User Tools

Site Tools


en:hacking:network:protocols:ipv6
 
 

Internet Protocol IPv6

Internet Protocol (IP) provides support at the network layer of the OSI model. IP provides for:

  • Addressing
  • Type of service specification
  • Fragmentation and re-assembly
  • Security

All transport protocol data packets such as UDP or TCP packets are encapsulated in IP data packets to be carried from one host to another. IP is a connection-less unreliable service, meaning there is no guarantee that the data will reach the intended host. The datagrams may be damaged upon arrival, out of order, or not arrive at all. IP is defined by rfc791. Therefore the layers above IP such as TCP are responsible for being sure correct data is delivered.

The IPv6 header is a streamlined version of the IPv4 header. It eliminates fields that are unneeded or rarely used and adds fields that provide better support for real-time traffic.

Version 4 bits The IP protocol version, currently 4 (0100) or 6 (0110).
Traffic Class 8 bits Similar to ToS (Type of Service) field in IPv4 . Indicates class or priority of packet. Only 4-bits are being used (and remaining bits are under research), in which 0 to 7 are assigned to Congestion controlled traffic and 8 to 15 are assigned to Uncontrolled traffic (used for Audio/Video data).
Flow Label 20 bits Used to label the packets belonging to the same flow in order to request special handling by intermediate IPv6 routers, such as non-default quality of service or real time service. For routers that do not support the functionality of flow label field and for default router handling, flow label field is set to 0. While setting up the flow label, source is also supposed to specify the lifetime of flow.
Payload Length 16 bits Similar to IPv4 Length field. Unsigned integer, total size of the payload, includes extension headers (if any) and upper layer packet. In case length of payload is greater than 65,535 bytes, then the payload length field will be set to 0 and jumbo payload option is used in the Hop-by-Hop options extension header.
Next Header 8 bits Similar to IPv4 Protocol field. Type of extension header (if present) immediately following the IPv6 header. Can also indicate the protocols contained within upper-layer packet, such as TCP, UDP.
Hop Limit 8 bits Same as TTL in IPv4.
Source Address 128 bits The IPv6 address of the original source of the packet.
Destination Address 128 bits The IPv6 address of the final destination.

Extension headers

Extension headers are an intrinsic part of the IPv6 protocol and they support some basic functions and certain services:

  • Hop-by-Hop is used for the support of Jumbo-grams or Multicast Listener Discovery (MLD).
  • Destination is used in IPv6 Mobility and support of certain applications.
  • Routing is used in IPv6 Mobility and in Source Routing. (disable “IPv6 source routing” on routers to protect against DDoS).
  • Fragmentation is critical in support of communication using fragmented packets. In IPv6, the traffic source must do fragmentation while routers do not perform fragmentation of the packets they forward. Note: fragmentation can be used to evade network security controls. As a result, it is now required that the first fragment of an IPv6 packet contains the entire IPv6 header chain.
  • Mobility is used in support of Mobile IPv6 service
  • Authentication is similar to the IPv4 authentication header (rfc2402).
  • Encapsulating Security Payload (ESP) is similar in format and use to the IPv4 ESP header (rfc2406). All information following the Encapsulating Security Header (ESH) is encrypted. It is inaccessible to intermediary network devices and can be followed by an additional Destination Options extension header and the upper layer datagram.

Known vulnerabilities

  • Routing Header Type 0 attacks (old Cisco routers)
  • Quad A queries can indicate which nodes on a network are IPv6-enabled (IPv6-enabled machines but not IPv6 enabled)
  • Rogue router advertisements for IPv6 (can be used for denial-of-service or man-in-the-middle attacks)

Resources

en/hacking/network/protocols/ipv6.txt · Last modified: 2020/07/13 06:59 by Digital Dot