Network Address Translation: Extending the Internet Address Space

2010 ◽  
Vol 14 (4) ◽  
pp. 66-70 ◽  
Author(s):  
Dan Wing
Keyword(s):  
The Internet ◽  
Address Space ◽  
Network Address Translation ◽  
Internet Address ◽  
Address Translation

A White Hat Study of a Nation's Publicly Accessible Critical Digital Infrastructure and a Way Forward

2020 ◽  
pp. 1672-1685
Author(s):  
Timo Kiravuo ◽  
Seppo Tiilikainen ◽  
Mikko Särelä ◽  
Jukka Manner
Keyword(s):  
Control Systems ◽  
Critical Infrastructure ◽  
The Internet ◽  
Address Space ◽  
Government Officials ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Playing Field ◽  
Internet Address ◽  
Nation States

The developed society depends on many critical infrastructure processes, such as power generation, water treatment, many types of manufacturing, and smart buildings. These processes need control and the automation industry has embraced the Internet to connect all these controls. However, the controlling devices thus opened to the world do not always have adequate safeguards to withstand malicious users. Many automation systems have default passwords or known and unknown backdoors. Also, often those systems are not updated to close security weaknesses found after original installation. The authors argue that while the industry is familiar with the notion of safety of equipment and processes, it has not focused enough on IT security. Several years ago the Shodan search engine showed how easy it is to find these control devices on the Internet. The authors followed this research line further by targeting one nation's IP address space with Shodan and found thousands of control systems, many of which represent models and versions with known vulnerabilities. Their first contribution is presenting these findings and analyzing their significance. Their study started in 2012 and the most recent results are from the end of 2015. To gain further knowledge, they have built a prototype scanner capable of finding industrial control systems. This lets the authors evaluate the possibility of performing routine scans to gauge the vulnerability of a nation. Their second contribution is to present a template for a national Internet scanning program. The authors discuss the technology, performance, and legality of such a program. Based on their findings and analysis they argue that nations should continuously monitor their own Internet address space for vulnerabilities. The authors' findings indicate that the current level of vulnerabilities is significant and unacceptable. Scanning a nation's critical infrastructure can be done in minutes, allowing them to keep a tight control of vulnerabilities. Yet, in addition, the authors need to extend current legislation and the rights of government officials to bring more security in national critical infrastructures; this discussion is their third contribution. The cyber-space has become a playing field for criminals, terrorists and nation states, all of which may have a motive to disrupt the daily life of a nation, and currently causing such disruptions is too easy.

scholarly journals NAT++: An Efficient Micro-NAT Architecture for Solving IP-Spoofing Attacks in a Corporate Network

Electronics ◽  
2020 ◽  
Vol 9 (9) ◽  
pp. 1510 ◽  
Author(s):  
Prakash Veeraraghavan ◽  
Dalal Hanna ◽  
Eric Pardede
Keyword(s):  
Internet Protocol ◽  
The Internet ◽  
Network Address Translation ◽  
Ip Address ◽  
Address Translation ◽  
Corporate Network ◽  
Ip Spoofing ◽  
Simulation Results ◽  
Ip Packet

The Internet Protocol (IP) version 4 (IPv4) has several known vulnerabilities. One of the important vulnerabilities is that the protocol does not validate the correctness of the source address carried in an IP packet. Users with malicious intentions may take advantage of this vulnerability and launch various attacks against a target host or a network. These attacks are popularly known as IP Address Spoofing attacks. One of the classical IP-spoofing attacks that cost several million dollars worldwide is the DNS-amplification attack. Currently, the availability of solutions is limited, proprietary, expensive, and requires expertise. The Internet is subjected to several other forms of amplification attacks happening every day. Even though IP-Spoofing is one of the well-researched areas since 2005, there is no holistic solution available to solve this problem from the gross-root. Also, every solution assumes that the attackers are always from outside networks. In this paper, we provide an efficient and scalable solution to solve the IP-Spoofing problem that arises from malicious or compromised inside hosts. We use a modified form of Network Address Translation (NAT) to build our solution framework. We call our framework as NAT++. The proposed infrastructure is robust, crypto-free, and easy to implement. Our simulation results have shown that the proposed NAT++ infrastructure does not consume more than the resources required by a simple NAT.

