07-23-2019 02:20 AM
Hi dear Friends!
Nice to chat with dear Cisco Experts
I’m an Researcher and just published about 6 papers in different International Conferences and my next paper is about Custom routing and I really need some help from Cisco Systems experts. About my challenge in my paper that I described below:
My Question is: Can we drop a packet which has a specific attribute? If yes, how do we can?
The example: We want a router to drop packages that are not read only, In other words, the router only passes packages that have read-only properties and drop other packets.
Really in need to deliver your response,
Solved! Go to Solution.
07-23-2019 02:24 AM
Hello Moein,
can you make a practical example of what you mean with read-only attributes of a packet ?
Just to make clear what you are looking for.
Hope to help
Giuseppe
07-23-2019 11:15 AM
07-23-2019 11:52 AM
Hello Moein,
as explained by Joseph there are very few options at IPv4 level to verify a packet:
A router when routes an IPv4 packet performs two changes to the IPv4 packet header:
the TTL is decremented by 1
the IPv4 header checksum is recalculated as the complement to 1 of the bytes in the header.
In practice TTL field is decremented by 1 and IPv4 header checksum is incremented by 1.
And this all you can do at IPv4 just to check if the IPv4 header checksum is consistent on received packet.
But this checksum does not take in account the payload.
So the only way to provide protection from man in the middle attack is to use the IPSec framework and an IPSec VPN or an SSL VPN with TLS encryption.
IPv6 includes AH and ESP protocols as extension headers in the protocol definition but actually there is little change you still need to use it or SSL to provide a protected communication end to end.
Hope to help
Giuseppe
07-23-2019 02:24 AM
Hello Moein,
can you make a practical example of what you mean with read-only attributes of a packet ?
Just to make clear what you are looking for.
Hope to help
Giuseppe
07-23-2019 07:57 AM
07-23-2019 07:59 AM - edited 07-23-2019 08:05 AM
Yeah,
assume that i want to share some packets over internet (or over a local network in a large company); But we suspect that a hacker may modifies the data we send and then retrieve the manipulated information to the destination instead of the main information; thus we want to make all of our data packets secure by making them read-only(or write-protected) at first in the source system and after that send them to the destination. HERE we want to get help from router to drop those packets which are not read-only(or write-protected) and can be modified Between the path from source to destination.@Giuseppe Larosa
07-23-2019 09:02 AM
07-23-2019 10:09 AM
So, Do you think its not possible to drop a "read only" data packet or data frame?
07-23-2019 11:15 AM
07-23-2019 11:52 AM
Hello Moein,
as explained by Joseph there are very few options at IPv4 level to verify a packet:
A router when routes an IPv4 packet performs two changes to the IPv4 packet header:
the TTL is decremented by 1
the IPv4 header checksum is recalculated as the complement to 1 of the bytes in the header.
In practice TTL field is decremented by 1 and IPv4 header checksum is incremented by 1.
And this all you can do at IPv4 just to check if the IPv4 header checksum is consistent on received packet.
But this checksum does not take in account the payload.
So the only way to provide protection from man in the middle attack is to use the IPSec framework and an IPSec VPN or an SSL VPN with TLS encryption.
IPv6 includes AH and ESP protocols as extension headers in the protocol definition but actually there is little change you still need to use it or SSL to provide a protected communication end to end.
Hope to help
Giuseppe
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide