Transient Addressing for Related Processes: Improved Firewalling by Using IPV6 and Multiple Addresses per Host
نویسندگان
چکیده
Traditionally, hosts have tended to assign relatively few network addresses to an interface for extended periods. Encouraged by the new abundance of addressing possibilities provided by IPv6, we propose a new method, called Transient Addressing for Related Processes (TARP), whereby hosts temporarily employ and subsequently discard IPv6 addresses in servicing a client host’s network requests. The method provides certain security advantages and neatly finesses some wellknown firewall problems caused by dynamic port negotiation used in a variety of application protocols. A prototype implementation exists as a small set of kame/BSD kernel enhancements and allows socket programmers and applications nearly transparent access to TARP addressing’s advantages.
منابع مشابه
Global Mobile IPv6 Addressing Using Transition Mechanisms
The adoption of the Internet Protocol in mobile and wireless technologies has considerably increased the number of hosts that can potentially access the global Internet. IPv6 is considered the long term solution for the IPv4 address shortage problem, but the transition from IPv4 to IPv6 is supposed to be very gradual. Therefore, there will be a long time during which both protocol versions will...
متن کاملINTERNET - DRAFT IPv 6 Addressing Architecture July 1997
This specification defines the addressing architecture of the IP Version 6 protocol [IPV6]. The document includes the IPv6 addressing model, text representations of IPv6 addresses, definition of IPv6 unicast addresses, anycast addresses, and multicast addresses, and an IPv6 node’s required addresses. draft-ietf-ipngwg-addr-arch-v2-02.txt [Page 1] INTERNET-DRAFT IPv6 Addressing Architecture July...
متن کاملHost Identity Protocol: Achieving IPv4 IPv6 handovers without tunneling
In the current Internet, hosts are identified using IP addresses that depend on their topological location. In other words, the IP addresses are semantically overloaded since they identify both hosts and topological locations. The Host Identity Protocol (HIP) introduces a way of separating the location and host identity information. It introduces a new namespace, cryptographic in nature, for ho...
متن کاملNGTRANS Working Group
This document specifies the Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) that connects IPv6 hosts and routers (nodes) within IPv4 sites. ISATAP is a transition mechanism that enables incremental deployment of IPv6 by treating the site’s IPv4 infrastructure as a Non-Broadcast Multiple Access (NBMA) link layer for IPv6. ISATAP mechanisms use an IPv6 interface identifier format that em...
متن کامل[Proceeding] ALEX: Improving SIP Support in Systems with Multiple Network Addresses
The successful and increasingly adopted Session initiation Protocol (SIP) does not adequately support hosts with multiple network addresses, such as dual-stack (IPv4-IPv6) or IPv6 multi-homed devices. This paper presents the Address List EXtension (ALEX) to SIP that adds effective support to systems with multiple addresses, such as dual-stack hosts or multi-homed IPv6 hosts. ALEX enables IPv6 t...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2001