Submit Search
Upload
Eric Vyncke - IPv6 security in general
•
2 likes
•
2,473 views
IKT-Norge
Follow
IKT-Norge's IPv6 forum conference, Oslo 2012-04-25
Read less
Read more
Technology
Report
Share
Report
Share
1 of 37
Recommended
Eric Vyncke - Layer-2 security, ipv6 norway
Eric Vyncke - Layer-2 security, ipv6 norway
IKT-Norge
Jan Zorz - IPv6 and mobile emergency response teams
Jan Zorz - IPv6 and mobile emergency response teams
IKT-Norge
Henrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspective
IKT-Norge
Gabriel Paues - IPv6 address planning + making the case for WHY
Gabriel Paues - IPv6 address planning + making the case for WHY
IKT-Norge
Martin J Levy - Hurricane Electric - The IPv6 global view - norway ipv6 - apr...
Martin J Levy - Hurricane Electric - The IPv6 global view - norway ipv6 - apr...
IKT-Norge
Getting started with IPv6
Getting started with IPv6
Private
AusNOG 2014 - Network Virtualisation: The Killer App for IPv6?
AusNOG 2014 - Network Virtualisation: The Killer App for IPv6?
Mark Smith
pps Matters
pps Matters
Bangladesh Network Operators Group
Recommended
Eric Vyncke - Layer-2 security, ipv6 norway
Eric Vyncke - Layer-2 security, ipv6 norway
IKT-Norge
Jan Zorz - IPv6 and mobile emergency response teams
Jan Zorz - IPv6 and mobile emergency response teams
IKT-Norge
Henrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspective
IKT-Norge
Gabriel Paues - IPv6 address planning + making the case for WHY
Gabriel Paues - IPv6 address planning + making the case for WHY
IKT-Norge
Martin J Levy - Hurricane Electric - The IPv6 global view - norway ipv6 - apr...
Martin J Levy - Hurricane Electric - The IPv6 global view - norway ipv6 - apr...
IKT-Norge
Getting started with IPv6
Getting started with IPv6
Private
AusNOG 2014 - Network Virtualisation: The Killer App for IPv6?
AusNOG 2014 - Network Virtualisation: The Killer App for IPv6?
Mark Smith
pps Matters
pps Matters
Bangladesh Network Operators Group
Introduction of ipv6
Introduction of ipv6
KaushikMajumder22
Cameron - TMO IPv6 Norway Meeting
Cameron - TMO IPv6 Norway Meeting
IPv6no
Transitioning IPv4 to IPv6
Transitioning IPv4 to IPv6
Jhoni Guerrero
Fedv6tf-fhs
Fedv6tf-fhs
Tim Martin
AusNOG 2011 - Residential IPv6 CPE - What Not to Do and Other Observations
AusNOG 2011 - Residential IPv6 CPE - What Not to Do and Other Observations
Mark Smith
IPv6 Security - Workshop mit Live Demo
IPv6 Security - Workshop mit Live Demo
Digicomp Academy AG
Fedv6tf-IPv6-new-friends
Fedv6tf-IPv6-new-friends
Tim Martin
Ipv6
Ipv6
maha5960
IPv6 address-planning
IPv6 address-planning
Tim Martin
Fb i pv6-sparchimanv1.0
Fb i pv6-sparchimanv1.0
Fred Bovy
Hands-on Experience with IPv6 Routing and Services
Hands-on Experience with IPv6 Routing and Services
Cisco Canada
IPv6-strategic-planning-framework
IPv6-strategic-planning-framework
Tim Martin
IPv6 translation methods
IPv6 translation methods
Ahmad Hijazi
IPv6 in 2G and 3G Networks
IPv6 in 2G and 3G Networks
John Loughney
IPv6 Transition,Transcición IPv6
IPv6 Transition,Transcición IPv6
Suministros Obras y Sistemas
IPv6 Transition Strategies
IPv6 Transition Strategies
APNIC
Understanding i pv6 2
Understanding i pv6 2
srmanjuskp
Presd1 09
Presd1 09
Niels Groeneveld
DASH7 Webinar: Working With Open Tag For Mode 2
