taming the ipv6 address space with hyhoneydv6 · 2015. 11. 26. · in in proceedings of the 13th...
TRANSCRIPT
![Page 1: Taming the IPv6 Address Space with Hyhoneydv6 · 2015. 11. 26. · In In Proceedings of the 13th USENIX Security Symposium, pages 15–28, 2004. [6] Johanna Ullrich and Katharina](https://reader035.vdocument.in/reader035/viewer/2022081614/5fcb61c839fc2d375146450f/html5/thumbnails/1.jpg)
Taming the IPv6 Address Space with Hyhoneydv6
Sven Schindler
Potsdam UniversityInstitute for Computer Science
Operating Systems and Distributed Systems
WorldCIS-2015, Dublin, October, 2015
![Page 2: Taming the IPv6 Address Space with Hyhoneydv6 · 2015. 11. 26. · In In Proceedings of the 13th USENIX Security Symposium, pages 15–28, 2004. [6] Johanna Ullrich and Katharina](https://reader035.vdocument.in/reader035/viewer/2022081614/5fcb61c839fc2d375146450f/html5/thumbnails/2.jpg)
Outline
1 Introduction
2 Results from a /34 Darknet Experiment
3 Hyhoneydv6: Requirements, Architecture and Features
4 Performance Measurements
5 Conclusion and Future Work
Sven Schindler (Potsdam University) Taming the IPv6 Address Space with Hyhoneydv6 Frame 2 of 28
![Page 3: Taming the IPv6 Address Space with Hyhoneydv6 · 2015. 11. 26. · In In Proceedings of the 13th USENIX Security Symposium, pages 15–28, 2004. [6] Johanna Ullrich and Katharina](https://reader035.vdocument.in/reader035/viewer/2022081614/5fcb61c839fc2d375146450f/html5/thumbnails/3.jpg)
Introduction
IPv6 is not fictional!
IPv6 traffic growth of more than 100 percent over a single year1
Some countries measure 33 percent IPv6 traffic
1http://www.google.com/intl/en/ipv6/statistics.htmlSven Schindler (Potsdam University) Taming the IPv6 Address Space with Hyhoneydv6 Frame 3 of 28
![Page 4: Taming the IPv6 Address Space with Hyhoneydv6 · 2015. 11. 26. · In In Proceedings of the 13th USENIX Security Symposium, pages 15–28, 2004. [6] Johanna Ullrich and Katharina](https://reader035.vdocument.in/reader035/viewer/2022081614/5fcb61c839fc2d375146450f/html5/thumbnails/4.jpg)
Introduction
Are there any IPv6 Attacks yet?
Ullrich et al. [6] present an overview over IPv6 attacks
Encounter same threats as in IPv4
New threats through IPv6 design and IPv4/IPv6 transition mechanisms
THC-IPv62 or SI6 IPv6 Toolkit3 exploit IPv6 vulnerabilities
2https://www.thc.org/thc-ipv6/3http://www.si6networks.com/tools/ipv6toolkit/
Sven Schindler (Potsdam University) Taming the IPv6 Address Space with Hyhoneydv6 Frame 4 of 28
![Page 5: Taming the IPv6 Address Space with Hyhoneydv6 · 2015. 11. 26. · In In Proceedings of the 13th USENIX Security Symposium, pages 15–28, 2004. [6] Johanna Ullrich and Katharina](https://reader035.vdocument.in/reader035/viewer/2022081614/5fcb61c839fc2d375146450f/html5/thumbnails/5.jpg)
Introduction
Facing Attacks with Honyepots
Honeypots interact with attacker and allow us to analyse attacksLow-interaction: service stubs or simulated servicesHigh-interaction: authentic network servicesHybrid: combination of low- and high-interaction honeypot
Two major low-interaction IPv6 honeypot projectsDionaea - specialised in SIP and SMBHoneydv6 - based on Honeyd4, developed at the University of Potsdam
No high-interaction honeypot solution with focus on IPv6 available
4http://www.honeyd.orgSven Schindler (Potsdam University) Taming the IPv6 Address Space with Hyhoneydv6 Frame 5 of 28
