Filtering ICMP packets for IPv6 (or ICMPv6, or ICMP6, depending on the texts you read) is somewhat daunting at first. But once you’ve thrown your fears and possibly dogmatic attitude towards ICMP out the window, setting up a reasonable packet filter configuration is actually fairly straightforward.
This video is basically a translated re-run of a presentation I’ve held at the Heise/DE-CIX IPv6 Conference here in Frankfurt (Germany) last year (2014) on special request by Carsten Schmoll of Fraunhofer FOKUS in Berlin (also here in Germany).
The slides are available here.
Table of Contents
00:00:30 Why ICMP is evil, and ICMPv6 is even worse. Or not…
00:01:40 Things to keep in mind when filtering ICMPv6
00:02:50 Limitations of real world packet filters
00:05:10 Why IPv6 is wrongly perceived less secure than the IPv4 we are more familiar with
00:05:50 Finding out about ICMPv6 types and codes
00:07:45 Blacklisting vs. whitelisting
00:09:17 Focusing on what you need
00:09:57 Reordering and grouping ICMPv6 types
00:10:40 Filtering criteria and essential information needed
00:13:30 Understanding the most essential ICMPv6 types