IPv6 Security
IPv6 Security
IPv6 Security
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Multihoming Issues 121Figure 3-6Shim62001:db8:1::1/482001:db8:100::1/482001:db8:2::2/482001:db8:200::2/48ISP1ISP2<strong>IPv6</strong>Host 1 InternetHost 2R1ISP100 ISP200R2Host 1 sends packet to Host 2<strong>IPv6</strong> HeaderSource Locator 2001:db8:1::1Dest. Locator 2001:db8:200::2ShimSource ULID 2001:db8:1::1Dest. ULID 2001:db8:2::2TransportHeaderPayloadIf an attacker could spoof packets with the shim header, several types of vulnerabilitieswould exist. One possible set of attacks comes from an attacker that is in the middle of thecommunication between two shim6 hosts. That attacker could perform redirection attacksto try to hijack the session. If the attacker could impersonate the locator IDs and the ULIDs,he could take over the communications. If the attacker could get a host to cache a locatorID, the attacker could redirect traffic to another network for an extended period of time.Another type of attack would be a flooding attack, where an attacker would use its ownlocator ID to redirect a large volume of traffic to the victim. However, shim6 hosts performa reachability probe-and-reply process to determine that the locator ID belongs to theremote host.One solution to these security issues is for both hosts to use Hash Based Addresses (HBA)to ensure authenticity of the two hosts’ locator IDs. These HBAs are a cryptographic onewayhash of the set of prefixes available for communications. This provides hijackprotection because the HBAs cannot be tampered with in transit without detection.Performing the hash using nonces also helps prevent against replay attacks. Some form ofpublic-key infrastructure (PKI) mechanism could also be used to secure the exchangebetween hosts.There are additional security implications of using a shim between the <strong>IPv6</strong> header and theupper-layer headers. Firewalls need to keep track of multiple sets of address space fromdifferent providers. This means that the firewall policies will grow, and the complexity ofmaintaining the rules and the management overhead will also grow. This is because hostswill have multiple addresses that could be used to source packets that can make it difficultto create granular firewall policies. Firewalls need to be shim-aware and parse the packetscarefully, and they need to be able to handle sessions that start out without a shim and then
Change language