PDA

View Full Version : IPV4 VS IPV6



DATA
06-22-2001, 07:43 AM
helo all,
would like to know about this.
isnt it possible to get through any fire wall by manupulating the ipv4 header frm an intermediate node.i personally beleive it is but if any one has any comments i will be grateful to them.
security on ipv6 is much better.thank goodness.
thanx for ur time :)

johnny
06-22-2001, 09:05 AM
Hi - What is IPV4 and 6?

DATA
06-23-2001, 04:46 AM
HI THERE,


ipv4 is intrnet protocol version 4
the one which supports *2 bit addressing.
ipv6 is internet protocol version 6
its a futuristic protocol and supports *28 bit addressing.ipv6 is already implemented in linux 6 and above.

for more on ipv4 and ipv6 pls go to
www.rfc-editor.org and read
rfc 7** and rfc *88*
also visit www.6bone.net

MrByte
06-23-2001, 09:12 AM
Originally posted by DATA
helo all,
would like to know about this.
isnt it possible to get through any fire wall by manupulating the ipv4 header frm an intermediate node.i personally beleive it is but if any one has any comments i will be grateful to them.
thanx for ur time :)

It is possible, and it's called "IP spoofing". However this technique is rather complicated, because once you forge the source IP address in the header by changing it to an address trusted by the firewall, you won't get a reply, because the reply packets will go to the forged IP address. But if you are in control of the intermediate node and can intercept those reply packets, then you're in a much better position.



security on ipv6 is much better.thank goodness.

Well, it's hard to tell before IPv6 is scrutinized for some period of time in real-world conditions. One thing that worries me about IPv6 is that IP addresses are supposed to contain a part of your network card's MAC address, which is a major privacy problem.

DATA
06-23-2001, 10:13 AM
Originally posted by MrByte

Originally posted by DATA
helo all,
would like to know about this.
isnt it possible to get through any fire wall by manupulating the ipv4 header frm an intermediate node.i personally beleive it is but if any one has any comments i will be grateful to them.
thanx for ur time :)

It is possible, and it's called "IP spoofing". However this technique is rather complicated, because once you forge the source IP address in the header by changing it to an address trusted by the firewall, you won't get a reply, because the reply packets will go to the forged IP address. But if you are in control of the intermediate node and can intercept those reply packets, then you're in a much better position.



security on ipv6 is much better.thank goodness.

Well, it's hard to tell before IPv6 is scrutinized for some period of time in real-world conditions. One thing that worries me about IPv6 is that IP addresses are supposed to contain a part of your network card's MAC address, which is a major privacy problem.


RELPY TO MR BYTES POST:


YES, what Mr Byte said is rite,the reply frm the firewall goes to the real destination header.
but what if i insert a trojan and since if i am spoofing source header the firewall would recognize me.
and the trojan will take care the rest.
so even if i dont get the reply frm firewall,i am still able to mess up.
pls comment
thank u very much.

MrByte
06-23-2001, 12:38 PM
YES, what Mr Byte said is rite,the reply frm the firewall goes to the real destination header.
but what if i insert a trojan and since if i am spoofing source header the firewall would recognize me.
and the trojan will take care the rest.
so even if i dont get the reply frm firewall,i am still able to mess up.
pls comment
thank u very much.

So how are you going to "insert" the trojan? A TCP or UDP packet is just a sequence of bytes. To make a trojan running, one needs to get the target system to download and execute it. I see no easy way to do it.

DATA
06-25-2001, 08:59 AM
There is a s***estion that the last 64 bits should uniquely
identify a machine. For most interfaces it can be the MAC
address, though for non-IEEE 802.* interfaces (like a modem)
one will have to have some other address allocation mechanism.

But at least as of now, one can not assume uniqueness of the 64 bits,
and therefore people are free to not use their MAC address. The only
reason for use of MAC address is ease of address assignment, in fact,
an address can be assigned without talking to any DHCP server.

But even on the LAN, even if I assigned myself an address in
this way, I am not allowed to assume that others will do the same
thing. So I do have to use Neighbour Discovery to find MAC address
corresponding to the IP address that I want to send packets to.

Using MAC address is encouraged for another reason as well.
(Besides ease of address assignment, as mentioned above.)
In future, we may be able to separate the identity and the
network connectivity or routing information. This lack of
separation in IPv4 is what necessitated Mobile IP protocol.