Project: IPv6 Security

During 2016, as part of a RoN project we implemented a plugin for measuring the extension headers at the flow level. The plugin has been validated within the UT campus network and at CESNET. This work was presented at the Measurements And Tools Working Group (MAT-WG) at RIPE 73 in Madrid, Spain.

For RoN 2017, we plan to enhance the implemented plugin targeting traffic measurements for applications of security, such as the measurement of TCP flags, and ICMP types/codes. We will also perform large-scale and long-term measurements at the UT campus network, CESNET, and more specifically the AMSIX link of AS1101. This particular link is expected to feature malicious traffic and allows us to do both the enhanced flow measurements, as well as packet-based measurements. With the addition of packet-based analysis, we aim at a profound validation of security incidents observed in the flow data, and possibly determine the limit of a flow-based approach in context of IPv6 security solutions. In addition to this, we want to use the packet-based information to research phenomena observed during RoN2016, which we suspect to be network misconfigurations: with the increasing adoption and deployment of IPv6, we hope to aid operators in spotting less obvious mistakes, possibly preventing security holes or impaired quality of experience at end-users.