@inproceedings{9d7758bf6cb44efcbb16135cc5d2c722,
title = "Analyzing network-aware active wardens in IPv6",
abstract = "A crucial security practice is the elimination of network covert channels. Recent research in IPv6 discovered that there exist, at least, 22 different covert channels, suggesting the use of advanced active wardens as an appropriate countermeasure. The described covert channels are particularly harmful not only because of their potential to facilitate deployment of other attacks but also because of the increasing adoption of the protocol without a parallel deployment of corrective technology. We present a pioneer implementation of network-aware active wardens that eliminates the covert channels exploiting the Routing Header and the hop limit field as well as the well-known Short TTL Attack. Networkaware active wardens take advantage of network-topology information to detect and defeat covert protocol behavior. We show, by analyzing their performance over a controlled network environment, that the wardens eliminate a significant percentage of the covert channels and exploits with minimal impact over the end-to-end communications (approximately 3% increase in the packet roundtrip time).",
keywords = "Active mappers, Active wardens, Covert channels, Evasion attacks, Network-aware, Stateful, Stateless, Traffic analysis, Traffic normalizers",
author = "Grzegorz Lewandowski and Lucena, {Norka B.} and Chapin, {Steve J.}",
year = "2007",
doi = "10.1007/978-3-540-74124-4_5",
language = "English (US)",
isbn = "9783540741237",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "58--77",
booktitle = "Information Hiding - 8th International Workshop, IH 2006, Revised Selected Papers",
note = "8th International Workshop on Information Hiding, IH 2006 ; Conference date: 10-06-2006 Through 12-06-2006",
}