IPv6 Link-Local Unicast Addresses
Link-local unicast addresses allow devices on the same local network to communicate, without requiring them to have global unicast addresses. Link-local addresses are used by routing and discovery protocols and are autoconfigured using the FE80::/10 prefix and the EUI-64 format interface ID, as shown in Figure 20-4. Figure 20-4. IPv6 Link-Local Address Structure For example, on an interface with the MAC address 00-0F-66-81-19-A3, the link-local address would be FF80:..
One of the most well-known network intrusion attacks was conducted by Kevin Metnick on Christmas Day 1994. The attack resulted in a well-documented story that ended with Metnick's arrest. Tsutomu Shimomura was the computer security scientist whose computers were hacked and who finally helped bring the whole episode to a conclusion. This case study covers the attack that Metnick launched on Shimomura's computers and analyzes how an intrusion-detection mechanism could have giv..
IPv6 Global Aggregatable Unicast Addresses
As has been repeated several times in this book, scalability is an emergent property of summarization. This is just as true for IPv6 as for IPv4. As in IPv4, the far left bits of IPv6 addresses indicate the routing prefix and may be summarized. Theoretically, there are 264 IPv6 prefixes. If each prefix were stored in router memory using 256 bits (32 bytes), then the routing table would consume 5.9 * 1020 bytes! Therefore, addresses must be deployed hierarchically and summariz..
The Process of Detecting Intrusions
So far, you have read a detailed discussion of the various types of attacks. We have also looked at some specific examples of attacks. Now we will look at the general theory behind how such attacks can be prevented and how network intrusions (that is how most of these attacks are classified) can be detected. This builds our path to the more specific discussion of setting up Cisco's IDS in the next chapter. Two main ways of detecting intrusion are generally used in today's ne..
BGP Policies Conflicting with the Internal Default
Anytime internal routers are following defaults to reach routes unknown to the AS, you should be careful not to create routing loops. A routing loop occurs when router X follows a default toward router Y, which in turn uses router X to reach the destination. The traffic will end up bouncing between routers X and Y. The default route 0/0 is injected differently from BGP into the IGP, depending on what IGP you are using. Different scenarios will be considered, utilizing OSPF, R..
Types of Network Attacks Based on the Attack's Perpetrator
In addition to classifying network attacks based on their goals, it is useful to analyze them based on who is orchestrating them. In this respect, network attacks are generally divided into four categories: Attacks launched by trusted (inside) users Attacks launched by untrusted (external) individuals Attacks launched by inexperienced "script-kiddy" hackers, whether internal or external Attacks launched by experienced "professional" hackers, whether internal or external ..
Customers of the Same Provider with a Backup Link
Customers of the same provider can, by mutual agreement, interconnect via a private link. The private link will serve as a backup in case the Internet connectivity of any of the customers is broken. The scenario in this section discusses a case in which the private link is used as the primary link between the two ASs and as a backup in case of Internet connectivity failures. In this example, we will switch roles a bit. In Figure 12-8, AS3 is the provider offering services to ..
This section describes the two types of IPv6 unicast addresses: global aggregatable and link-local. Note Older specifications mentioned two other types of IPv6 unicast addresses which have now been deprecated, in RFC 4291, IP Version 6 Addressing Architecture. These addresses are mentioned here for your information only. IPv4-compatible IPv6 addresses were made by concatenating 0::/96 and the IPv4 address. For instance, the IPv4 address 192.168.9.5 became 0..
Instead of dynamically learning the 0/0 default, a router can set its own default statically. Figure 12-2 demonstrates how to accomplish this. Figure 12-2. Dealing with the 0/0 Default RTC uses the following command: ip route prefix mask {address | interface} [distance] The 0/0 static route can point to a network number, to a gateway address, or to a physical interface as being the default path. The distance is a means of giving preference to the static route in case ..
Types of Network Attacks Based on Mode of Attack
A network intrusion is often called a network attack. Network attacks can be broken into two broad categories based on how the attack is launched. A network attack can be characterized by the goal its perpetrator is trying to achieve. These goals are generally either denial of service or unauthorized access to network resources. Denial of Service Attacks In denial of service (DoS) attacks, an attacker disrupts the use of services being offered by a service provider to its u..
