Threats and surprises behind IPv6 extension headers

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

Abstract

The concept of Extension Headers, newly introduced with IPv6, is elusive and enables new types of threats in the Internet. Simply dropping all traffic containing any Extension Header - a current practice by operators-seemingly is an effective solution, but at the cost of possibly dropping legitimate traffic as well. To determine whether threats indeed occur, and evaluate the actual nature of the traffic, measurement solutions need to be adapted. By implementing these specific parsing capabilities in flow exporters and performing measurements on two different production networks, we show it is feasible to quantify the metrics directly related to these threats, and thus allow for monitoring and detection. Analysing the traffic that is hidden behind Extension Headers, we find mostly benign traffic that directly affects end-user QoE: simply dropping all traffic containing Extension Headers is thus a bad practice with more consequences than operators might be aware of.
LanguageEnglish
Title of host publicationNetwork Traffic Measurement and Analysis Conference (TMA), 2017
PublisherInstitute of Electrical and Electronics Engineers
ISBN (Electronic)978-3-901882-95-1
DOIs
Publication statusPublished - 4 Aug 2017
EventNetwork Traffic Measurement and Analysis Conference 2017 - Maynooth University, Dublin, Ireland
Duration: 21 Jun 2017 → …
http://tma.ifip.org/2017/

Conference

ConferenceNetwork Traffic Measurement and Analysis Conference 2017
Abbreviated titleTMA 2017
CountryIreland
CityDublin
Period21/06/17 → …
Internet address

Fingerprint

Internet
Monitoring

Cite this

Hendriks, L., Velan, P., de Oliveira Schmidt, R., De Boer, P. T., & Pras, A. (2017). Threats and surprises behind IPv6 extension headers. In Network Traffic Measurement and Analysis Conference (TMA), 2017 Institute of Electrical and Electronics Engineers. https://doi.org/10.23919/TMA.2017.8002912
Hendriks, Luuk ; Velan, Petr ; de Oliveira Schmidt, Ricardo ; De Boer, Pieter Tjerk ; Pras, Aiko. / Threats and surprises behind IPv6 extension headers. Network Traffic Measurement and Analysis Conference (TMA), 2017. Institute of Electrical and Electronics Engineers, 2017.
@inproceedings{0668462b80024374822f0af4eb693baa,
title = "Threats and surprises behind IPv6 extension headers",
abstract = "The concept of Extension Headers, newly introduced with IPv6, is elusive and enables new types of threats in the Internet. Simply dropping all traffic containing any Extension Header - a current practice by operators-seemingly is an effective solution, but at the cost of possibly dropping legitimate traffic as well. To determine whether threats indeed occur, and evaluate the actual nature of the traffic, measurement solutions need to be adapted. By implementing these specific parsing capabilities in flow exporters and performing measurements on two different production networks, we show it is feasible to quantify the metrics directly related to these threats, and thus allow for monitoring and detection. Analysing the traffic that is hidden behind Extension Headers, we find mostly benign traffic that directly affects end-user QoE: simply dropping all traffic containing Extension Headers is thus a bad practice with more consequences than operators might be aware of.",
author = "Luuk Hendriks and Petr Velan and {de Oliveira Schmidt}, Ricardo and {De Boer}, {Pieter Tjerk} and Aiko Pras",
year = "2017",
month = "8",
day = "4",
doi = "10.23919/TMA.2017.8002912",
language = "English",
booktitle = "Network Traffic Measurement and Analysis Conference (TMA), 2017",
publisher = "Institute of Electrical and Electronics Engineers",
address = "United States",

}

Hendriks, L, Velan, P, de Oliveira Schmidt, R, De Boer, PT & Pras, A 2017, Threats and surprises behind IPv6 extension headers. in Network Traffic Measurement and Analysis Conference (TMA), 2017. Institute of Electrical and Electronics Engineers, Network Traffic Measurement and Analysis Conference 2017, Dublin, Ireland, 21/06/17. https://doi.org/10.23919/TMA.2017.8002912

Threats and surprises behind IPv6 extension headers. / Hendriks, Luuk; Velan, Petr; de Oliveira Schmidt, Ricardo ; De Boer, Pieter Tjerk; Pras, Aiko.

Network Traffic Measurement and Analysis Conference (TMA), 2017. Institute of Electrical and Electronics Engineers, 2017.

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

TY - GEN

T1 - Threats and surprises behind IPv6 extension headers

AU - Hendriks, Luuk

AU - Velan, Petr

AU - de Oliveira Schmidt, Ricardo

AU - De Boer, Pieter Tjerk

AU - Pras, Aiko

PY - 2017/8/4

Y1 - 2017/8/4

N2 - The concept of Extension Headers, newly introduced with IPv6, is elusive and enables new types of threats in the Internet. Simply dropping all traffic containing any Extension Header - a current practice by operators-seemingly is an effective solution, but at the cost of possibly dropping legitimate traffic as well. To determine whether threats indeed occur, and evaluate the actual nature of the traffic, measurement solutions need to be adapted. By implementing these specific parsing capabilities in flow exporters and performing measurements on two different production networks, we show it is feasible to quantify the metrics directly related to these threats, and thus allow for monitoring and detection. Analysing the traffic that is hidden behind Extension Headers, we find mostly benign traffic that directly affects end-user QoE: simply dropping all traffic containing Extension Headers is thus a bad practice with more consequences than operators might be aware of.

AB - The concept of Extension Headers, newly introduced with IPv6, is elusive and enables new types of threats in the Internet. Simply dropping all traffic containing any Extension Header - a current practice by operators-seemingly is an effective solution, but at the cost of possibly dropping legitimate traffic as well. To determine whether threats indeed occur, and evaluate the actual nature of the traffic, measurement solutions need to be adapted. By implementing these specific parsing capabilities in flow exporters and performing measurements on two different production networks, we show it is feasible to quantify the metrics directly related to these threats, and thus allow for monitoring and detection. Analysing the traffic that is hidden behind Extension Headers, we find mostly benign traffic that directly affects end-user QoE: simply dropping all traffic containing Extension Headers is thus a bad practice with more consequences than operators might be aware of.

U2 - 10.23919/TMA.2017.8002912

DO - 10.23919/TMA.2017.8002912

M3 - Conference contribution

BT - Network Traffic Measurement and Analysis Conference (TMA), 2017

PB - Institute of Electrical and Electronics Engineers

ER -

Hendriks L, Velan P, de Oliveira Schmidt R, De Boer PT, Pras A. Threats and surprises behind IPv6 extension headers. In Network Traffic Measurement and Analysis Conference (TMA), 2017. Institute of Electrical and Electronics Engineers. 2017 https://doi.org/10.23919/TMA.2017.8002912