DASH7 Webinar: Working With Open Tag For Mode 2
Haystack Technologies
The State of 3G/GPRS IPv6 Deployment
The State of 3G/GPRS IPv6 Deployment
John Loughney
IPv6 Security
IPv6 Security
Progreso Training
IPv6 Security Challenges: TechNet Augusta 2015
IPv6 Security Challenges: TechNet Augusta 2015
AFCEA International
More Related Content
What's hot
Introduction of ipv6
Introduction of ipv6
KaushikMajumder22
Cameron - TMO IPv6 Norway Meeting
Cameron - TMO IPv6 Norway Meeting
IPv6no
Transitioning IPv4 to IPv6
Transitioning IPv4 to IPv6
Jhoni Guerrero
Fedv6tf-fhs
Fedv6tf-fhs
Tim Martin
AusNOG 2011 - Residential IPv6 CPE - What Not to Do and Other Observations
AusNOG 2011 - Residential IPv6 CPE - What Not to Do and Other Observations
Mark Smith
IPv6 Security - Workshop mit Live Demo
IPv6 Security - Workshop mit Live Demo
Digicomp Academy AG
Fedv6tf-IPv6-new-friends
Fedv6tf-IPv6-new-friends
Tim Martin
Ipv6
Ipv6
maha5960
IPv6 address-planning
IPv6 address-planning
Tim Martin
Fb i pv6-sparchimanv1.0
Fb i pv6-sparchimanv1.0
Fred Bovy
Hands-on Experience with IPv6 Routing and Services
Hands-on Experience with IPv6 Routing and Services
Cisco Canada
IPv6-strategic-planning-framework
IPv6-strategic-planning-framework
Tim Martin
IPv6 translation methods
IPv6 translation methods
Ahmad Hijazi
IPv6 in 2G and 3G Networks
IPv6 in 2G and 3G Networks
John Loughney
IPv6 Transition,Transcición IPv6
IPv6 Transition,Transcición IPv6
Suministros Obras y Sistemas
IPv6 Transition Strategies
IPv6 Transition Strategies
APNIC
Understanding i pv6 2
Understanding i pv6 2
srmanjuskp
Presd1 09
Presd1 09
Niels Groeneveld
DASH7 Webinar: Working With Open Tag For Mode 2
DASH7 Webinar: Working With Open Tag For Mode 2
Haystack Technologies
The State of 3G/GPRS IPv6 Deployment
The State of 3G/GPRS IPv6 Deployment
John Loughney
What's hot
(20)
Introduction of ipv6
Introduction of ipv6
Cameron - TMO IPv6 Norway Meeting
Cameron - TMO IPv6 Norway Meeting
Transitioning IPv4 to IPv6
Transitioning IPv4 to IPv6
Fedv6tf-fhs
Fedv6tf-fhs
AusNOG 2011 - Residential IPv6 CPE - What Not to Do and Other Observations
AusNOG 2011 - Residential IPv6 CPE - What Not to Do and Other Observations
IPv6 Security - Workshop mit Live Demo
IPv6 Security - Workshop mit Live Demo
Fedv6tf-IPv6-new-friends
Fedv6tf-IPv6-new-friends
Ipv6
Ipv6
IPv6 address-planning
IPv6 address-planning
Fb i pv6-sparchimanv1.0
Fb i pv6-sparchimanv1.0
Hands-on Experience with IPv6 Routing and Services
Hands-on Experience with IPv6 Routing and Services
IPv6-strategic-planning-framework
IPv6-strategic-planning-framework
IPv6 translation methods
IPv6 translation methods
IPv6 in 2G and 3G Networks
IPv6 in 2G and 3G Networks
IPv6 Transition,Transcición IPv6
IPv6 Transition,Transcición IPv6
IPv6 Transition Strategies
IPv6 Transition Strategies
Understanding i pv6 2
Understanding i pv6 2
Presd1 09
Presd1 09
DASH7 Webinar: Working With Open Tag For Mode 2
DASH7 Webinar: Working With Open Tag For Mode 2
The State of 3G/GPRS IPv6 Deployment
The State of 3G/GPRS IPv6 Deployment
Viewers also liked
IPv6 Security
IPv6 Security
Progreso Training
IPv6 Security Challenges: TechNet Augusta 2015
IPv6 Security Challenges: TechNet Augusta 2015
AFCEA International
IPv6 Security - Where is the Challenge?
IPv6 Security - Where is the Challenge?