![Page 6: Taming the IPv6 Address Space with Hyhoneydv6 · 2015. 11. 26. · In In Proceedings of the 13th USENIX Security Symposium, pages 15–28, 2004. [6] Johanna Ullrich and Katharina](https://reader035.vdocument.in/reader035/viewer/2022081614/5fcb61c839fc2d375146450f/html5/thumbnails/6.jpg)
Results from a /34 Darknet Experiment
Outline
1 Introduction
2 Results from a /34 Darknet Experiment
3 Hyhoneydv6: Requirements, Architecture and Features
4 Performance Measurements
5 Conclusion and Future Work
Sven Schindler (Potsdam University) Taming the IPv6 Address Space with Hyhoneydv6 Frame 6 of 28
![Page 7: Taming the IPv6 Address Space with Hyhoneydv6 · 2015. 11. 26. · In In Proceedings of the 13th USENIX Security Symposium, pages 15–28, 2004. [6] Johanna Ullrich and Katharina](https://reader035.vdocument.in/reader035/viewer/2022081614/5fcb61c839fc2d375146450f/html5/thumbnails/7.jpg)
Results from a /34 Darknet Experiment
Results from a Darknet Experiment
New and sophisticated scanning approaches?
15-months observation of an unused /34 address space
Chance that a packet targets the darknet 1 : 17,179,869,184
Only one in about 6⇤1023 addresses in our /34 network contacted
Observed wide-range networks scans
Mainly two scan patterns: linear and apparently random
Total Packets 255,840
ICMPv6 224,010 87.56%TCP 31,604 12.35%UDP 226 0.09%
Sven Schindler (Potsdam University) Taming the IPv6 Address Space with Hyhoneydv6 Frame 7 of 28
![Page 8: Taming the IPv6 Address Space with Hyhoneydv6 · 2015. 11. 26. · In In Proceedings of the 13th USENIX Security Symposium, pages 15–28, 2004. [6] Johanna Ullrich and Katharina](https://reader035.vdocument.in/reader035/viewer/2022081614/5fcb61c839fc2d375146450f/html5/thumbnails/8.jpg)
Results from a /34 Darknet Experiment
Scanning Pattern I
��������������
��������������
��������������
��������������
��������������
�� ��� ���� ���� ���� ���� ����
��������������������������������
���
�������������
��������������������������������
��������������������������������������
�� ����� ����� ����� ����� ������ ������ ������ ��������������������������������������
���
�������������
Sven Schindler (Potsdam University) Taming the IPv6 Address Space with Hyhoneydv6 Frame 8 of 28
![Page 9: Taming the IPv6 Address Space with Hyhoneydv6 · 2015. 11. 26. · In In Proceedings of the 13th USENIX Security Symposium, pages 15–28, 2004. [6] Johanna Ullrich and Katharina](https://reader035.vdocument.in/reader035/viewer/2022081614/5fcb61c839fc2d375146450f/html5/thumbnails/9.jpg)
Results from a /34 Darknet Experiment
Scanning Pattern II
��
������
������
������
������
������
������
������
������
������
�� �� ��� ��� ��� ��� ��� ��� ��� ���
��������������������������������
���
�������������
��������������������������������
��������������������������������������
�� ����� ����� ����� ����� ����� ����� ����� �����
��������������������������������
���
�������������
Sven Schindler (Potsdam University) Taming the IPv6 Address Space with Hyhoneydv6 Frame 9 of 28
![Page 10: Taming the IPv6 Address Space with Hyhoneydv6 · 2015. 11. 26. · In In Proceedings of the 13th USENIX Security Symposium, pages 15–28, 2004. [6] Johanna Ullrich and Katharina](https://reader035.vdocument.in/reader035/viewer/2022081614/5fcb61c839fc2d375146450f/html5/thumbnails/10.jpg)
Hyhoneydv6: Requirements, Architecture and Features
Outline
1 Introduction
2 Results from a /34 Darknet Experiment
