Insinuator.net – Page 44 – Bold Statements

February 17, 2016 by Enno Rey

Dual Stack vs. IPv6-only in Enterprise Networks

I had the pleasure to sit in Mark Townsley “Addressing Networking Challenges With Latest Innovations in IPv6” session at Cisco Live yesterday and – somewhat inevitably – there was a mention of Facebook having implemented an IPv6-only approach in their data centers (here’s a talk from Paul Saab/FB laying out details). So, with the “IPv6 Panel” looming, I started reflecting on “Why don’t we see this in our customer space?”. This post quickly summarizes some observations and thoughts.

Continue reading “Dual Stack vs. IPv6-only in Enterprise Networks”

Breaking

February 16, 2016 by Daniel Mende

ss7MAPer – A SS7 pen testing toolkit

While running some SS7 pentests last year, I developed a small tool automating some of the well-known SS7 attack cases. Today I’m releasing the first version of ss7MAPer, a SS7 MAP (pen-)testing toolkit.
Continue reading “ss7MAPer – A SS7 pen testing toolkit”

Events

February 16, 2016 by Christopher Werny

Observations from the Cisco Live Europe 2016 Wifi Infrastructure

Good Evening,

Enno and I spent the first day on Cisco Live Europe in Berlin today attending the “Advanced Practical Knowledge for Enterprise Deploying IPv6” technical breakout held by Tim Martin and Jim Bailey. It was a good breakout session, and thanks again Tim for the honorable mention of our work in your slides! We really appreciate it. Like last year, we were curious how the Wifi network was setup this year as I face a corresponding task for Troopers in March, with some major changes in comparison to the last years. Continue reading “Observations from the Cisco Live Europe 2016 Wifi Infrastructure”

Building

February 14, 2016 by Enno Rey

IPv6 Address Planning in 2016 / Observations

Hi,

I’ll be on the “IPv6 Panel” at Cisco Live next week and somewhat in preparation I started thinking about what we currently see when it comes to IPv6 deployment in our customer space. We notably observe a large gap between “textbook planning & transition strategies” and what’s happening in real-life in those organizations. I hence decided to write down some of these observations in a quick series of posts to be published in the upcoming days and, maybe more importantly, to reflect on the reasoning of this apparent mismatch between theory and practice. I dare to add a dose of devil’s advocate here+there…
For today let’s start with some comments on IPv6 address planning.

Continue reading “IPv6 Address Planning in 2016 / Observations”

Events

February 13, 2016 by Christopher Werny

#TR16 IPv6 Security Summit Teaser: Basic IPv6 Attacks & Defenses Workshop

Dear Readers,

It’s me again with another teaser for an upcoming workshop at the IPv6 Security Summit. This one is a classic! If you happen to deploy IPv6 in your environment in the near future, but didn’t had the time to think about the security implications, this workshop is the right place to start. Continue reading “#TR16 IPv6 Security Summit Teaser: Basic IPv6 Attacks & Defenses Workshop”

Events

February 10, 2016 by Christopher Werny

Multiple Address Family OSPFv3

Dear Readers,

today I want to talk about OSPFv3. I won’t cover the glory details of OSPFv3, there are smarter guys than me out there who did that already 😉 and there are great resources to familiarize yourself with the protocol. However, it should be noted that OSPFv3 is not only OSPF for IPv6, OSPFv3 brought some major enhancements compared to OSPFv2. Wouldn’t it be cool to benefit from the enhancements in the IPv4 world as well? Continue reading “Multiple Address Family OSPFv3”

Events

February 9, 2016 by Christopher Werny

#TR16 IPv6 Security Summit Teaser: First-Hop-Security on HP Network Devices

Hello Everybody,

Today I want to give you a little teaser about my upcoming talk at the IPv6 Security Summit about First-Hop-Security on HP devices. In the past I presented on about First-Hop-Security in the Cisco realm and in virtualized environments. Until recently, Cisco was mostly the only vendor who had a sufficient implementation of various IPv6 security features on their access-layer switches, but HP closed the gap considerably and it’s time to have an in-depth look at their implementation of those features.

Continue reading “#TR16 IPv6 Security Summit Teaser: First-Hop-Security on HP Network Devices”

Events

February 8, 2016 by Christopher Werny

#TR16 IPv6 Security Summit Teaser: Building a Reliable and Secure IPv6 WiFi Network

Hi everyone,

some of you may have seen my last blog post about the preparation of the Troopers network. Today I want to give you a little teaser on what to expect for the talk I will present during the IPv6 Security Summit. As the title implies, it’s not only about building a secure IPv6 WiFi, but also a reliable one. One might think that there aren’t many differences in comparison to IPv4, but the heavy reliance on multicast of IPv6 does have implications for Wi-Fi networks in general. Continue reading “#TR16 IPv6 Security Summit Teaser: Building a Reliable and Secure IPv6 WiFi Network”

Events

February 6, 2016 by Christopher Werny

DHCPv6 Option 52 on Cisco DHCPv6 Server

Hi,

I am currently preparing the Troopers network in a lab environment to ensure that we all will have a smooth Wi-Fi experience during Troopers. I wanted to spice things up a little bit for the Wi-Fi deployment (more on that in a following blogpost) and get rid of IPv4 wherever possible. Our Wi-Fi infrastructure consists of typical Cisco Access Points (1602) and a 2504 Wireless LAN Controller. Beginning with WLC image 8.0 it is finally supported to establish the CAPWAP tunnel between the AP and the WLC over IPv6, which is awesome and I wanted to implement it right away. Continue reading “DHCPv6 Option 52 on Cisco DHCPv6 Server”

Breaking

February 3, 2016 by Ahmad Abolhadid

Denial of Service attacks on VoLTE

Some weeks ago Hendrik explained in his blogpost Security Analysis of VoLTE, Part 1 some attack vectors for Voice over LTE (VoLTE). One attack vector introduced was Denial of Service (DoS), which I also discussed in my Masterthesis “Evaluation of IMS security and Developing penetration tests of IMS”.

In general, DoS attacks aim to prevent a system or a network from efficiently providing its service to legitimate users . The impact of such attacks can vary from a big degradation of quality to total blockage. DoS can occur on users level, where a user or a group of users cannot use the service. But the common conception of DoS is on the service level, where the whole service is broken, unstable or totally down. This blog post is about targeting DoS of the whole VoLTE service by attacking IMS.
Continue reading “Denial of Service attacks on VoLTE”