How to utilize NDPMon for better IPv6 monitoring, network visibility

How to utilize NDPMon for better IPv6 monitoring, network visibility

Date: Jan 29, 2013

Achieving true visibility into an enterprise network is always a struggle, and this is certainly the case when monitoring IPv6 networks for malicious Neighbor Discovery Protocol (NDP) activity. NDP provides critical functionality for machines to find routers on an IPv6 network, but it may open the door for potential security issues on IPv6 networks if security teams don't have the necessary monitoring capabilities. To ensure that NDP messages aren't malicious, enterprises can utilize the free and open-source security tool NDP Monitor (NDPMon).

In this month's SearchSecurity.com screencast, Keith Barker, CISSP and trainer for CBT Nuggets, offers a "deep dive" covering some of the most compelling features of NDPMon, including how to initiate learning mode. First, Keith discusses some of the security issues malicious NDP messages on an IPv6 network pose, such as an attacker sending a wrong network prefix or DNS option to a machine. NDPMon can be manually configured to tell which routers on a network are authorized so that alerts are triggered when unauthorized routers are detected. Perhaps the more compelling option is to initiate learning mode, which enables NDPMon to automatically scan a network to build its own baseline of authorized routers. When any unauthorized activity is detected, such as an attacker attempting to spoof an address by poisoning a neighbor cache, an alert is triggered. With an easy setup and a free price tag, NDPMon is an IPv6 monitoring tool that warrants serious consideration.

About CBT Nuggets
CBTNuggetsCBT Nuggets is a computer-based technology company specializing in cutting-edge online IT training. Founded in 1999 by current CEO Dan Charbonneau, CBT Nuggets provides quick, easy and affordable learning by renowned instructors for individuals, small teams and large organizations. CBT Nuggets also offers a wealth of free videos on a variety of IT topics on the CBT Nuggets YouTube video channel.

About Keith Barker
Keith Barker, a trainer for CBT Nuggets, has more than 27 years of IT experience. He is a double CCIE and has been named a Cisco Designated VIP. Keith is also the author of numerous Cisco Press books and articles.

More on Open Source Security Tools and Applications

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: