Analysis of tunneled traffic

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216305%3A26230%2F12%3APU101895" target="_blank" >RIV/00216305:26230/12:PU101895 - isvavai.cz</a>

Výsledek na webu

<a href="http://6lab.cz/article/analysis-of-tunneled-traffic/" target="_blank" >http://6lab.cz/article/analysis-of-tunneled-traffic/</a>

DOI - Digital Object Identifier

—

Jazyk výsledku

angličtina

Název v původním jazyce

Analysis of tunneled traffic

Popis výsledku v původním jazyce

Traditional firewall techniques usually permit traffic according to IP addresses or port numbers. More advanced firewalls inspect even packet's payload - e.g. http traffic. However, neither of these techniques is sufficient when dealing with IPv6 transition techniques. An attacker can easily avoid a security policy in a network by using one of many IPv6 transition techniques. Using Teredo as an example, the IPv6 traffic is encapsulated in UDP payload on high port numbers. Traditional firewall can't detect traffic inside the tunnel if the DPI of every UDP packet is not performed. Unfortunately, firewalls in current network equipment (Cisco, Juniper, HP ...) do not support this functionality. To make things worse, these firewalls are often used as borderfirewalls in enterprise networks. The presentation focuses on our monitoring solution of IPv6 transition techniques. The probe monitors network traffic and generates NetFlow statistics. The type of transition technique is enc

Název v anglickém jazyce

Analysis of tunneled traffic

Popis výsledku anglicky

Traditional firewall techniques usually permit traffic according to IP addresses or port numbers. More advanced firewalls inspect even packet's payload - e.g. http traffic. However, neither of these techniques is sufficient when dealing with IPv6 transition techniques. An attacker can easily avoid a security policy in a network by using one of many IPv6 transition techniques. Using Teredo as an example, the IPv6 traffic is encapsulated in UDP payload on high port numbers. Traditional firewall can't detect traffic inside the tunnel if the DPI of every UDP packet is not performed. Unfortunately, firewalls in current network equipment (Cisco, Juniper, HP ...) do not support this functionality. To make things worse, these firewalls are often used as borderfirewalls in enterprise networks. The presentation focuses on our monitoring solution of IPv6 transition techniques. The probe monitors network traffic and generates NetFlow statistics. The type of transition technique is enc

Druh

A - Audiovizuální tvorba

CEP obor

IN - Informatika

OECD FORD obor

—

Projekt

<a href="/cs/project/VG20102015022" target="_blank" >VG20102015022: Moderní prostředky pro boj s kybernetickou kriminalitou na Internetu nové generace</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Rok uplatnění

2012

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

ISBN

—

Místo vydání

Brno

Název nakladatele resp. objednatele

NEUVEDEN

Verze

NEUVEDEN

Identifikační číslo nosiče

—