3 Hyhoneydv6: Requirements, Architecture and Features
4 Performance Measurements
5 Conclusion and Future Work
Sven Schindler (Potsdam University) Taming the IPv6 Address Space with Hyhoneydv6 Frame 10 of 28
![Page 11: Taming the IPv6 Address Space with Hyhoneydv6 · 2015. 11. 26. · In In Proceedings of the 13th USENIX Security Symposium, pages 15–28, 2004. [6] Johanna Ullrich and Katharina](https://reader035.vdocument.in/reader035/viewer/2022081614/5fcb61c839fc2d375146450f/html5/thumbnails/11.jpg)
Hyhoneydv6: Requirements, Architecture and Features
IPv6 Honeypot Requirements
Genuine service emluation
No service stubsProvide protocols with encryption
IPv6 address space coverage
Brute force of IPv6 address space impossible [3]Dynamic honeypot instantiation as provided by Honeydv6
Price/Performance
Require few machinesNo cloud-based solutions
Sven Schindler (Potsdam University) Taming the IPv6 Address Space with Hyhoneydv6 Frame 11 of 28
![Page 12: Taming the IPv6 Address Space with Hyhoneydv6 · 2015. 11. 26. · In In Proceedings of the 13th USENIX Security Symposium, pages 15–28, 2004. [6] Johanna Ullrich and Katharina](https://reader035.vdocument.in/reader035/viewer/2022081614/5fcb61c839fc2d375146450f/html5/thumbnails/12.jpg)
Hyhoneydv6: Requirements, Architecture and Features
IPv6 Honeypot Requirements
Genuine service emluation
No service stubsProvide protocols with encryption
IPv6 address space coverage
Brute force of IPv6 address space impossible [3]Dynamic honeypot instantiation as provided by Honeydv6
Price/Performance
Require few machinesNo cloud-based solutions
Sven Schindler (Potsdam University) Taming the IPv6 Address Space with Hyhoneydv6 Frame 11 of 28
![Page 13: Taming the IPv6 Address Space with Hyhoneydv6 · 2015. 11. 26. · In In Proceedings of the 13th USENIX Security Symposium, pages 15–28, 2004. [6] Johanna Ullrich and Katharina](https://reader035.vdocument.in/reader035/viewer/2022081614/5fcb61c839fc2d375146450f/html5/thumbnails/13.jpg)
Hyhoneydv6: Requirements, Architecture and Features
IPv6 Honeypot Requirements
Genuine service emluation
No service stubsProvide protocols with encryption
IPv6 address space coverage
Brute force of IPv6 address space impossible [3]Dynamic honeypot instantiation as provided by Honeydv6
Price/Performance
Require few machinesNo cloud-based solutions
Sven Schindler (Potsdam University) Taming the IPv6 Address Space with Hyhoneydv6 Frame 11 of 28
![Page 14: Taming the IPv6 Address Space with Hyhoneydv6 · 2015. 11. 26. · In In Proceedings of the 13th USENIX Security Symposium, pages 15–28, 2004. [6] Johanna Ullrich and Katharina](https://reader035.vdocument.in/reader035/viewer/2022081614/5fcb61c839fc2d375146450f/html5/thumbnails/14.jpg)
Hyhoneydv6: Requirements, Architecture and Features
Hyhoneydv6 Architecture
Sven Schindler (Potsdam University) Taming the IPv6 Address Space with Hyhoneydv6 Frame 12 of 28
![Page 15: Taming the IPv6 Address Space with Hyhoneydv6 · 2015. 11. 26. · In In Proceedings of the 13th USENIX Security Symposium, pages 15–28, 2004. [6] Johanna Ullrich and Katharina](https://reader035.vdocument.in/reader035/viewer/2022081614/5fcb61c839fc2d375146450f/html5/thumbnails/15.jpg)
Hyhoneydv6: Requirements, Architecture and Features
Major Hyhoneydv6 Features
Dynamic instantiation of high-interaction honeypots
Remote address configuration
Transparent TCP proxy
