IPv6 Security
IPv6 Security
IPv6 Security
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
518distributed denial of service attacksdistributed denial of service attacks. See DDoSattacksDMVPN (Dynamic Multi-Point Virtual PrivateNetwork)central router configuration, 351-352dual-stack functionality, 353IPsec connection status commands, 355-359NHRP with, 350purpose of, 349remote-site router configuration, 352-353topology example for, 350verifying at the hub, 353-354verifying at the spoke, 359-361DNS (Domain Name System)dual stack inquiries to, 418dynamic, 484importance for <strong>IPv6</strong>, 502ISATAP attacks through, 454Microsoft Windows XP default addresses, 300privacy address issues, 484scans of, 56<strong>Security</strong> (DNSSEC), 502DOHs. See Destination Options headersDoS (denial of service) attacksDAD based, 191-192DHCPv6 based, 210-212distributed. See DDoS attacksforged RAs, 185HSRP vulnerability to, 257ICMPv6 based attacks, 21IOS firewalls for, 150-152ip directed broadcasts, disabling, 74M<strong>IPv6</strong>, on, 390Morris worm, 74multicasting for, 22packet-flooding attacks, 74-77dos-new-ipv6, 192DRP (Default Router Preference), 256DSM<strong>IPv6</strong> (Dual Stack M<strong>IPv6</strong>), 408dual stacksaddress selection issues, 295application attacks, 55application layer with, 418Cisco <strong>Security</strong> Agent for protection, 443deciding between <strong>IPv6</strong> and IPv4, 418defined as transition technique, 417disabling <strong>IPv6</strong>, 443Edual routing tables required, 418exploiting, 440-443host operating system issues, 281<strong>IPv6</strong> preferred over IPv4, 418ISATAP for hosts. See ISATAPknown vulnerabilities, table of, 441latent threats, 441Layer 2 types, 417MAC OS X latent threat mechanism, 440mechanism depiction, 417memory consumption issue, 418no split tunneling vulnerability, 441personal firewalls for protection, 443preferred transition technique, 417protection methods for, 443-444recommendations, list of, 510strategy, 4-5transport protocols with, 418vulnerabilities, 440-443DUIDs (DHCP Unique Identifiers), 117-118, 208Duplicate Address Detection. See DADdynamic crypto maps, 338-339Dynamic DNS (DDNS), 484dynamic multipoint VPNs. See DMVPNdynamic tunnels6to4. See 6to4 tunnelsdefined, 420ISATAP. See ISATAPsecuring, 449Teredo. See Teredoearly adopter strategy, 7EBGP. See BGPedge routers (ERs), 110EIGRPv6, 242-244enable secret command, 225Encapsulated <strong>Security</strong> Payloads. See ESPsencryptionHSRP authentication, 258keygen tokens, 384neighbor discovery, of. See SENDoverview of technologies for, 319passwords, of, 225endpoint security, 215. See also host security
Change language