may 12, 2008 cs-526 ipv6: a closer look at tunneling, security, and ubuntu 1 saroj patil nadine...

May 12, 2008 CS-526 IPv6: A Closer Look at Tunneling, Security, and Ubuntu 1

Saroj PatilNadine Sundquist

CS526-S2008University of Colorado, Colorado Springs

Dr. C. Edward Chow

IPv6: A Closer Look at Tunneling, Security, and

Ubuntu


Roadmap

• IPv6 (Internet Protocol Version 6) Basics• Tunneling• IPv6 Security Examples• Ubuntu Test Network• Future Work

• What’s our motivation?– IPv6 will define networking and the continuation of

last semester’s project in IPv6.


• IPv6 (Internet Protocol version 6) is a network protocol used in packet-switched networks.

• 128 bit IPv6 instead of 32 bit IPv4 addresses.• The following are examples of IPv6 addresses:

• 4BF5:AA12:0216:FEBC:BA5F:039A:BE9A:2176 • ABCD::BCD:0:0:0

• The IP header has changed to provide new fields and to deprecate other fields.

• Changes in the architecture where new TCP/IP services provided.

IPv6 Overview


IPv6 over IPv4 Tunneling(Sending an IPv6 packet over an IPv4

network)• Encapsulate an IPv6 packet into an IPv4 header.• Send the packet across the IPv4 network.• Strip off the IPv4 header when the packet arrives at the IPv6

destination.


IPv6 Security ConcernsSpoofing by taking advantage of IPv6 over IPv4

tunnels


Port Scanning and Randomly Scanning Worms:

Inefficient/UselessSlammer worm crippled the Internet in 10 minutes in IPv4.

Slammer worm would take 28 years to find its first host in IPv6 if scanning at 1 million packets per second with a subnet of 10,000 hosts.


Ubuntu Test Network

IPv6 network

IPv6 network

IPv4 networkIPv4 network

IPv6 network

IPv6 network

Host:Ubuntu12001:db8:0:1::1

Router: Ubuntu22001:db8:0:1::2192.168.2.52

Host:Ubuntu42001:db8:0:2::4

Router: Ubuntu32001:db8:0:2::3192.168.2.53

Tunnel


Tunneling on Ubuntu2(Set up the Interfaces)


How do I set up the sit1 interface?• Specify sit1 as the tunnel interface using IPv4.• Bring up the sit1 interface.• Specify your own IPv6 address.• Add to your routing table the remote IPv6 network.• Specify that IPv6 forwarding is enabled. • Make sure the firewall is not blocking IPv6.


SUCCESS!!! Ping Ubuntu1 to Ubuntu4 and Ubuntu4 to Ubuntu1.


Further Work

• Look at other operating systems to see how compatible they are with IPv6 (Already tried Fedora Core, Windows Server 2008, and Ubuntu).

• Research other GUI tools that exist on top of operating systems to facilitate tunneling and firewall management.


• Cisco Systems. “IPv6 Security: Session Sec-2003”. Retrieved from • http://www.seanconvery.com/SEC-2003.pdf. • Gai, Silvano. IPv6: The new Protocol for Internet and Intranets. 2007,

December 1). Retrieved March 5, 2008, from http://www.ip6.com/us/book/ .• Google: Keywords Ubuntu and IPv6. Retrieved March 20, 2008, from

google.com.• Leon-Garcia, A. & Widjaja, I. (2004). Communication Networks:

Fundamental Concepts and Key Architectures New York: McGraw-Hill Companies, Inc.

• Microsoft Corporation. Microsoft Windows Server System. Introduction to IP Version 6. http://download.microsoft.com/download/e/9/b/e9bd20d3-cc8d-4162-aa60-3aa3abc2b2e9/IPv6.doc

• Tantayakul, Kuljaree. Configuring IPv6 Tunnels and Routing Table on Windows XP, Ubuntu Linus, and FreeBSD. Retrieved March 7, 2008, from http://ipv6.coe.psu.ac.th.

• Ubuntu Forums. Retrieved April 25, 3008, from http://www.ubuntu.com.

References

may 12, 2008 cs-526 ipv6: a closer look at tunneling, security, and ubuntu 1 saroj patil nadine...

Documents

ipv6 packet

advantage of ipv6

ipv6 destination

ipv6 forwarding

ipv6 security concerns

ipv6 overview slide

remote ipv6 network

examples of ipv6 addresses