scholarly journals Performance Analysis for Wireless Networks: An Analytical Approach by Multifarious Sym Teredo

2014 ◽  
Vol 2014 ◽  
pp. 1-8 ◽  
Author(s):  
D. Shalini Punithavathani ◽  
Sheryl Radley
Keyword(s):  
Wireless Networks ◽  
Performance Analysis ◽  
Analytical Approach ◽  
The Internet ◽  
Network Address Translation ◽  
Backward Compatibility ◽  
Address Translation ◽  
Ipv6 Transition ◽  
The World ◽  
Dual Stack

IPv4-IPv6 transition rolls out numerous challenges to the world of Internet as the Internet is drifting from IPv4 to IPv6. IETF recommends few transition techniques which includes dual stack and translation and tunneling. By means of tunneling the IPv6 packets over IPv4 UDP, Teredo maintains IPv4/IPv6 dual stack node in isolated IPv4 networks behindhand network address translation (NAT). However, the proposed tunneling protocol works with the symmetric and asymmetric NATs. In order to make a Teredo support several symmetric NATs along with several asymmetric NATs, we propose multifarious Sym Teredo (MTS), which is an extension of Teredo with a capability of navigating through several symmetric NATs. The work preserves the Teredo architecture and also offers a backward compatibility with the original Teredo protocol.

Domain Name System during the Transition from IPv4 to IPv6

2014 ◽  
Vol 687-691 ◽  
pp. 1912-1915
Author(s):  
Hong Cheng Tian ◽  
Hong Wang ◽  
Jin Kui Ma
Keyword(s):  
Transition Period ◽  
Functional Unit ◽  
Transition Phase ◽  
The Internet ◽  
Domain Name System ◽  
Domain Name ◽  
Network Address Translation ◽  
Address Translation ◽  
Operating Process ◽  
Long Time

IPv4 and IPv6 will coexist for a long time, due to ISPes’ inertia in the transition from IPv4 to IPv6. Domain Name System (DNS) is a very important functional unit in the Internet. This paper describres the hierarchy and operating process of IPv6 DNS, IPv6 DNS resolver, and presents the DNS transition from IPv4 to IPv6 in particular. We suggest two methods to implement DNS service during the transition period: DNS-Application Level Gateway (DNS-ALG) with Network Address Translation-Protocol Translation (NAT-PT), and dual stacks. And we also propose their respective operational principles. This paper is of valuable reference for network engineers to construct DNS in the transition phase.

A White Hat Study of a Nation's Publicly Accessible Critical Digital Infrastructure and a Way Forward

2016 ◽  
Vol 6 (1) ◽  
pp. 41-52
Author(s):  
Timo Kiravuo ◽  
Seppo Tiilikainen ◽  
Mikko Särelä ◽  
Jukka Manner
Keyword(s):  
Control Systems ◽  
Critical Infrastructure ◽  
The Internet ◽  
Address Space ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Playing Field ◽  
Internet Address ◽  
Nation States ◽  
Automation Systems

The developed society depends on many critical infrastructure processes, such as power generation, water treatment, many types of manufacturing, and smart buildings. These processes need control and the automation industry has embraced the Internet to connect all these controls. However, the controlling devices thus opened to the world do not always have adequate safeguards to withstand malicious users. Many automation systems have default passwords or known and unknown backdoors. Also, often those systems are not updated to close security weaknesses found after original installation. The authors argue that while the industry is familiar with the notion of safety of equipment and processes, it has not focused enough on IT security. Several years ago the Shodan search engine showed how easy it is to find these control devices on the Internet. The authors followed this research line further by targeting one nation's IP address space with Shodan and found thousands of control systems, many of which represent models and versions with known vulnerabilities. Their first contribution is presenting these findings and analyzing their significance. Their study started in 2012 and the most recent results are from the end of 2015. To gain further knowledge, they have built a prototype scanner capable of finding industrial control systems. This lets the authors evaluate the possibility of performing routine scans to gauge the vulnerability of a nation. Their second contribution is to present a template for a national Internet scanning program. The authors discuss the technology, performance, and legality of such a program. Based on their findings and analysis they argue that nations should continuously monitor their own Internet address space for vulnerabilities. The authors' findings indicate that the current level of vulnerabilities is significant and unacceptable. Scanning a nation's critical infrastructure can be done in minutes, allowing them to keep a tight control of vulnerabilities. Yet, in addition, the authors need to extend current legislation and the rights of government officials to bring more security in national critical infrastructures; this discussion is their third contribution. The cyber-space has become a playing field for criminals, terrorists and nation states, all of which may have a motive to disrupt the daily life of a nation, and currently causing such disruptions is too easy.

