slides15

Question 1

what does it mean that a packet contains IP addresses that, say, will be used to set up new connections?

Answer 1

I have no fucking clue

Question 2

when do problems arise for NAT?

Answer 2

when a packet contains IP addresses that, say, will be used to set up new connections

Question 3

Simple Service Discovery Protocol

Answer 3

The Simple Service Discovery Protocol (SSDP) is a network protocol based on the Internet Protocol Suite for advertisement and discovery of network services and presence information. It accomplishes this without assistance of server-based configuration mechanisms, such as DHCP or DNS, and without special static configuration of a network host. SSDP is the basis of the discovery protocol of Universal Plug and Play (UPnP) and is intended for use in residential or small office environments.

used for DDOS attacks

Question 4

Universal Plug and Play

Answer 4

Universal Plug and Play (UPnP) is a set of networking protocols that permits networked devices, such as personal computers, printers, Internet gateways, Wi-Fi access points and mobile devices to seamlessly discover each other’s presence on the network and establish functional network services for data sharing, communications, and entertainment. UPnP is intended primarily for residential networks without enterprise-class devices.

Question 5

SSDP vulnerability

Answer 5

In 2014 it was discovered that SSDP was being used in DDoS attacks known as an SSDP reflection attack with amplification. Many devices, including some residential routers, have a vulnerability in the UPnP software that allows an attacker to get replies from port number 1900 to a destination address of their choice. With a botnet of thousands of devices the attackers can generate sufficient packet rates and occupy bandwidth to saturate links, causing the denial of service.[7] [8] [9]

Question 6

Carrier grade NAT

Answer 6

NAT done in the ISP rather than by the end-user

Question 7

wtf is 100.64.0.0/10

Answer 7

Private network Shared address space[3] for communications between a service provider and its subscribers when using a carrier-grade NAT.

Question 8

FTP

Answer 8

The File Transfer (‘FTP) is a standard network protocol used for the transfer of computer files between a client and server on a computer network.

FTP is built on a client-server model architecture using separate control and data connections between the client and the server.[1] FTP users may authenticate themselves with a clear-text sign-in protocol, normally in the form of a username and password, but can connect anonymously if the server is configured to allow it. For secure transmission that protects the username and password, and encrypts the content, FTP is often secured with SSL/TLS (FTPS) or replaced with SSH File Transfer Protocol (SFTP).

Question 9

nat problems

Answer 9

• Complexity in the gateway software
• Scalability problems in the gateway tracking large numbers
of connections
• Bad interactions with some protocols
• Difficulty of making end-to-end connections when both ends are behind a NAT gateway (e.g., Skype, SIP)
• Loss of “an IP address identifies a host uniquely” (a problem for law enforcement)

Question 10

port forwarding

Answer 10

In computer networking, port forwarding or port mapping is an application of network address translation (NAT) that redirects a communication request from one address and port number combination to another while the packets are traversing a network gateway, such as a router or firewall. This technique is most commonly used to make services on a host residing on a protected or masqueraded (internal) network available to hosts on the opposite side of the gateway (external network), by remapping the destination IP address and port number of the communication to an internal host.[1][2]

Question 11

STUN

Answer 11

It provides a tool for hosts to discover the presence of a network address translator, and to discover the mapped, usually public, Internet Protocol (IP) address and port number that the NAT has allocated for the application’s User Datagram Protocol (UDP) flows to remote hosts. The protocol requires assistance from a third-party network server (STUN server)

for video/messaging/interactive applications

Question 12

IPv5

Answer 12

meant for streaming
With the development of IPv6 happening and its promise of nearly unlimited IP addresses and a kind of fresh start for the protocol, IPv5 itself was never transitioned to public use in large part because of its 32-bit limitations.

Question 13

IPv1, 2, & 3

Answer 13

IPv1, 2, & 3 would be part of the TCP/IP protocols, of which there were 3 versions before the IP protocol was split of of it. IPv4 is actualy the first version of the IP protocol. IPv5 is an experimental TCP/IP protocol called the Internet Stream Protocol that never really went anywhere because increases in badwith made streaming over IPv4 feasible. So IPv5 was never finalized and they skiped to IPv6.

Question 14

aim of IPv6

Answer 14

• have a larger address space
• reduce the size of router tables
• simplify the protocol so routers can process packets faster • provide security and authentication
• pay proper attention to type of service (DS)
• have better multicasting support
• have mobile hosts with fixed IP addresses
• allow room for evolution of the protocol
• permit IPv4 and IPv6 to coexist during the transition

Question 15

IPv6

Answer 15

4 bits. The number 6. This is identical in position to IPv4 and can be used to distinguish packets in mixed-version environments. In an Ethernet frame, IPv4 has protocol number 0800, while IPv6 is 86DD, but remember you might be using a different physical layer that does not give the type of its data

Question 16

IPv6 Version

Answer 16

4 bits. The number 6. This is identical in position to IPv4 and can be used to distinguish packets in mixed-version environments. In an Ethernet frame, IPv4 has protocol number 0800, while IPv6 is 86DD, but remember you might be using a different physical layer that does not give the type of its data