Sven Schindler (Potsdam University) Taming the IPv6 Address Space with Hyhoneydv6 Frame 13 of 28
![Page 16: Taming the IPv6 Address Space with Hyhoneydv6 · 2015. 11. 26. · In In Proceedings of the 13th USENIX Security Symposium, pages 15–28, 2004. [6] Johanna Ullrich and Katharina](https://reader035.vdocument.in/reader035/viewer/2022081614/5fcb61c839fc2d375146450f/html5/thumbnails/16.jpg)
Hyhoneydv6: Requirements, Architecture and Features
Features - Dynamic Instantiation
Network scans handled by low-interaction honeypots
Attacks on network services handled by high-interaction honeypots
QEMU-based high-interaction honeypot [2]
Libvirt to control the machines [7]
New high-interaction honeypot manager prepares libvirt configuration
Machines maintained in pool which is initialised on startup
Sven Schindler (Potsdam University) Taming the IPv6 Address Space with Hyhoneydv6 Frame 14 of 28
![Page 17: Taming the IPv6 Address Space with Hyhoneydv6 · 2015. 11. 26. · In In Proceedings of the 13th USENIX Security Symposium, pages 15–28, 2004. [6] Johanna Ullrich and Katharina](https://reader035.vdocument.in/reader035/viewer/2022081614/5fcb61c839fc2d375146450f/html5/thumbnails/17.jpg)
Hyhoneydv6: Requirements, Architecture and Features
Features - Remote IPv6 Address Configuration
Machine addresses require reconfiguration for attack
Different approaches considered: DHCPv6, OS modifications, remotelogin, custom configuration server
Configuration server is fast and avoids OS modifications
High-interaction honeypot manager connects to configuration server andtriggers IPv6 configuration for requested destination
Sven Schindler (Potsdam University) Taming the IPv6 Address Space with Hyhoneydv6 Frame 15 of 28
![Page 18: Taming the IPv6 Address Space with Hyhoneydv6 · 2015. 11. 26. · In In Proceedings of the 13th USENIX Security Symposium, pages 15–28, 2004. [6] Johanna Ullrich and Katharina](https://reader035.vdocument.in/reader035/viewer/2022081614/5fcb61c839fc2d375146450f/html5/thumbnails/18.jpg)
Hyhoneydv6: Requirements, Architecture and Features
Features - Transparent TCP Proxy
Connections need to be handed over to high-interaction honeypotstransparently
New proxy mechanism implemented which forwards traffic betweenattacker and high-interaction honeypot
High-interaction honeypots isolated via network bridge
Proxy adopts requested address, ports and hop limits
Sven Schindler (Potsdam University) Taming the IPv6 Address Space with Hyhoneydv6 Frame 16 of 28
![Page 19: Taming the IPv6 Address Space with Hyhoneydv6 · 2015. 11. 26. · In In Proceedings of the 13th USENIX Security Symposium, pages 15–28, 2004. [6] Johanna Ullrich and Katharina](https://reader035.vdocument.in/reader035/viewer/2022081614/5fcb61c839fc2d375146450f/html5/thumbnails/19.jpg)
Hyhoneydv6: Requirements, Architecture and Features
TCP-Handoff
Sven Schindler (Potsdam University) Taming the IPv6 Address Space with Hyhoneydv6 Frame 17 of 28
![Page 20: Taming the IPv6 Address Space with Hyhoneydv6 · 2015. 11. 26. · In In Proceedings of the 13th USENIX Security Symposium, pages 15–28, 2004. [6] Johanna Ullrich and Katharina](https://reader035.vdocument.in/reader035/viewer/2022081614/5fcb61c839fc2d375146450f/html5/thumbnails/20.jpg)
Hyhoneydv6: Requirements, Architecture and Features
Internal Architecture Overview
Sven Schindler (Potsdam University) Taming the IPv6 Address Space with Hyhoneydv6 Frame 18 of 28
