LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: December 19th, 2014
Linux Advisory Watch: December 12th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
IPv6 approach for TCP SYN Flood attack over VoIP, Part IV Print E-mail
User Rating:      How can I rate this item?
Source: Suhas Desai - Posted by Benjamin D. Thomas   
Features Service Providers are scrambling to offer voice, video, data and innovative services such as gaming, interactive TV and messaging, on a single pipe. At the same time, network equipment is being upgraded to IPV6.But some Real-Time IPV6 Security overwhelms performance due to the application intelligence which is the rapid inspection of VoIP signaling SIP, H.323 and audio packets, and the prompt opening and shutting of "pinholes" to allow the passage of valid voice traffic over wireless networks.

A firewall enabled for application filtering and IPv6 can drop application performance by a staggering 90 % or more compared to best case IPV4 results.

Given methods are used to IPv6 Application performance:

  • Emulate real application traffic -data, voice, video over tens of thousands of clients and/or servers.
  • Measure performance and Quality of Experience with Web pages/s, VoIP call set-up time, FTP file transfer rate and instant message passing with TCP SYN handshaking signals.

Multiply services over IPv4/v6 must address three additional challenges that will impact network performance must be handled following DoS attacks. IPv6 approaches can handle these with Network tester configurations.

6.2 DoS Attacks

  • Must be filtered, including traditional layer 3-4 attacks such as TCP SYN Flood which is ported to IPv6.
  • ICMPv6 attacks
  • Application layer attacks (such as SIP setup/teardown flood and RTP stream Insertion).
  • Application attacks are particularly effective because they degrade the CPU performance.

6.3 VoIP Attack Vulnerability

VoIP attack vulnerability simulates DoS attacks to measure impact on VoIP with:

  • Traditional DoS attacks (TCP SYN flood, ping of Death)
  • VoIP voice insertion-simulate rogue RTP streams.
  • VoIP DoS simulates bursts of call setups and teardowns on the same addresses

6.4 Performance Challenges

6.4.1
Longer IPv6 addresses:

Firewall rule sets and ACL must work IPv6 addresses. It can degrade performance.

6.4.2
IPv6 variable-length headers:

Parsing more complex encryption and authentication header sections must be parsed and filtered and it may also need to perform encryption/decryption or calculation of message authentication codes to be filter on application-layer headers and content.

6.4.3
IPv6 DoS attacks

IPv6/v4 and IPv4/v6 tunneling can hide application-layer attacks within complex handcrafted TCP SYN packets.

6.5 Triple-Play Methodology

It is a new approach needed to ensure that application aware devices do not become bottlenecks:

6.5.1
Real-Time Application Performance.

6.5.2
Add DoS attacks over IPv6 including SIP setup-teardown attacks. Quantify the reduction in application performance.

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
Report: U.S. planning “proportional response” to Sony hack, blamed on North Korea
Heartbleed, Shellshock, Tor and more: The 13 biggest security stories of 2014
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.