RIPE NCC
Survey on IPv6 security issues
Survey on IPv6 security issues
bathinin1
IPv6 Deployment, Lao ICT Expo 2016
IPv6 Deployment, Lao ICT Expo 2016
APNIC
IPv6 Security - Where is the Challenge
IPv6 Security - Where is the Challenge
RIPE NCC
E payment 2
E payment 2
nioushaZY
IPv6 Security - Myths and Reality
IPv6 Security - Myths and Reality
Swiss IPv6 Council
IPv6 and the IP Security Protocol
IPv6 and the IP Security Protocol
Miguel Luis
AF-23- IPv6 Security_Final
AF-23- IPv6 Security_Final
Musa Stephen HONLUE
The IPv6 Snort Plugin (at DeepSec 2014)
The IPv6 Snort Plugin (at DeepSec 2014)
Martin Schütte
Ipv6 Security with Mikrotik RouterOS by Wardner Maia
Ipv6 Security with Mikrotik RouterOS by Wardner Maia
Wardner Maia
IPv6 in Mobile Networks
IPv6 in Mobile Networks
APNIC
Snooping TCP
Snooping TCP
Sushant Kushwaha
Socket Programming in C++
Socket Programming in C++
saeed_delphi
Implementation & Challenges of IPv6
Implementation & Challenges of IPv6
Farwa Ansari
Chapter 5: Names, Bindings and Scopes (review Questions and Problem Set)
Chapter 5: Names, Bindings and Scopes (review Questions and Problem Set)
Farwa Ansari
IPv6
IPv6
Peter R. Egli
IPV6 SIMPLE SECURITY CAPABILITIES
IPV6 SIMPLE SECURITY CAPABILITIES
Olle E Johansson
Viewers also liked
(19)
IPv6 Security
IPv6 Security
IPv6 Security Challenges: TechNet Augusta 2015
IPv6 Security Challenges: TechNet Augusta 2015
IPv6 Security - Where is the Challenge?
IPv6 Security - Where is the Challenge?
Survey on IPv6 security issues
Survey on IPv6 security issues
IPv6 Deployment, Lao ICT Expo 2016
IPv6 Deployment, Lao ICT Expo 2016
IPv6 Security - Where is the Challenge
IPv6 Security - Where is the Challenge
E payment 2
E payment 2
IPv6 Security - Myths and Reality
IPv6 Security - Myths and Reality
IPv6 and the IP Security Protocol
IPv6 and the IP Security Protocol
AF-23- IPv6 Security_Final
AF-23- IPv6 Security_Final
The IPv6 Snort Plugin (at DeepSec 2014)
The IPv6 Snort Plugin (at DeepSec 2014)
Ipv6 Security with Mikrotik RouterOS by Wardner Maia
Ipv6 Security with Mikrotik RouterOS by Wardner Maia
IPv6 in Mobile Networks
IPv6 in Mobile Networks
Snooping TCP
Snooping TCP
Socket Programming in C++
Socket Programming in C++
Implementation & Challenges of IPv6
Implementation & Challenges of IPv6
Chapter 5: Names, Bindings and Scopes (review Questions and Problem Set)
Chapter 5: Names, Bindings and Scopes (review Questions and Problem Set)
IPv6
IPv6
IPV6 SIMPLE SECURITY CAPABILITIES
IPV6 SIMPLE SECURITY CAPABILITIES
Similar to Eric Vyncke - IPv6 security in general
IPv6::Staying connected
IPv6::Staying connected
RIPE NCC
2011 TWNIC SP IPv6 Transition
2011 TWNIC SP IPv6 Transition
Johnson Liu
Eric Vyncke - IPv6 Security Vendor Point of View
Eric Vyncke - IPv6 Security Vendor Point of View
IPv6 Conference
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Jaime Olmos
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...
gogo6
Swiss IPv6 Council: The Cisco-Journey to an IPv6-only Building
Swiss IPv6 Council: The Cisco-Journey to an IPv6-only Building
Digicomp Academy AG
ION Santiago: What's Happening at the IETF? Internet Standards and How to Get...
ION Santiago: What's Happening at the IETF? Internet Standards and How to Get...
Deploy360 Programme (Internet Society)
Ethernet and TCP optimizations
Ethernet and TCP optimizations
Jeff Squyres
Content over IPv6: no excuses
Content over IPv6: no excuses
Ivan Pepelnjak
Ole Ipv4onlifesupport
Ole Ipv4onlifesupport
IPv6no
Ole - Ipv4onlifesupport
Ole - Ipv4onlifesupport
IPv6no
Rapid IPv6 Deployment for ISP Networks
Rapid IPv6 Deployment for ISP Networks
Skeeve Stevens
CISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
CISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
Ameen Wayok
PLNOG 8: Ivan Pepelnjak - Data Center Fabrics - What Really Matters
PLNOG 8: Ivan Pepelnjak - Data Center Fabrics - What Really Matters
PROIDEA
I pv6 tutorial
I pv6 tutorial
Fred Bovy
IPv6 Development in ITB 2013
IPv6 Development in ITB 2013
Affan Basalamah
Integration and Interoperation of existing Nexus networks into an ACI Archite...
