address space, called the IP version.

1 IPv6. 2 Problem: 32-bit address space will be completely allocated by Solution: Design a new IP with a larger address space, called the IP version.
IPv6 Victor T. Norman.

IPv6 Victor T. Norman.
© 2006 Cisco Systems, Inc. All rights reserved.IP6FD v2.0—2-1 IPv6 Operations Defining and Configuring Neighbor Discovery.

© 2006 Cisco Systems, Inc. All rights reserved.IP6FD v2.0—2-1 IPv6 Operations Defining and Configuring Neighbor Discovery.
Implementing IPv6 Module B 8: Implementing IPv6

Implementing IPv6 Module B 8: Implementing IPv6
Limited address space The most visible and urgent problem with using IPv4 on the modern Internet is the rapid depletion of public addresses. Due to the.

Limited address space The most visible and urgent problem with using IPv4 on the modern Internet is the rapid depletion of public addresses. Due to the.
Network Layer IPv6 Slides were original prepared by Dr. Tatsuya Suda.

Network Layer IPv6 Slides were original prepared by Dr. Tatsuya Suda.
IP Version 6 Next generation IP Prof. P Venkataram ECE Dept. IISc.

IP Version 6 Next generation IP Prof. P Venkataram ECE Dept. IISc.
IPv6 Network Security.

IPv6 Network Security.

Similar presentations

Ads by Google