Abstract

The concept of Extension Headers, newly introduced with IPv6, is elusive and enables new types of threats in the Internet. Simply dropping all traffic containing any Extension Header - a current practice by operators-seemingly is an effective solution, but at the cost of possibly dropping legitimate traffic as well. To determine whether threats indeed occur, and evaluate the actual nature of the traffic, measurement solutions need to be adapted. By implementing these specific parsing capabilities in flow exporters and performing measurements on two different production networks, we show it is feasible to quantify the metrics directly related to these threats, and thus allow for monitoring and detection. Analysing the traffic that is hidden behind Extension Headers, we find mostly benign traffic that directly affects end-user QoE: simply dropping all traffic containing Extension Headers is thus a bad practice with more consequences than operators might be aware of.
Original languageEnglish
Title of host publicationNetwork Traffic Measurement and Analysis Conference (TMA), 2017
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)978-3-901882-95-1
DOIs
StatePublished - 4 Aug 2017
EventNetwork Traffic Measurement and Analysis Conference 2017 - Dublin, Ireland

Conference

ConferenceNetwork Traffic Measurement and Analysis Conference 2017
Abbreviated titleTMA 2017
CountryIreland
CityDublin
Period21/06/17 → …
Internet address

Fingerprint

Internet
Monitoring

Cite this

Hendriks, L., Velan, P., de Oliveira Schmidt, R., De Boer, P. T., & Pras, A. (2017). Threats and surprises behind IPv6 extension headers. In Network Traffic Measurement and Analysis Conference (TMA), 2017 Institute of Electrical and Electronics Engineers Inc.. DOI: 10.23919/TMA.2017.8002912

Hendriks, Luuk; Velan, Petr; de Oliveira Schmidt, Ricardo ; De Boer, Pieter Tjerk; Pras, Aiko / Threats and surprises behind IPv6 extension headers.

Network Traffic Measurement and Analysis Conference (TMA), 2017. Institute of Electrical and Electronics Engineers Inc., 2017.

Research output: Scientific - peer-reviewConference contribution

@inbook{0668462b80024374822f0af4eb693baa,
title = "Threats and surprises behind IPv6 extension headers",
abstract = "The concept of Extension Headers, newly introduced with IPv6, is elusive and enables new types of threats in the Internet. Simply dropping all traffic containing any Extension Header - a current practice by operators-seemingly is an effective solution, but at the cost of possibly dropping legitimate traffic as well. To determine whether threats indeed occur, and evaluate the actual nature of the traffic, measurement solutions need to be adapted. By implementing these specific parsing capabilities in flow exporters and performing measurements on two different production networks, we show it is feasible to quantify the metrics directly related to these threats, and thus allow for monitoring and detection. Analysing the traffic that is hidden behind Extension Headers, we find mostly benign traffic that directly affects end-user QoE: simply dropping all traffic containing Extension Headers is thus a bad practice with more consequences than operators might be aware of.",
author = "Luuk Hendriks and Petr Velan and {de Oliveira Schmidt}, Ricardo and {De Boer}, {Pieter Tjerk} and Aiko Pras",
year = "2017",
month = "8",
doi = "10.23919/TMA.2017.8002912",
booktitle = "Network Traffic Measurement and Analysis Conference (TMA), 2017",
publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

Hendriks, L, Velan, P, de Oliveira Schmidt, R, De Boer, PT & Pras, A 2017, Threats and surprises behind IPv6 extension headers. in Network Traffic Measurement and Analysis Conference (TMA), 2017. Institute of Electrical and Electronics Engineers Inc., Network Traffic Measurement and Analysis Conference 2017, Dublin, Ireland, 21 June. DOI: 10.23919/TMA.2017.8002912

Threats and surprises behind IPv6 extension headers. / Hendriks, Luuk; Velan, Petr; de Oliveira Schmidt, Ricardo ; De Boer, Pieter Tjerk; Pras, Aiko.

Network Traffic Measurement and Analysis Conference (TMA), 2017. Institute of Electrical and Electronics Engineers Inc., 2017.

Research output: Scientific - peer-reviewConference contribution

TY - CHAP

T1 - Threats and surprises behind IPv6 extension headers

AU - Hendriks,Luuk

AU - Velan,Petr

AU - de Oliveira Schmidt,Ricardo

AU - De Boer,Pieter Tjerk

AU - Pras,Aiko

PY - 2017/8/4

Y1 - 2017/8/4

N2 - The concept of Extension Headers, newly introduced with IPv6, is elusive and enables new types of threats in the Internet. Simply dropping all traffic containing any Extension Header - a current practice by operators-seemingly is an effective solution, but at the cost of possibly dropping legitimate traffic as well. To determine whether threats indeed occur, and evaluate the actual nature of the traffic, measurement solutions need to be adapted. By implementing these specific parsing capabilities in flow exporters and performing measurements on two different production networks, we show it is feasible to quantify the metrics directly related to these threats, and thus allow for monitoring and detection. Analysing the traffic that is hidden behind Extension Headers, we find mostly benign traffic that directly affects end-user QoE: simply dropping all traffic containing Extension Headers is thus a bad practice with more consequences than operators might be aware of.

AB - The concept of Extension Headers, newly introduced with IPv6, is elusive and enables new types of threats in the Internet. Simply dropping all traffic containing any Extension Header - a current practice by operators-seemingly is an effective solution, but at the cost of possibly dropping legitimate traffic as well. To determine whether threats indeed occur, and evaluate the actual nature of the traffic, measurement solutions need to be adapted. By implementing these specific parsing capabilities in flow exporters and performing measurements on two different production networks, we show it is feasible to quantify the metrics directly related to these threats, and thus allow for monitoring and detection. Analysing the traffic that is hidden behind Extension Headers, we find mostly benign traffic that directly affects end-user QoE: simply dropping all traffic containing Extension Headers is thus a bad practice with more consequences than operators might be aware of.

U2 - 10.23919/TMA.2017.8002912

DO - 10.23919/TMA.2017.8002912

M3 - Conference contribution

BT - Network Traffic Measurement and Analysis Conference (TMA), 2017

PB - Institute of Electrical and Electronics Engineers Inc.

ER -

Hendriks L, Velan P, de Oliveira Schmidt R, De Boer PT, Pras A. Threats and surprises behind IPv6 extension headers. In Network Traffic Measurement and Analysis Conference (TMA), 2017. Institute of Electrical and Electronics Engineers Inc.2017. Available from, DOI: 10.23919/TMA.2017.8002912