Integration and Interoperation of existing Nexus networks into an ACI Archite...
Cisco Canada
CN L8 — копия.ppt
CN L8 — копия.ppt
AssemNazirova2
PLNOG 6: Julian Curtis - IPv6 Overview
PLNOG 6: Julian Curtis - IPv6 Overview
PROIDEA
IPv6IntegrationBestPracticesfinal.pdf
IPv6IntegrationBestPracticesfinal.pdf
CPUHogg
Similar to Eric Vyncke - IPv6 security in general
(20)
IPv6::Staying connected
IPv6::Staying connected
2011 TWNIC SP IPv6 Transition
2011 TWNIC SP IPv6 Transition
Eric Vyncke - IPv6 Security Vendor Point of View
Eric Vyncke - IPv6 Security Vendor Point of View
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...
Swiss IPv6 Council: The Cisco-Journey to an IPv6-only Building
Swiss IPv6 Council: The Cisco-Journey to an IPv6-only Building
ION Santiago: What's Happening at the IETF? Internet Standards and How to Get...
ION Santiago: What's Happening at the IETF? Internet Standards and How to Get...
Ethernet and TCP optimizations
Ethernet and TCP optimizations
Content over IPv6: no excuses
Content over IPv6: no excuses
Ole Ipv4onlifesupport
Ole Ipv4onlifesupport
Ole - Ipv4onlifesupport
Ole - Ipv4onlifesupport
Rapid IPv6 Deployment for ISP Networks
Rapid IPv6 Deployment for ISP Networks
CISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
CISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
PLNOG 8: Ivan Pepelnjak - Data Center Fabrics - What Really Matters
PLNOG 8: Ivan Pepelnjak - Data Center Fabrics - What Really Matters
I pv6 tutorial
I pv6 tutorial
IPv6 Development in ITB 2013
IPv6 Development in ITB 2013
Integration and Interoperation of existing Nexus networks into an ACI Archite...
Integration and Interoperation of existing Nexus networks into an ACI Archite...
CN L8 — копия.ppt
CN L8 — копия.ppt
PLNOG 6: Julian Curtis - IPv6 Overview
PLNOG 6: Julian Curtis - IPv6 Overview
IPv6IntegrationBestPracticesfinal.pdf
IPv6IntegrationBestPracticesfinal.pdf
More from IKT-Norge
Lars Johan Bjørkevoll, Xeneta
Lars Johan Bjørkevoll, Xeneta
IKT-Norge
Erik Stokkeland
Erik Stokkeland
IKT-Norge
Ketil Widerberg
Ketil Widerberg
IKT-Norge
Randi Marjamaa
Randi Marjamaa
IKT-Norge
Roar Olsen
Roar Olsen
IKT-Norge
Eirik Norman Hansen
Eirik Norman Hansen
IKT-Norge
Roger Schjervas innlegg for produktivitetskommisjonen 19.05.2015
Roger Schjervas innlegg for produktivitetskommisjonen 19.05.2015
IKT-Norge
Læringsanalyse – Arne Krokan
Læringsanalyse – Arne Krokan
IKT-Norge
Læringsanalyse – Yngve Lindvig
Læringsanalyse – Yngve Lindvig
IKT-Norge
Multi Smart Øving – skjermbilder
Multi Smart Øving – skjermbilder
IKT-Norge
NEO2015: Zwipe
NEO2015: Zwipe
IKT-Norge
NEO2015: Crypho
NEO2015: Crypho
IKT-Norge
NEO2015: Bartec Pixavi
NEO2015: Bartec Pixavi
IKT-Norge
Verdiskaping i en digital verden: Næringsminister Monica Mæland på NEO2015
Verdiskaping i en digital verden: Næringsminister Monica Mæland på NEO2015
IKT-Norge
NEO2015: Filmgrail
NEO2015: Filmgrail
IKT-Norge
NEO2015: Home Control
NEO2015: Home Control
IKT-Norge
Et digitalt #drømmeløft for Norge: Innovasjon Norge-keynote på NEO2015
Et digitalt #drømmeløft for Norge: Innovasjon Norge-keynote på NEO2015
IKT-Norge
NEO2015: The Trampery keynote. Creating a global innovation cluster: Lessons ...
