IPv6 Security
IPv6 Security
IPv6 Security
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
534Remotely Triggered Black Holes (RTBHs)Remotely Triggered Black Holes (RTBHs), 84resets of BGP connections, 105-106Return Routability (RR) procedure, 382-385RFC 2460, 4RFC 4029, 107RH0 (Routing Header Type 0)attacks with, 36-39CoPP for blocking, 266defined, 36filtering for M<strong>IPv6</strong>, 393firewall based defenses, 42-43policy guidelines for, 504preventing attacks, 40-42RH2 (Routing Header Type 2)filtering, 392-393M<strong>IPv6</strong> use of, 379-380RIPng (Routing Information Protocol nextgeneration), 241RME (CiscoWorks Resource ManagerEssentials), 472, 494RO (Route Optimization), 382rogue AP (access point) problem, 462Route Optimization (RO), 382route-flap dampening, 104router access managementaccess class configuration example, 227authentication, 229-230console port security, 225HTTP access, 230-233HTTP policing, 268login monitoring, 228-229overview, 224password encryption, 225physical access, 224remote access security, 226-228SDM access, 231SSH, 226-228TCP port for HTTP access, 232vulnerabilities of management systems, 233Router Advertisements. See RAsrouter resource controlblocking inbound packets, 263-264control plane role in, 262, 265-269HTTP policing, 268icmp error-interval command, 269process table, viewing, 263purpose of, 262rACLs, 265RH0 packet blocking, 266show policy-map control-plane command, 267SSH policing, 268Telnet policing, 268Router Solicitations. See RSsrouters6to4, 424access management. See router accessmanagementACLs on. See ACLs; IOS ACLsaddresses of, vulnerability from, 64BGP. See BGPbuffer overflow vulnerability of, 8console ports of, 225consumer grade, 111-112defined, 4, 240DHCP advertisement (RA) messages, 114disabling unnecessary services, 222-224hop-limit command, 224interface hardening, 223-224interface monitoring, 468-469IOS ACLs. See IOS ACLslink-layer addresses in RAs, 183login monitoring, 228-229management systems for. See managementsystemsmobile access, 378. See also M<strong>IPv6</strong>PE routers, 108-109peering, 84, 90, 92reachability confirmation timers, 177resource control. See router resource controlRouter Advertisement (RA) messages. See RAsshow ipv6 neighbor command, 176-177show ipv6 routers command, 175target nature of, 219traffic planes, 220VTY port access control, 226-229routing headersfirewall based defenses, 42-43preventing RH0 attacks, 40-42RH0 attacks, 36-39type 0. See RH0type 2. See RH2types of, 36vulnerabilities overview, 36
Change language