public_v6:teredo
Inhaltsverzeichnis
Teredo
Miredo-Server Konfiguration unter Ubuntu
Zielkonfiguration
Miredo-Server lauscht auf
Interface: eth0
IPv4-Adr: 192.64.0.100 und 192.64.0.101
Installation
Miredo-Server installieren:
$ sudo apt-get install miredo-server
Konfiguration
Die 2. IPv4-Adr. an IF binden:
$ sudo ip -4 addr add 192.64.0.101/24
In der /etc/miredo-server.conf:
ServerBindAddress 192.64.0.100
„On the IPv6 side, no special setting should be needed. The server should simply have a working IPv6 connectivity. It must be allowed to emit ICMPv6 packets with source in range 2001:0::/32 and destination within 2000::/3.“1)
Miredo-Server Starten
$ sudo /etc/init.d/miredo-server start
Links
| Link | Anmerkungen |
|---|---|
| Symantec-Paper | |
| Heise Artikel | Überblick über Protokoll und Konfiguration |
| Miredo | Teredo Implementierung für Linux |
| RFC 4380 - Teredo | RFC-Standard |
| Teredo-Überblick (Microsoft) | |
| Teredo-Troubleshooting (Microsoft) |
http://www.hoggnet.com/Presentations/Microsoft%20IPv6-2007-09-17.pdf
http://yorickdowne.wordpress.com/2008/01/26/ipv6-at-home-part-1-overview-teredo/
http://msdn.microsoft.com/en-us/library/bb968771(VS.85).aspx
http://msdn.microsoft.com/en-us/library/bb190948(v=VS.85).aspx
http://www.brandontek.com/?p=100 - Übersichtliche Darstellung des Adressaufbaus
Snort-Regeln zur Teredo-Erkennung:
Die ersten 2 Byte nach dem UDP-Header haben den Wert 00 01
Nach weiteren 8 Byte 'Origin Indication Header' folgt das IPv6 Paket, erkennbar am Bitmuster des Type Feld (byte_test:1,&,96,0)
policy.rules:alert udp $HOME_NET any -> $EXTERNAL_NET 3544 (msg:"POLICY Outbound Teredo traffic detected"; flow:to_server; content:" |01|"; depth:2; offset:8; byte_test:1,&,96,0; reference:cve,2007-3038; reference:url,www.microsoft.com/technet/security/Bulletin/MS07-038.mspx; classtype:policy-violation; sid:12065; rev:2;) policy.rules:alert udp $EXTERNAL_NET 3544 -> $HOME_NET any (msg:"POLICY Inbound Teredo traffic detected"; flow:to_server; content:" |01|"; depth:2; offset:8; byte_test:1,&,96,0; reference:cve,2007-3038; reference:url,www.microsoft.com/technet/security/Bulletin/MS07-038.mspx; classtype:policy-violation; sid:12066; rev:3;)
policy.rules:alert udp $EXTERNAL_NET 3544 -> $HOME_NET any (msg:"POLICY Inbound Teredo traffic detected"; flow:to_server; content:"?|FE 83 1F|"; depth:4; offset:8; byte_test:1,&,96,0; reference:cve,2007-3038; reference:url,www.microsoft.com/technet/security/Bulletin/MS07-038.mspx; classtype:policy-violation; sid:12068; rev:2;) policy.rules:alert udp $HOME_NET any -> $EXTERNAL_NET 3544 (msg:"POLICY Outbound Teredo traffic detected"; flow:to_server; content:"?|FE 83 1F|"; depth:4; offset:8; byte_test:1,&,96,0; reference:cve,2007-3038; reference:url,www.microsoft.com/technet/security/Bulletin/MS07-038.mspx; classtype:policy-violation; sid:12067; rev:2;)
public_v6/teredo.txt · Zuletzt geändert: 2017/01/24 18:49 von 127.0.0.1