NEO2015: The Trampery keynote. Creating a global innovation cluster: Lessons ...
IKT-Norge
NEO2015: Xeneta
NEO2015: Xeneta
IKT-Norge
NEO2015: Hatteland
NEO2015: Hatteland
IKT-Norge
More from IKT-Norge
(20)
Lars Johan Bjørkevoll, Xeneta
Lars Johan Bjørkevoll, Xeneta
Erik Stokkeland
Erik Stokkeland
Ketil Widerberg
Ketil Widerberg
Randi Marjamaa
Randi Marjamaa
Roar Olsen
Roar Olsen
Eirik Norman Hansen
Eirik Norman Hansen
Roger Schjervas innlegg for produktivitetskommisjonen 19.05.2015
Roger Schjervas innlegg for produktivitetskommisjonen 19.05.2015
Læringsanalyse – Arne Krokan
Læringsanalyse – Arne Krokan
Læringsanalyse – Yngve Lindvig
Læringsanalyse – Yngve Lindvig
Multi Smart Øving – skjermbilder
Multi Smart Øving – skjermbilder
NEO2015: Zwipe
NEO2015: Zwipe
NEO2015: Crypho
NEO2015: Crypho
NEO2015: Bartec Pixavi
NEO2015: Bartec Pixavi
Verdiskaping i en digital verden: Næringsminister Monica Mæland på NEO2015
Verdiskaping i en digital verden: Næringsminister Monica Mæland på NEO2015
NEO2015: Filmgrail
NEO2015: Filmgrail
NEO2015: Home Control
NEO2015: Home Control
Et digitalt #drømmeløft for Norge: Innovasjon Norge-keynote på NEO2015
Et digitalt #drømmeløft for Norge: Innovasjon Norge-keynote på NEO2015
NEO2015: The Trampery keynote. Creating a global innovation cluster: Lessons ...
NEO2015: The Trampery keynote. Creating a global innovation cluster: Lessons ...
NEO2015: Xeneta
NEO2015: Xeneta
NEO2015: Hatteland
NEO2015: Hatteland
Recently uploaded
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
Fwdays
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
BookNet Canada
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
gvaughan
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
Lorenzo Miniero
Training state-of-the-art general text embedding
Training state-of-the-art general text embedding
Zilliz
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
LoriGlavin3
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
Nicole Novielli
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
BookNet Canada
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
LoriGlavin3
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
Lonnie McRorey
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
Raghuram Pandurangan
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
Rick Flair
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Mark Simos
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
Fwdays
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
DianaGray10
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
BkGupta21
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
Sergiu Bodiu
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
Hervé Boutemy
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
MounikaPolabathina
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
HarshalMandlekar2
Recently uploaded
(20)
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
Training state-of-the-art general text embedding
Training state-of-the-art general text embedding
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
Eric Vyncke - IPv6 security in general
1.
2001:db8::900D/32 Eric Vyncke, Distinguished
Engineer, evyncke@cisco.com © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 1
2.
• Based on
Alexa top-50 web sites Country IPv6 web site France 3+0 UK 0+1 Germany 3+0 Finland 2+0 Norway 3+3 Sweden 2+0 Denmark 2+0 China 2+1 Belgium 3+0 Source: http://www.vyncke.org/ipv6status/ USA 0+6 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
3.
2011-11
2012-02 2012-04 2001:1ad8::/32 Fasthost AS 3 24 3 2001:1ad8:c::/48 LynetInternett end 4 4 3 users 2001:700:100::/48 University of Oslo, 1 Norway 2001:700:1400::/47 HogskolenStord/Haug 1 esund 2001:700:300::/44 Norgesteknisk- 1 2 4 naturvitenskapeligeUni versitet, Norway http://www.vyncke.org/ipv6status/p2p.php © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
4.
• Security Myths
of IPv6 • Specific Security Issues of IPv6 • Security Issues during Transition © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
5.
1995: RFC 1883
2012: IPv6 Is IPv6 (a teenager) really ‗better and more secure‘? Eric: a father of two teenagers (16 &20)… © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
6.
• Default subnets
in IPv6 have 264 addresses 10 Mpps = more than 50 000 years • NMAP doesn‘t even support ping sweeps on IPv6 networks (but let‘s wait) © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
7.