Question 17

IPv6 Traffic class

Answer 17

8 bits. Like TOS (DS) in v4

Question 18

IPv6 Flow label

Answer 18

20 bits. Allows routers to recognise packets in a single flow and treat them identically. In essence a virtual circuit identifier

Question 19

IPv6 Payload length

Answer 19

16 bits. The number of bytes following the fixed 40 byte header. Unlike v4, does not include the header in the count

Question 20

IPv6 Next header

Answer 20

8 bits. Like the protocol field in v4, but also allows for v6 optional header fields, if any

Question 21

IPv6 Hop limit

Answer 21

8 bits. The TTL field, renamed to make it clear how it is actually used

Question 22

IPv6 Source and destination addresses

Answer 22

Four times as long as v4 addresses

2128 = 3 × 1038 addresses, enough for an address for every molecule on the surface of the Earth

Question 23

what does fe80::21c:c0ff:fea3:99f4 translate to bitwise

Answer 23

:: means 0s

i. e.
fe80: 0000:0000:0000:21c:c0ff:fea3:99f4
i. e.

1111111010000000
0000000000000000
0000000000000000
0000000000000000
0000001000011100
1100000011111111
1111111010100011
1001100111110100

Question 24

why is IPv6 quicker for routers

Answer 24

no fragmentation, routers are happy, but host is required to do path MTU discovery

Question 25

why has IPv6 got flow

Answer 25

Packets with the same flow label can be treated identically and so sent on faster by a router

Question 26

other differences with IPv4

Answer 26

No header length field: the header is always 40 bytes
No checksum field: there are checksums in other layers and networks are reasonably reliable. The protocol designers thought that yet another checksum would not be helpful here
Also we don’t have to recompute a checksum in every router as the TTL decreases. Again, faster

v4 has 13 fixed fields; v6 has 8; much simpler for a router to process
v6 addresses are 4 times the length, but the header is only twice as long

Question 27

IPv6 fragmentation

Answer 27

Intermediate devices, such as routers and firewalls, cannot fragment a packet, but the source node can fragment packets. As such, end nodes and intermediate nodes must know how to properly handle fragmented packets.

There are two primary concerns when a packet is fragmented in IPv6. First, fragmentation requires the use of the fragmentation extension header. Second, like IPv4, only one fragment will contain the layer 4 header. The remaining fragments of the packet will not contain the layer 4 header

Question 28

how do we switch from 4 to 6

Answer 28

we don’t, By design, the two protocols can run side-by-side on the same networks

Question 29

what is DNS64

Answer 29

DNS64 describes a DNS server that when asked for a domain’s AAAA records, but only finds A records, synthesizes the AAAA records from the A records. The first part of the synthesized IPv6 address points to an IPv6/IPv4 translator and the second part embeds the IPv4 address from the A record. The translator in question is usually a NAT64 server.

Question 30

what is NAT64

Answer 30

NAT64 is a mechanism to allow IPv6 hosts to communicate with IPv4 servers. The NAT64 server is the endpoint for at least one IPv4 address and an IPv6 network segment of 32-bits, e.g., 64:ff9b::/96 (RFC 6052, RFC 6146). The IPv6 client embeds the IPv4 address with which it wishes to communicate using these bits, and sends its packets to the resulting address. The NAT64 server then creates a NAT-mapping between the IPv6 and the IPv4 address, allowing them to communicate.[10]

Question 31

IPv4 mapped addresses, HOW

Answer 31

These addresses hold an embedded global IPv4 address. They are used to represent the addresses of IPv4 nodes as IPv6 addresses to applications that are enabled for IPv6 and are using AF_INET6 sockets. This allows IPv6-enabled applications to always deal with IP addresses in IPv6 format regardless of whether the TCP/IP communications are occurring over IPv4 or IPv6 networks. The dual-mode TCP/IP stack performs the transformation of the IPv4-mapped addresses to and from native IPv4 format. IPv4-mapped addresses have the following format:

First 80 bits are all 0; next 16 bits are FFFF; last 32 bits are the IPv4 address.
For example:
::FFFF:129.144.52.38

Question 32

464XLAT

Answer 32

464XLAT (RFC 6877) allows clients on IPv6-only networks to access IPv4-only Internet services, such as Skype.[12][13]

The client uses a SIIT translator (see above) to convert IPv4 packets (e.g. Skype client software) into IPv6 to send (over an IPv6-only network) to a NAT64 translator (see above) which translates them back into IPv4 to send (over an IPv4-capable network) to an IPv4-only server (e.g. Skype server). The SIIT translator (CLAT) may be implemented on the client itself (as special software) or an intermediate IPv4-capable LAN (but if it had IPv4 Internet connectivity, 464XLAT would not be needed), and the NAT64 translator (PLAT) must be able to reach both the server and the client (through the CLAT). The use of NAT64 limits connections to a client-server model using UDP, TCP, and ICMP.