![Page 21: Taming the IPv6 Address Space with Hyhoneydv6 · 2015. 11. 26. · In In Proceedings of the 13th USENIX Security Symposium, pages 15–28, 2004. [6] Johanna Ullrich and Katharina](https://reader035.vdocument.in/reader035/viewer/2022081614/5fcb61c839fc2d375146450f/html5/thumbnails/21.jpg)
Performance Measurements
Outline
1 Introduction
2 Results from a /34 Darknet Experiment
3 Hyhoneydv6: Requirements, Architecture and Features
4 Performance Measurements
5 Conclusion and Future Work
Sven Schindler (Potsdam University) Taming the IPv6 Address Space with Hyhoneydv6 Frame 19 of 28
![Page 22: Taming the IPv6 Address Space with Hyhoneydv6 · 2015. 11. 26. · In In Proceedings of the 13th USENIX Security Symposium, pages 15–28, 2004. [6] Johanna Ullrich and Katharina](https://reader035.vdocument.in/reader035/viewer/2022081614/5fcb61c839fc2d375146450f/html5/thumbnails/22.jpg)
Performance Measurements
Host Hardware Specifications
Device/System SpecificationOperating system Ubuntu 12.04 LTSQemu 1.0Motherboard EP45-DS3CPU Intel(R) Core(TM)2 Quad
CPU Q9550 @ 2.83GHzMemory 4GB (2x2) 800 MHzNetwork RTL8111/8168/8411
PCI Express GE Ctrl.(r8169 Gigabit Ethernet driver2.3LK-NAPI)
HD SanDisk SDSSDP25(read: 490MB/s write: 350MB/s)
Sven Schindler (Potsdam University) Taming the IPv6 Address Space with Hyhoneydv6 Frame 20 of 28
![Page 23: Taming the IPv6 Address Space with Hyhoneydv6 · 2015. 11. 26. · In In Proceedings of the 13th USENIX Security Symposium, pages 15–28, 2004. [6] Johanna Ullrich and Katharina](https://reader035.vdocument.in/reader035/viewer/2022081614/5fcb61c839fc2d375146450f/html5/thumbnails/23.jpg)
Performance Measurements
VM Specifications
Device/System SpecificationOperating systems Debian 7.5 kern. 3.2.0-4-686 paeMemory 256 MBNetwork Realtek Semiconductor,
RTL-8139/8139C/8139CCPU QEMU virtual CPU
Sven Schindler (Potsdam University) Taming the IPv6 Address Space with Hyhoneydv6 Frame 21 of 28
![Page 24: Taming the IPv6 Address Space with Hyhoneydv6 · 2015. 11. 26. · In In Proceedings of the 13th USENIX Security Symposium, pages 15–28, 2004. [6] Johanna Ullrich and Katharina](https://reader035.vdocument.in/reader035/viewer/2022081614/5fcb61c839fc2d375146450f/html5/thumbnails/24.jpg)
Performance Measurements
Connect Time
0
0.5
1
1.5
2
2.5
3
3.5
First (FE) First (KVM) Subsequent (FE) Subsequent (KVM)
transp
are
nt
pro
xy c
onnect
tim
e in s
eco
nds
high-interaction honeypot and connection type
Client - TCP SYN until first payload
HoneydV6 internal TCP handshake (LIH Syn to HIH Ack)
Sven Schindler (Potsdam University) Taming the IPv6 Address Space with Hyhoneydv6 Frame 22 of 28
![Page 25: Taming the IPv6 Address Space with Hyhoneydv6 · 2015. 11. 26. · In In Proceedings of the 13th USENIX Security Symposium, pages 15–28, 2004. [6] Johanna Ullrich and Katharina](https://reader035.vdocument.in/reader035/viewer/2022081614/5fcb61c839fc2d375146450f/html5/thumbnails/25.jpg)
Performance Measurements
Requests per Second
0
50
100
150
200
250
300
350
400
FE KVM
requ
ests
/ s
econ
d
high-interaction honeypot virtualization type
Sven Schindler (Potsdam University) Taming the IPv6 Address Space with Hyhoneydv6 Frame 23 of 28
![Page 26: Taming the IPv6 Address Space with Hyhoneydv6 · 2015. 11. 26. · In In Proceedings of the 13th USENIX Security Symposium, pages 15–28, 2004. [6] Johanna Ullrich and Katharina](https://reader035.vdocument.in/reader035/viewer/2022081614/5fcb61c839fc2d375146450f/html5/thumbnails/26.jpg)