• Public servers
will still need to be DNS reachable More information collected by Google... • Increased deployment/reliance on dynamic DNS More information will be in DNS • Using peer-to-peer clients gives IPv6 addresses of peers • Administrators may adopt easy-to-remember addresses (::10,::20,::F00D, ::C5C0 or simply IPv4 last octet for dual stack) • By compromising hosts in a network, an attacker can learn new addresses to scan • Transition techniques (see further) derive IPv6 address from IPv4 address can scan again © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
8.
• Viruses and
email, IM worms: IPv6 brings no change • Other worms: IPv4: reliance on network scanning IPv6: not so easy (see reconnaissance) => will use alternative techniques Worm developers will adapt to IPv6 IPv4 best practices around worm detection and mitigation remain valid © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
9.
• Now, RFC
6434 ―IPsec SHOULD be supported by all IPv6 nodes‖ • Some organizations believe that IPsec should be used to secure all flows... Interesting scalability issue (n2 issue with IPsec) Need to trust endpoints and end-users because the network cannot secure the traffic: no IPS, no ACL, no firewall Network telemetry is blinded: NetFlow/IPFIX of little use Network services hindered: what about QoS? Recommendation: do not use IPsec end to end within an administrative domain. Suggestion: Reserve IPsec for residential or hostile environment or high profile targets. © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
10.
• There are
no broadcast addresses in IPv6 • Broadcast address functionality is replaced with appropriate link local multicast addresses Link Local All Nodes Multicast—FF02::1 Link Local All Routers Multicast—FF02::2 Link Local All mDNS Multicast—FF02::FB Note: anti-spoofing also blocks amplification attacks because a remote attacker cannot masquerade as his victim http://iana.org/assignments/ipv6-multicast-addresses/ © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
11.
• RFC 4443
ICMPv6 No ping-pong on a physical point-to-point link Section 3.1 No ICMP error message should be generated in response to a packet with a multicast destination address Section 2.4 (e.3) Exceptions for Section 2.4 (e.3) – packet too big message – the parameter problem message ICMP information message (echo reply) should be generated even if destination is multicast •Rate Limit egress ICMP Packets •Rate limit ICMP messages generation •Secure the multicast network (source specific multicast) •Note: Implement Ingress Filtering of Packets with IPv6 Multicast Source Addresses © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
12.
• Sniffing
IPv6 is no more or less likely to fall victim to a sniffing attack than IPv4 • Application layer attacks The majority of vulnerabilities on the Internet today are at the application layer, something that IPSec will do nothing to prevent • Rogue devices Rogue devices will be as easy to insert into an IPv6 network as in IPv4 • Man-in-the-Middle Attacks (MITM) Without strong mutual authentication, any attacks utilizing MITM will have the same likelihood in IPv6 as in IPv4 • Flooding Flooding attacks are identical between IPv4 and IPv6 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
13.
• IPv6 stacks
were new and could be buggy • Some examples CVE-2011-2393 Feb 2012 FreeBSD OpenBSD Local users DoS with RA flooding NetBSD and others CVE-2010-4563 Feb 2012 Linux Remote detection of promiscuous mode CVE-2011-2059 Oct 2011 IOS Remote OS detection with ICMP + HbH CVE-2008-1576 Jun 2008 Apple Mac OS X Buffer overflow in Mail over IPv6 CVE-2010-4669 Jan 2011 Microsoft Flood of forged RA DoS Source: http://cve.mitre.org/cve/ © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
14.
© 2011 Cisco
and/or its affiliates. All rights reserved. Cisco Public 14
15.
/23
/32 /48 /64 2001 Interface ID • Temporary addresses for IPv6 host client application, e.g. web browser Inhibit device/user tracking Random 64 bit interface ID, then run Duplicate Address Detection before using it Rate of change based on local policy • Enabled by default in Windows, Android, iOS 4.3, Mac OS/X 10.7 Recommendation: Use Privacy Extensions for External Communication but not for Internal Networks (Troubleshooting and Attack Trace Back) IETF Work in progress: unpredictable and stable addresses © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
16.
• Significant changes •
More relied upon ICMP Message Type ICMPv4 ICMPv6 Connectivity Checks X X Informational/Error Messaging X X Fragmentation Needed Notification X X Address Assignment X Address Resolution X Router Discovery X Multicast Group Management X Mobile IPv6 Support X • => ICMP policy on firewalls needs to change © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
17.
