tailieunhanh - The Teredo Protocol: Tunneling Past Network Security and Other Security Implications

The and files, both found under $VCLOUD _ HOME/etc, are critical files that contain sensitive information. The file contains responses provided by the administrator when running the configuration script. That file contains an encrypted version of the Oracle database password and system KeyStore passwords. Unauthorized access to that file could give an attacker access to the VMware vCloud Director database with the same permissions as the Oracle user specified in the configuration script. The file also contains encrypted credentials that should not be made accessible to users besides the cell administrator. . | SYMANTEC ADVANCED THREAT RESEARC Symantec. The Teredo Protocol Tunneling Past Network Security and Other Security Implications Dr. James Hoagland Principal Security Researcher Symantec Advanced Threat Research Symantec Advanced Threat Research The Teredo Protocol Tunneling Past Network Security and Other Security Implications Contents Overview How Teredo works .7 Teredo components .7 Teredo Teredo Origin data .10 Qualification Secure Bubble packets and creating a NAT Packet relaying and peer setup for non-Teredo peers .14 Finding a relay from IPv6 .14 Ping test and finding a relay from Packet relaying and peer setup for Teredo peers .16 Trusted Required packet filtering .17 Teredo security considerations .18 Security of NAT Teredo s open-ended tunnel . extra security burden on end host .19 Allowed packets .20 Teredo and IPv6 source routing .21 IPv4 ingress filtering bypass .22 Teredo and bot networks .22 Teredo implications on ability to reach a host through a NAT .22 Information revealed to third parties .24 Contents cant d Teredo anti-spoofing measures .24 Peer address Server spoofing .26 Denial of Teredo service .26 Storage-based details .26 Relay DOS .27 Server DOS .27 Scanning Teredo addresses compared with native IPv6 Finding a Teredo address for a Finding any Teredo address for an external IPv4 Finding any Teredo address on the Scanning difficulties compared .30 The effect of Teredo service on worms .30 Attack Getting Teredo components to send packets to third Inducing a client to make external Selecting a relay via source Finding the IPv4 side of an IPv6 node s Teredo Future .