Presentation is loading. Please wait.

Presentation is loading. Please wait.

November 7-12, Beijing,China.

Published byΘεοφύλακτος Κομνηνός Modified over 6 years ago

Similar presentations

Presentation on theme: "November 7-12, Beijing,China."— Presentation transcript:

1 November 7-12, 2010. Beijing,China.
Security Assessment of the IPv6 Flow Label (draft-gont-6man-flowlabel-security-00) Fernando Gont on behalf of UK CPNI IETF 79 November 7-12, Beijing,China.

2 Summary Document is part of a larger document on IPv6 security being produced by UK CPNI (yet unpublished) Analyzes the security implications of the Flow Label field Proposes an algorithm for selecting flow labels

3 Security Implications of the Flow Label field
Possible (theoretical) DoS vector resulting from Flow Label verification described in RFC 2460 Covert Channels QoS theft Information leaking

4 Selecting Flow Labels Requirements:
Flow Labels that are predictable by off-path attackers Flow Label collisions are reduced Proposed algorithm (a la RFC 1948, and compliant with RC 3697): Flow Label = counter + hash(Source Address, Destination Address, Secret Key)

5 Moving forward Comments? Adopt as wg item?

Download ppt "November 7-12, Beijing,China."

Similar presentations

73rd IETF meeting, November 16-21, 2008

73rd IETF meeting, November 16-21, 2008
Security Assessment of the Internet Protocol version 4 (IPv4) draft-ietf-opsec-ip-security Fernando Gont project carried out on behalf of UK CPNI 76th.

Security Assessment of the Internet Protocol version 4 (IPv4) draft-ietf-opsec-ip-security Fernando Gont project carried out on behalf of UK CPNI 76th.
Mitigating Teredo Routing Loop Attacks (draft-gont-6man-teredo-loops-00 ) Fernando Gont on behalf of UK CPNI IETF 79 November 7-12, 2010. Beijing, China.

Mitigating Teredo Routing Loop Attacks (draft-gont-6man-teredo-loops-00 ) Fernando Gont on behalf of UK CPNI IETF 79 November 7-12, Beijing, China.
Security implications of Network Address Translators (NATs) (draft-gont-behave-nat-security) Fernando Gont Pyda Srisuresh UTN/FRH EMC Corporation 76th.

Security implications of Network Address Translators (NATs) (draft-gont-behave-nat-security) Fernando Gont Pyda Srisuresh UTN/FRH EMC Corporation 76th.
Ongoing work at the IETF on TCP and IP security Fernando Gont project carried out on behalf of UK CPNI HACK.LU 09 Conference October 28-30, 2009. Luxembourg.

Ongoing work at the IETF on TCP and IP security Fernando Gont project carried out on behalf of UK CPNI HACK.LU 09 Conference October 28-30, Luxembourg.
Port randomization (draft-ietf-tsvwg-port-randomization) Michael Larsen & Fernando Gont 73rd IETF Meeting, November 16-21, 2008 Minneapolis, MN, USA.

Port randomization (draft-ietf-tsvwg-port-randomization) Michael Larsen & Fernando Gont 73rd IETF Meeting, November 16-21, 2008 Minneapolis, MN, USA.
Ongoing work at the IETF on TCP and IP security Fernando Gont project carried out on behalf of UK CPNI HACK.LU 09 Conference October 28-30, 2009. Luxembourg.

Ongoing work at the IETF on TCP and IP security Fernando Gont project carried out on behalf of UK CPNI HACK.LU 09 Conference October 28-30, Luxembourg.
IPv6 RADIUS attributes for IPv6 access networks draft-lourdelet-radext-ipv6-access-01 Glen Zorn, Benoit Lourdelet Wojciech Dec, Behcet Sarikaya Radext/dhc.

IPv6 RADIUS attributes for IPv6 access networks draft-lourdelet-radext-ipv6-access-01 Glen Zorn, Benoit Lourdelet Wojciech Dec, Behcet Sarikaya Radext/dhc.
ICMP attacks against TCP draft-ietf-tcpm-icmp-attacks-01.txt Fernando Gont (UTN/FRH) 67 th IETF Meeting, San Diego, California, USA November 5-10, 2006.

ICMP attacks against TCP draft-ietf-tcpm-icmp-attacks-01.txt Fernando Gont (UTN/FRH) 67 th IETF Meeting, San Diego, California, USA November 5-10, 2006.
Draft-ietf-intarea-nat-reveal-analysis – IETF84 Analysis of Solution Candidates to Reveal a Host Identifier (HOST_ID) in Shared Address Deployments draft-ietf-intarea-nat-reveal-analysis-02.

Draft-ietf-intarea-nat-reveal-analysis – IETF84 Analysis of Solution Candidates to Reveal a Host Identifier (HOST_ID) in Shared Address Deployments draft-ietf-intarea-nat-reveal-analysis-02.
Draft-ietf-v6ops-scanning-implications-00 IPv6 Implications for Network Scanning Tim Chown University of Southampton (UK) IETF 66,

Draft-ietf-v6ops-scanning-implications-00 IPv6 Implications for Network Scanning Tim Chown University of Southampton (UK) IETF 66,
Security Assessment of the Transmission Control Protocol (TCP) (draft-ietf-tcpm-tcp-security-02.txt) Fernando Gont project carried out on behalf of UK.

Security Assessment of the Transmission Control Protocol (TCP) (draft-ietf-tcpm-tcp-security-02.txt) Fernando Gont project carried out on behalf of UK.
Virtual Topologies for Service Chaining in BGP IP/MPLS VPNs draft-rfernando-bess-service-chaining-00 (previously draft-rfernando-l3vpn-service-chaining-04)

Virtual Topologies for Service Chaining in BGP IP/MPLS VPNs draft-rfernando-bess-service-chaining-00 (previously draft-rfernando-l3vpn-service-chaining-04)
Draft-chown-v6ops-port-scanning-implications-02 IPv6 Implications for TCP/UDP Port Scanning Tim Chown IETF 65, March 23rd 2006 Dallas,

Draft-chown-v6ops-port-scanning-implications-02 IPv6 Implications for TCP/UDP Port Scanning Tim Chown IETF 65, March 23rd 2006 Dallas,
1 Miscellaneous Capabilities for IP Network Infrastructure IETF 64 Vancouver, BC, Canada November 2005.

1 Miscellaneous Capabilities for IP Network Infrastructure IETF 64 Vancouver, BC, Canada November 2005.
BFD Working Group Document Status – IETF 78 Jeffrey Haas, Dave Ward,

BFD Working Group Document Status – IETF 78 Jeffrey Haas, Dave Ward,
Multiple Interfaces (MIF) WG IETF 79, Beijing, China Margaret Wasserman Hui Deng

Multiple Interfaces (MIF) WG IETF 79, Beijing, China Margaret Wasserman Hui Deng
Guidance for Running Multiple IPv6 Prefixes (draft-liu-v6ops-running-multiple-prefixes-02) Bing Liu, Sheng Jiang (Speaker), Yang Bo IETF91

Guidance for Running Multiple IPv6 Prefixes (draft-liu-v6ops-running-multiple-prefixes-02) Bing Liu, Sheng Jiang (Speaker), Yang Bo IETF91
Duplicate Address Detection Proxy (draft-costa-6man-dad-proxy-00)

Duplicate Address Detection Proxy (draft-costa-6man-dad-proxy-00)
Application of PWE3 to MPLS Transport Networks

Application of PWE3 to MPLS Transport Networks

Similar presentations

Ads by Google