IPv6 First Hop
Security: the IPv6 version of DHCP snooping and dynamic ARP inspection To be presented after coffee… … Stay tuned Eric Vyncke Cisco, CTO/Consulting Engineering Distinguished Engineer evyncke@cisco.com © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
18.
• Unlimited size
of header chain (spec-wise) can make filtering difficult • Potential DoS with poor IPv6 stack implementations More boundary conditions to exploit Can I overrun buffers with a lot of extension headers? Firewall enforcing order & count & length of extension header chain Perfectly Valid IPv6 Packet According to the Sniffer Header Should Only Appear Once Destination Header Which Should Occur at Most Twice Destination Options Header Should Be the Last See also: http://www.cisco.com/en/US/technologies/tk648/tk872/technologies_white_paper0900aecd8054d37d.html © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
19.
• Finding the
layer 4 information is not trivial in IPv6 Skip all known extension header Until either known layer 4 header found =>SUCCESS Or unknown extension header/layer 4 header found... =>FAILURE IPv6 hdr HopByHop Routing AH TCP data IPv6 hdr HopByHop Routing AH Unknown L4 ??? IPv6 hdr HopByHop Unk. ExtHdr AH TCP data © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
20.
Next Header =
44 IPv6 Basic Header Fragment Header Fragment Header Fragment Header Next Header Reserved Fragment Offset Identification Fragment Data • In IPv6 fragmentation is done only by the end system Tunnel end-points are end systems => Fragmentation / re-assembly can happy inside the network • Reassembly done by end system like in IPv4 • RFC 5722: overlapping fragments => MUST drop the packet. Alas, not implemented by popular OS • Attackers can still fragment in intermediate system on purpose • ==> a great obfuscation tool © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
21.
• Extension headers
chain can be so large than it is fragmented! • RFC 3128 is not applicable to IPv6 • Layer 4 information could be in 2nd fragment IPv6 hdr HopByHop Routing Fragment1 Destination IPv6 hdr HopByHop Routing Fragment2 TCP Data Layer 4 header is in 2nd fragment © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
22.
• RFC 3128
is not applicable to IPv6 • Layer 4 information could be in 2nd fragment • But, stateless firewalls could not find it if a previous extension header is fragmented IPv6 hdr HopByHop Routing Fragment1 Destination … IPv6 hdr HopByHop Routing Fragment2 … Destination TCP Data Layer 4 header is in 2ndfragment, Stateless filters have no clue where to find it! © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
23.
• This makes
matching against the first fragment non-deterministic: layer 4 header might not be there but in a later fragment Need for stateful inspection • fragment keyword matches Non-initial fragments (same as IPv4) And the first fragment if the L4 protocol cannot be determined • undertermined-transport keyword matches Only for deny ACE first fragment if the L4 protocol cannot be determined © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
24.
© 2011 Cisco
and/or its affiliates. All rights reserved. Cisco Public 27
25.
• Host security
on a dual-stack device Applications can be subject to attack on both IPv6 and IPv4 Fate sharing: as secure as the least secure stack... • Host security controls should block and inspect traffic from both IP versions Host intrusion prevention, personal firewalls, VPN clients, etc. IPv4 IPsecVPN with No Split Tunneling Dual Stack Client IPv6 HDR IPv6 Exploit Does the IPsec Client Stop an Inbound IPv6 Exploit? © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
26.
Santé ! Gezonheid
! Cheers! But a glass longs only 10 minutes Bored again… © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
27.
$ ifconfig en1
Humm… en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST>mtu 1500 ether 00:26:bb:xx:xx:xx Is there an inet6 fe80::226:bbff:fexx:xxxx%en1 prefixlen 64 scopeid 0x6 inet 10.19.19.118 netmask 0xfffffe00 broadcast 10.19.19.255 media: autoselect IPv6 Network? status: active $ ping6 -I en1 ff02::1%en1 PING6(56=40+8+8 bytes) fe80::226:bbff:fexx:xxxx%en1 --> ff02::1 Humm… 16 bytes from fe80::226:bbff:fexx:xxxx%en1, icmp_seq=0 hlim=64 time=0.140 ms . . . Are there any IPv6 16 bytes from fe80::cabc:c8ff:fec3:fdef%en1, icmp_seq=3 hlim=64 time=402.112 ms ^C --- ff02::1%en1 ping6 statistics --- peers? 4 packets transmitted, 4 packets received, +142 duplicates, 0.0% packet loss round-trip min/avg/max/std-dev = 0.140/316.721/2791.178/412.276 ms $ ndp -an Neighbor Let‘s have some fun here… Configure Linklayer Address Netif Expire St FlgsPrbs a tunnel, enable forwarding and 2001:xxxx:xxxx:1:3830:abff:9557:e33c 0:24:d7:5:6b:f0 en1 23h59m30s S . . . $ ndp -an | wc -l transmit RA 64 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
28.
