|
|
Security testing of IPv6 family protocols and related vulnerabilities
Vopálka, Matěj ; Phan, Viet Anh (referee) ; Jeřábek, Jan (advisor)
This thesis discusses the Internet Protocol version 6 (IPv6), especially the secure deployment of the protocol. The thesis deals with the shortcomings of IPv4 protocol and reason of development of IPv6 protocol. It covers topics like IPv6 addressing, structure of frames, the initial types of IPv6 extension headers. Additionally, the thesis explores related protocols to IPv6, such as NDP, SLAAC, adn DHCPv6. The thesis provides an introduction to penetration testing, describes the basic types of hackers and gives a general overview of information security attacks. The practical part is devoted to the development of an application for automatic vulnerability testing of IPv6 networks Penvuhu6. The tool is developed in Python programming language using Scapy library. Penvuhu6 has been tested in an emulated network environment with the GNS3 program. Three test scenarios were developed for the tool focusing on testing the passage of repetitive and misaligned headers, overlapping fragments, and Router advertisement and DHCPv6 advertisement messages. Penvuhu6 was tested on an emulated RouterOS device with basic and restrictive configurations.
|
|
|
Netdev Driver for Acceleration COMBO Cards
Tran, Dominik ; Vrána, Roman (referee) ; Kučera, Jan (advisor)
This thesis deals with the development of the network device driver for the FPGA network COMBO cards, which should enable receiving and sending packets through standard network interface of Linux kernel. CESNET is developing a device called DDoS Protector for protection against an amplification (D)DoS attacks, which uses COMBO cards to achieve high performance. A SZE2 interface is used for high speed transfers of network data between COMBO card and a controlling software application, using technique of bypassing kernel network stack and other methods. DDoS Protector has to support standard network protocols, whose implementation directly on top of the SZE2 is very difficult. Instead, using kernel network stack, which is, by default, bypassed to achieve high performance, is much easier to implement and supports all sorts of protocols. Creation of the network device driver enables us to use kernel network stack and other network applications for COMBO cards. Based on the study of SZE2 interface and driver development, I designed and then successfully implemented network device driver. Driver was tested to ensure standard protocols work. It was also tested from the performance point of view. I have also developed the same type of driver for the newer interface - NDP and an application for an accelerated packet forwarding, both of which are functional and were not part of the thesis specification.
|
|
|
IPv6 Hosts Monitoring
Rapavý, Martin ; Kašpárek, Tomáš (referee) ; Lampa, Petr (advisor)
This thesis is dedicated to network layer protocol IPv6, purposes of its creation and penetration. Former chapters briefly describe IPv6 protocol format and protocols, methods and technologies related to IPv6. The thesis summarizes security risks and flaws in IPv6 and ICMPv6 protocols. In context of the risks and flaws the thesis describes several of local ICMP attacks. It also mentions security incidents resulting from exploiting those security flaws and means of countermeasures. One of the used countermeasures is passive monitoring of ICMP messages. Thesis contains brief description of tool used to achieve this - NDPMon with its advantages, disadvantages and concepts of usage. Rest of the thesis describes design and implementation of monitoring tool similar to NDPMon, but with some improvements.
|
|
|
Netdev Driver for Acceleration COMBO Cards
Tran, Dominik ; Vrána, Roman (referee) ; Kučera, Jan (advisor)
This thesis deals with the development of the network device driver for the FPGA network COMBO cards, which should enable receiving and sending packets through standard network interface of Linux kernel. CESNET is developing a device called DDoS Protector for protection against an amplification (D)DoS attacks, which uses COMBO cards to achieve high performance. A SZE2 interface is used for high speed transfers of network data between COMBO card and a controlling software application, using technique of bypassing kernel network stack and other methods. DDoS Protector has to support standard network protocols, whose implementation directly on top of the SZE2 is very difficult. Instead, using kernel network stack, which is, by default, bypassed to achieve high performance, is much easier to implement and supports all sorts of protocols. Creation of the network device driver enables us to use kernel network stack and other network applications for COMBO cards. Based on the study of SZE2 interface and driver development, I designed and then successfully implemented network device driver. Driver was tested to ensure standard protocols work. It was also tested from the performance point of view. I have also developed the same type of driver for the newer interface - NDP and an application for an accelerated packet forwarding, both of which are functional and were not part of the thesis specification.
|
|
|
IPv6 Hosts Monitoring
Rapavý, Martin ; Kašpárek, Tomáš (referee) ; Lampa, Petr (advisor)
This thesis is dedicated to network layer protocol IPv6, purposes of its creation and penetration. Former chapters briefly describe IPv6 protocol format and protocols, methods and technologies related to IPv6. The thesis summarizes security risks and flaws in IPv6 and ICMPv6 protocols. In context of the risks and flaws the thesis describes several of local ICMP attacks. It also mentions security incidents resulting from exploiting those security flaws and means of countermeasures. One of the used countermeasures is passive monitoring of ICMP messages. Thesis contains brief description of tool used to achieve this - NDPMon with its advantages, disadvantages and concepts of usage. Rest of the thesis describes design and implementation of monitoring tool similar to NDPMon, but with some improvements.
|
|
| |
guest ::
