network monitoring
+ Reply to Thread
Results 1 to 7 of 7

Thread: IPV4 VS IPV6

Hybrid View

  1. #1
    Join Date
    Jun 2001
    Posts
    398
    helo all,
    would like to know about this.
    isnt it possible to get through any fire wall by manupulating the ipv4 header frm an intermediate node.i personally beleive it is but if any one has any comments i will be grateful to them.
    security on ipv6 is much better.thank goodness.
    thanx for ur time

  2. #2
    Join Date
    Jun 2001
    Posts
    61

    Question

    Hi - What is IPV4 and 6?

  3. #3
    Join Date
    Jun 2001
    Posts
    398

    Cool IPV4/IPV6

    HI THERE,


    ipv4 is intrnet protocol version 4
    the one which supports *2 bit addressing.
    ipv6 is internet protocol version 6
    its a futuristic protocol and supports *28 bit addressing.ipv6 is already implemented in linux 6 and above.

    for more on ipv4 and ipv6 pls go to
    www.rfc-editor.org and read
    rfc 7** and rfc *88*
    also visit www.6bone.net

  4. #4
    Join Date
    May 2001
    Posts
    121
    Originally posted by DATA
    helo all,
    would like to know about this.
    isnt it possible to get through any fire wall by manupulating the ipv4 header frm an intermediate node.i personally beleive it is but if any one has any comments i will be grateful to them.
    thanx for ur time
    It is possible, and it's called "IP spoofing". However this technique is rather complicated, because once you forge the source IP address in the header by changing it to an address trusted by the firewall, you won't get a reply, because the reply packets will go to the forged IP address. But if you are in control of the intermediate node and can intercept those reply packets, then you're in a much better position.


    security on ipv6 is much better.thank goodness.
    Well, it's hard to tell before IPv6 is scrutinized for some period of time in real-world conditions. One thing that worries me about IPv6 is that IP addresses are supposed to contain a part of your network card's MAC address, which is a major privacy problem.

  5. #5
    Join Date
    Jun 2001
    Posts
    398

    Wink TROJANS

    Originally posted by MrByte
    Originally posted by DATA
    helo all,
    would like to know about this.
    isnt it possible to get through any fire wall by manupulating the ipv4 header frm an intermediate node.i personally beleive it is but if any one has any comments i will be grateful to them.
    thanx for ur time
    It is possible, and it's called "IP spoofing". However this technique is rather complicated, because once you forge the source IP address in the header by changing it to an address trusted by the firewall, you won't get a reply, because the reply packets will go to the forged IP address. But if you are in control of the intermediate node and can intercept those reply packets, then you're in a much better position.


    security on ipv6 is much better.thank goodness.
    Well, it's hard to tell before IPv6 is scrutinized for some period of time in real-world conditions. One thing that worries me about IPv6 is that IP addresses are supposed to contain a part of your network card's MAC address, which is a major privacy problem.

    RELPY TO MR BYTES POST:


    YES, what Mr Byte said is rite,the reply frm the firewall goes to the real destination header.
    but what if i insert a trojan and since if i am spoofing source header the firewall would recognize me.
    and the trojan will take care the rest.
    so even if i dont get the reply frm firewall,i am still able to mess up.
    pls comment
    thank u very much.

  6. #6
    Join Date
    May 2001
    Posts
    121

    Re: TROJANS


    YES, what Mr Byte said is rite,the reply frm the firewall goes to the real destination header.
    but what if i insert a trojan and since if i am spoofing source header the firewall would recognize me.
    and the trojan will take care the rest.
    so even if i dont get the reply frm firewall,i am still able to mess up.
    pls comment
    thank u very much.
    So how are you going to "insert" the trojan? A TCP or UDP packet is just a sequence of bytes. To make a trojan running, one needs to get the target system to download and execute it. I see no easy way to do it.

  7. #7
    Join Date
    Jun 2001
    Posts
    398

    Smile MAC ON IPV6


    There is a s***estion that the last 64 bits should uniquely
    identify a machine. For most interfaces it can be the MAC
    address, though for non-IEEE 802.* interfaces (like a modem)
    one will have to have some other address allocation mechanism.

    But at least as of now, one can not assume uniqueness of the 64 bits,
    and therefore people are free to not use their MAC address. The only
    reason for use of MAC address is ease of address assignment, in fact,
    an address can be assigned without talking to any DHCP server.

    But even on the LAN, even if I assigned myself an address in
    this way, I am not allowed to assume that others will do the same
    thing. So I do have to use Neighbour Discovery to find MAC address
    corresponding to the IP address that I want to send packets to.

    Using MAC address is encouraged for another reason as well.
    (Besides ease of address assignment, as mentioned above.)
    In future, we may be able to separate the identity and the
    network connectivity or routing information. This lack of
    separation in IPv4 is what necessitated Mobile IP protocol.


+ Reply to Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts