Browse > Article

Design and Implementation of Packet Filtering System for IPv4/IPv6 Tunneling Environment  

Heo, Seok-Yeol (부산대학교 바이오시스템공학부)
Lee, Wan-Jik (부산대학교 바이오시스템공학부)
Kim, Kyung-Jun (호남대학교 전파이동통신공학과)
Jeong, Sang-Jin (한국전자통신연구원 표준연구센터)
Shin, Myung-Ki (한국전자통신연구원 표준연구센터)
Kim, Hyoung-Jun (한국전자통신연구원 표준연구센터)
Han, Ki-Jun (경북대학교 컴퓨터공학과)
Publication Information
Journal of KIISE:Information Networking / v.33, no.6, 2006 , pp. 407-419 More about this Journal
Abstract
As substituting IPv6 network for all IPv4 network in a short time seems unattainable due to high cost and technical limitation, IPv4 and IPv6 are expected to coexist for a certain period of time. Under the co]existing environment of IPv4 and IPv6, interworking brings a number of extra security considerations even if it may have no security problem for each protocol respectively. Thus, the analysis and solutions for those various attacks toward IPv4/IPv6 interworking-related security are inevitably required for the sake of effective transition and settlement to IPv6. In this paper we carried out a proper rule of packet filtering for IPv6-in-IPv4 tunneling interworking environment to protect the IPv4/IPv6 interworking-related security attacks. Design and implementation of the packet filtering system suitable for IPv4/IPv6 tunneling environment in the form of Linux netfilter and ip6tables are also shown. Thru this study, the packet filtering system was found operating correctly ill the tunneling mechanism.
Keywords
Security; IPv6; Packet filtering; Tunneling; Transition;
Citations & Related Records
연도 인용수 순위
  • Reference
1 R. Graveman et al., 'Using IPsec to Secure IPv6-in-IPv4 Tunnels,' draft-ietf-v6ops-ipsec-tunnels-02.txt (work in progress), March 2006
2 FreeBSD Hypertext Mar. Pages, 'IPFW-IP firewall and traffic shaper control program,' www.freebsd.org
3 정상진, 'IPv6 방화벽 구현 설계서,' ETRI, Aug. 2005
4 IANA, 'Special-Use IPv4 Addresses,' RFC 3330, September 2002
5 Rusty Russell, 'Linux 2.4 Packet Filtering HOWTO,' www.netfilter.org.
6 Rusty Russell, 'Linux Netfilter Hacking HOWTO,' www.netfilter.org.
7 Fabrice MARIE, 'Netfilter Extensions HOWTO,' www.netfilter.org.
8 B. Carpenter and K. Moore, 'Connection of IPv6 Domains via IPv4 Clouds,' RFC 3056, February 2001
9 F. Templin et al., 'Intra-Site Automatic Tunnel Addressing Protocol (ISATAP),' draft-ietf-ngtrans-isatap-24.txt(work in progress), January 2005
10 정상진, 'IPv6 방화벽 요구사항 분석서,' ETRI, Aug. 2005
11 P. Savola, 'Security of IPv6 Routing Header and Home Address Options,' draft-savola-ipv6-rh-ha- security-03.txt(work in progress), December 2002
12 E. Davies et al., 'IPv6 Transition/Co-existence Security Considerations,' draft-ietf-v6ops-security-overview-04.txt(work in progress), March 6, 2006
13 E. Davies et al., 'Best Current Practice for Filtering ICMPv6 Messages in Firewalls,' draft-davies-v6ops-icmpv6-filtering-bcp-00.txt(work in progress), July 2005
14 P. Savola, 'Security Considerations for 6to4,' RFC 3964, December 2004
15 Satomi Okazaki and Anand Desai, 'NAT-PT Security Considerations,' draft-okazaki-v6ops-natpt-security-00.txt(work in progress), June 2003
16 P. Savola, 'Firewalling Considerations for IPv6,' draft-savola-v6ops-firewalling-01.txt(work in progress), March 2003
17 R. Gilligan and E. Nordmark, 'Transition Mechanisms for IPv6 Hosts and Routers,' RFC 2893, August 2000
18 M-K Shin, 'Security Implication of IPv6 and IPv6 Transition,' ETRI, May 2005