Detail výsledku

Analysis of tunneled traffic

GRÉGR, M. Analysis of tunneled traffic. Brno: 2012. 24 p.
Typ
prezentace, poster
Jazyk
angličtina
Autoři
Grégr Matěj, Ing., Ph.D., CVIS ‒ KolejNet (CIS), FIT (FIT), UIFS (FIT)
Abstrakt

Traditional firewall techniques usually permit traffic according to IP addresses or port numbers. More advanced firewalls inspect even packet's payload - e.g. http traffic. However, neither of these techniques is sufficient when dealing with IPv6 transition techniques. An attacker can easily avoid a security policy in a network by using one of many IPv6 transition techniques. Using Teredo as an example, the IPv6 traffic is encapsulated in UDP payload on high port numbers. Traditional firewall can't detect traffic inside the tunnel if the DPI of every UDP packet is not performed. Unfortunately, firewalls in current network equipment (Cisco, Juniper, HP) do not support this functionality. To make things worse, these firewalls are often used as border firewalls in enterprise networks. The presentation focuses on our monitoring solution of IPv6 transition techniques. The probe monitors network traffic and generates NetFlow statistics. The type of transition technique is encoded in NetFlow data. We support AYIYA, 6to4, 6in4, Teredo and ISATAP.

Klíčová slova

monitoring, NetFlow, IPv6, AYIYA, Teredo, 6to4, ISATAP

URL
Rok
2012
Strany
24
Konference
Campus network monitoring workshop
Místo
Brno
BibTeX 
@misc{BUT97070,
  author="Matěj {Grégr}",
  title="Analysis of tunneled traffic",
  year="2012",
  pages="24",
  address="Brno",
  url="http://6lab.cz/article/analysis-of-tunneled-traffic/"
}
Projekty
Moderní prostředky pro boj s kybernetickou kriminalitou na Internetu nové generace, MV, Program bezpečnostního výzkumu České republiky 2010 - 2015, VG20102015022, zahájení: 2010-10-01, ukončení: 2015-09-30, ukončen
Výzkumné skupiny
NES@FIT - Výzkumná skupina počítačové sítě (VZ NES@FIT)
Pracoviště
Ústav informačních systémů (UIFS)
Nahoru