The hidden standards war: economic factors affecting IPv6 deployment

2020 ◽  
Vol 22 (4) ◽  
pp. 333-361
Author(s):  
Brenden Kuerbis ◽  
Milton Mueller
Keyword(s):  
Mobile Networks ◽  
Network Effects ◽  
Internet Protocol ◽  
The Internet ◽  
Economic Factors ◽  
Foreseeable Future ◽  
Address Space ◽  
Content Type ◽  
Factors Affecting ◽  
Address Translation

Purpose The data communications protocol supporting the internet protocol version 4 (IPv4) is almost 40 years old, and its 32-bit address space is too small for the internet. A “next-generation” internet protocol version 6 (IPv6), has a much larger, 128-bit address space. However, IPv6 is not backward compatible with the existing internet. For 20 years, the internet technical community has attempted to migrate the entire internet to the new standard. This study aims to address important but overlooked questions about the internet’s technical evolution: will the world converge on IPv6? Will IPv6 die out? or will we live in a mixed world for the foreseeable future? Design/methodology/approach The research offers an economically-grounded study of IPv6’s progress and prospects. Many promoters of IPv6 sincerely believe that the new standard must succeed if the internet is to grow, and assume that the transition is inevitable because of the presumed depletion of the IPv4 address resources. However, by examining the associated network effects, developing the economic parameters for transition, and modeling the underlying economic forces, which impact network operator decisions, the study paints a more complex, nuanced picture. Findings The report concludes that legacy IPv4 will coexist with IPv6 indefinitely. IPv6 is unlikely to become an orphan. For some network operators that need to grow, particularly mobile networks where the software and hardware ecosystem is mostly converted, IPv6 deployment can make economic sense. However, the lack of backward compatibility with non-deployers eliminates many network effects that would create pressure to convert to IPv6. A variety of conversion technologies, and more efficient use of IPv4 addresses using network address translation, will support a “mixed world” of the two standards for the foreseeable future. Originality/value The authors’ conceptualization and observations provide a clearer understanding of the economic factors affecting the transition to IPv6.

Network Security and Firewall Technology

2011 ◽  
Vol 2 (2) ◽  
pp. 40-60
Author(s):  
Afolayan A. Obiniyi ◽  
Ezugwu E. Absalom ◽  
Mohammed Dikko
Keyword(s):  
Signal Strength ◽  
The Internet ◽  
Network Address Translation ◽  
Packet Filtering ◽  
Corporate Networks ◽  
The Public ◽  
Computer Center ◽  
Address Translation ◽  
Corporate Network ◽  
Key Features

With the explosion of the public Internet, corporate networks connected to the Internet, if not adequately secured, are vulnerable to damaging attacks. Hackers, viruses, worms, Trojan horses, and spyware try to invade privacy. This research examines how these threats affect the corporate network and ways to reduce them. MikroTik routerOS was configured as the router to examine these threats. Network Address Translation and packet filtering where the key features configured to make the network hidden for unauthorized users and filter unwanted traffics that might reflect malicious acts. The configuration and test were carried out at Iya Abubakar Computer Center, Ahamdu Bello University, Zaria, Nigeria. At the onset, the targeted network was full of virus, worms, Trojan horses, spyware, and vulnerable to unauthorized users. The signal strength of the network was usually very poor due to the effect from the threats affecting the bandwidth. The firewall was configured to filter out inherently dangerous services, exposing the network to fewer risks. After the research, the performance and efficiency of the network was improved tremendously.

Sign in / Sign up

Export Citation Format

Share Document