IPv6 Activities


Hyhoneydv6: A hybrid Honeypot Architecture for IPv6 Networks

ad6: Anomaly Detection for Distributed IPv6 Firewalls


Honeydv6: A low-interaction IPv6 honeypot


IPv6 Intrusion Detection System
Cooperation with the Beuth University of Applied Sciences, the EANTC AG and the Strato AG


Migration of MPICH-2 and OpenMPI to IPv6
Cooperation with the University Jena

Distributed Run between University Potsdam and University Jena at IPv6 Summit
The LIDAR-tool calculates microphysical parameters of particles in the atmosphere from LIDAR-measurements. It was developed in cooperation with the Institute of Mathematics. Using MPI-2/IPv6.


High-Performance Computing on top of IPv6: MPICH1/IPv6a


Loaded: IPv6 Server Load Balancer Presentation at CeBIT 2004


IPv6 Showcase
Prof. Kalkbrenner, Prof. Rebensburg, Prof. Schnor

Hyhoneydv6: A hybrid Honeypot Architecture for IPv6 Networks

Hyhoneydv6 was designed to efficiently allow the deployment of high-interaction honeypots in IPv6 networks. The hybrid framework includes a combination of low- and virtual machine-based high-interaction honeypots. Low-interaction honeypots in the Hyhoneydv6 architecture process network scans and attacks to less complex network services. High-interaction honeypots focus on the processing of attacks to complex and proprietary network services. The Hyhoneydv6 architecture includes a newly developed proxy mechanism which allows to transparently forward attackers from low- to high-interaction honeypots.

overall architecture
Fig.1: Overall Architecture

detailed architecture
Fig.2: Detailed Architecture


Hyhoneydv6: A hybrid Honeypot Architecture for IPv6 Networks
Sven Schindler, Bettina Schnor and Thomas Scheffler
International Journal of Intelligent Computing Research (IJICR)
December 2015

Taming the IPv6 Address Space with Hyhoneydv6
Sven Schindler, Bettina Schnor and Thomas Scheffler
World Congress on Internet Security (WorldCIS)
Dublin, Ireland, October 2015

ad6: Anomaly Detection for Distributed IPv6 Firewalls

Concerning the design of a security architecture, Firewalls play a central role to secure computer networks. Facing the migration of IPv4 to IPv6, the setup of capable firewalls and network infrastructures will be necessary. The semantic differences between IPv4 and IPv6 make misconfigurations possible that may cause a lower performance or even security problems. For example, a cycle in a firewall configuration allows an attacker to craft network packets that may result in a Denial of Service. This paper investigates model checking techniques for automated policy anomaly detection. It shows that with a few adoptions existing approaches can be extended to support the IPv6 protocol with its specialities like the tremendously larger address space or extension headers. The performance is evaluated empirically by measurements with our prototype implementation.


Anomaly Detection for Distributed IPv6 Firewalls
Claas Lorenz and Bettina Schnor
12th International Conference on Security and Cryptography (SECRYPT)
Colmar, France, July 2015

IPv6 network attack detection with Honeydv6

Honeydv6 is a low-interaction honeypot which is able to simulate entire IPv6 networks to efficiently observe i network scan approaches and assaults. It extends the well-known low-interaction honeypot solution Honeyd with a custom IPv6 stack and a new dynamic honeypot instantiation mechanism. The utilisation of a custom network stack implementation allows Honeydv6 to simulate multiple hosts with different IPv6 addresses on a single host and to observe even low-level IPv6 attacks, such as assaults to the IPv6 fragmentation mechanism. The dynamic instantiation mechanism spawns new low-interaction honeypots on-demand based on attackers' destinations. This approach allows Honeydv6 to cover large IPv6 address spaces and to respond to attacks that target arbitrary IPv6 address ranges.


IPv6 network attack detection with Honeydv6
Sven Schindler, Bettina Schnor, Simon Kiertscher, Thomas Scheffler and Eldad Zack
Communications in Computer and Information Science (CCIS), ISBN: 978-3-662-44787-1
Springer Press, August 2014

Honeydv6: A low-interaction IPv6 honeypot
Sven Schindler, Bettina Schnor, Simon Kiertscher, Thomas Scheffler and Eldad Zack
10th International Conference on Security and Cryptography (SECRYPT)
Reykjav├Čk, Iceland, July 2013

IPv6 Server Load Balancer

slb scenario
Fig.1: Server Load Balancing Scenario

Web traffic is currently one of the most important applications in the Internet. The increasing popularity of dynamically generated content on the World Wide Web, has created the need for fast web servers. Server clustering together with server load balancing has emerged as a promising technique to build scalable web servers. We developed and evaluated Loaded, a userspace server load balancer for IPv4 and IPv6 based on Linux.

Loaded was presented at the CeBIT 2004.

loaded architecture
Fig.2: Loaded Architecture

Grid Computing over IPv6

Problem: private cluster addresses

grid architecture
Fig.1: Grid Architecture

The Message Passing Interface (MPI) is a standard specification for message-passing libraries. It is the most widely used message passing library for parallel applications on compute clusters. It has become a de facto standard for high-performance parallel applications and is supported on a wide range of architectures, starting from clusters of PCs up to shared memory and vector machines. Various groups from industry and academia are working on MPI implementations. Several freely available implementations exist and, further, so called vendor MPI implementations exist, which are tuned for special hardware. We investigated how MPI can be implemented easily on top of an IPv6 network.

mpich layers
Fig.2: Mpich Layers

But why is there a need to enable these new MPI-2 implementations to support IPv6? The motivation is given by the Grid computing trend where several different compute sites are used to run parallel applications. For example, a user may want to run his applications distributed over different medium sized compute clusters within a university campus. The typical situation then is that the nodes within a cluster have private IP addresses, which makes inter-cluster communication impossible.

We propose to make use of IPv6 because the available solutions for IPv4 impose some performance penalties. Virtual private networks (VPN) require a lot of administration efforts. Special purpose deamons on the head node of each cluster (like PACX) have to handle the communication of all compute nodes of its cluster.

In cooperation with the University Jena, we developed IPv6 enabled MPI versions for the both most popular implementations: MPICH2 and OpenMPI. Measurements of the implementations show that both MPI/IPv6 implementations have similar performance compared to their IPv4 versions.

mpich througput
Fig.3: Mpich Througput

IPv6 Showcase

Prof. Kalkbrenner, Prof. Rebensburg, Prof Schnor

The Institute of Informatics at the University of Potsdam initiated together with T-Systems and other partners from industry and research the project "IPv6 Showcase" in 2002. The goal was to evaluate whether IPv6 was already in a status where it could be used in practice. The appointed IPv6 lab at the institute allowed measurements of performance and conformity. The project identified problems with the deployment of IPv6 and has developed various solutions. Moreover, the project has been providing various implementations of IPv6-based applications.