• Your host:
IPv4 is protected by your favorite personal firewall... IPv6 is enabled by default (Vista, Linux, Mac OS/X, ...) • Your network: Does not run IPv6 • Your assumption: I‘m safe • Reality You are notsafe Attacker sends Router Advertisements Your host configures silently to IPv6 You are now under IPv6 attack • => Probably time to think about IPv6 in your network © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
29.
6to4 relay
ISATAP router 1. Spoofed packet 192.0.2.1 Prefix 2001:db8::/64 S: 2001:db8::200:5efe:c000:201 D: 2002:c000:202::1 192.0.2.2 2. IPv4 packet to 192.0.2.2containing S: 2001:db8::200:5efe:c000:201 D: 2002:c000:202::1 3. IPv6 packet S: 2001:db8::200:5efe:c000:201 D: 2002:c000:202::1 Repeat until Hop Limit == 0 • Root cause Mitigation: Same IPv4 encapsulation (protocol 41) •Easy on ISATAP routers: deny Different ways to embed IPv4 address in the IPv6 packets whose IPv6 is its 6to4 address •Less easy on 6to4 relay: block all • ISATAP router: ISATAP-like local address? accepts 6to4 IPv4 packets •Enterprise block all protocol 41 at the Can forward the inside IPv6 packet back to 6to4 edge which are not known tunnels relay •Good news: not so many open ISATAP routers on the Internet • Symmetric looping attack exists © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
30.
• Payment Card
Industry Data Security Standard requires the use of NAT for security Yes, weird isn‘t it? There is no NAT n:1 IPv6 <-> IPv6 in most of the firewalls RFC 6296 Network Prefix Translation for IPv6 (NPT6) is stateless 1:1 where inbound traffic is always mapped. RFC 6296 is mainly for multi-homing and does not have any security benefit (not that NAT n:1 has any…) • PCI DSS compliance cannot be achieved for IPv6 ? © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
31.
•
ASA Firewall Since version 7.0 (released 2005) Flexibility: Dual stack, IPv6 only, IPv4 only SSL VPN for IPv6 (ASA 8.0) Stateful-Failover (ASA 8.2.2) Extension header filtering and inspection (ASA 8.4.2) • ASA-SM Leverage ASA code base, same features ;-) 16 Gbps of IPv6 throughput • FWSM IPv6 in software... 80 Mbps … Not an option (put an IPv6-only ASA in parallel or migrate to ASA-SM) • IOS Firewall IOS 12.3(7)T (released 2005) Zone-based firewall on IOS-XE 3.6 (2012) • IPS Since 6.2 (released 2008) • Email Security Appliance (ESA) under beta testing since 2010, FCS in 2012 • Web Security Appliance (WSA) with explicit proxy then transparent mode, work in progress • ScanSafe expected to be available in 2012 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
32.
• No traffic
sniffing • No traffic injection • No service theft Public Network Site 2 Site Remote Access 6in4/GRE Tunnels Protected ISATAP Protected by IPv4 by IPsec RA IPsec DMVPN 12.4(20)T SSL VPN Client AnyConnect •IPsec VTI 12.4(6)T Any Connect H1 2012 IPv6 •DMVPN 15.2(1)T © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
33.
© 2011 Cisco
and/or its affiliates. All rights reserved. Cisco Public 36
34.
• So, nothing
really new in IPv6 Reconnaissance: address enumeration replaced by DNS enumeration Spoofing &bogons: uRPF is our IP-agnostic friend NDP spoofing: RA guard and more feature coming Extension headers: firewall & ACL can process them Amplification attacks by multicast mostly impossible Potential loops between tunnel endpoints: ACL must be used • Lack of operation experience may hinder security for a while: training is required • Security enforcement is possible Control your IPv6 traffic as you do for IPv4 • Leverage IPsec to secure IPv6 when suitable © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
35.
© 2011 Cisco
and/or its affiliates. All rights reserved. Cisco Public 38
36.
Source: Cisco Press ©
2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
37.
Thank you.