Conclusion and Future Work
Outline
1 Introduction
2 Results from a /34 Darknet Experiment
3 Hyhoneydv6: Requirements, Architecture and Features
4 Performance Measurements
5 Conclusion and Future Work
Sven Schindler (Potsdam University) Taming the IPv6 Address Space with Hyhoneydv6 Frame 24 of 28
![Page 27: Taming the IPv6 Address Space with Hyhoneydv6 · 2015. 11. 26. · In In Proceedings of the 13th USENIX Security Symposium, pages 15–28, 2004. [6] Johanna Ullrich and Katharina](https://reader035.vdocument.in/reader035/viewer/2022081614/5fcb61c839fc2d375146450f/html5/thumbnails/27.jpg)
Conclusion and Future Work
Conclusion
Darknet experiment reveals wide-ranging IPv6 network scansFirst hybrid honeypot system for IPv6 networks
Dynamic Honeypot InstantiationAddress ReconfigurationTransparent Proxy
Simulate entire IPv6 networks with high-interaction honeypots on a singlehost
Performs well on off-the-shelf hardware
Sven Schindler (Potsdam University) Taming the IPv6 Address Space with Hyhoneydv6 Frame 25 of 28
![Page 28: Taming the IPv6 Address Space with Hyhoneydv6 · 2015. 11. 26. · In In Proceedings of the 13th USENIX Security Symposium, pages 15–28, 2004. [6] Johanna Ullrich and Katharina](https://reader035.vdocument.in/reader035/viewer/2022081614/5fcb61c839fc2d375146450f/html5/thumbnails/28.jpg)
Conclusion and Future Work
Future Work
Integration of Hyhoneydv6 into production networks
Improve logging facilities
Future open source project:https://redmine.cs.uni-potsdam.de/projects/honeydv6/wiki
Sven Schindler (Potsdam University) Taming the IPv6 Address Space with Hyhoneydv6 Frame 26 of 28
![Page 29: Taming the IPv6 Address Space with Hyhoneydv6 · 2015. 11. 26. · In In Proceedings of the 13th USENIX Security Symposium, pages 15–28, 2004. [6] Johanna Ullrich and Katharina](https://reader035.vdocument.in/reader035/viewer/2022081614/5fcb61c839fc2d375146450f/html5/thumbnails/29.jpg)
Conclusion and Future Work
Thank youTime for questions and suggestions...
Sven Schindler (Potsdam University) Taming the IPv6 Address Space with Hyhoneydv6 Frame 27 of 28
![Page 30: Taming the IPv6 Address Space with Hyhoneydv6 · 2015. 11. 26. · In In Proceedings of the 13th USENIX Security Symposium, pages 15–28, 2004. [6] Johanna Ullrich and Katharina](https://reader035.vdocument.in/reader035/viewer/2022081614/5fcb61c839fc2d375146450f/html5/thumbnails/30.jpg)
Conclusion and Future Work
References
[1] Michael D. Bailey, Evan Cooke, David Watson, Farnam Jahanian, and Niels Provos.A Hybrid Honeypot Architecture for Scalable Network Monitoring.Technical Report CSE-TR-499-04, University of Michigan, Ann Arbor, Michigan, USA, October 2004.
[2] Fabrice Bellard.Qemu, a fast and portable dynamic translator.In Proceedings of the Annual Conference on USENIX Annual Technical Conference, ATEC ’05, pages 41–41, Berkeley, CA, USA, 2005. USENIX Association.
[3] T. Chown.IPv6 Implications for Network Scanning.RFC 5157 (Informational), March 2008.
[4] Patrice Clemente, Jean-François Lalande, and Jonathan Rouzaud-Cornabas.HoneyCloud: elastic honeypots - On-attack provisioning of high-interaction honeypots.In International Conference on Security and Cryptography, pages 434–439, Rome, Italy, July 2012.
[5] Xuxian Jiang and Xuxian Jiang Dongyan.Collapsar: A vm-based architecture for network attack detention center.In In Proceedings of the 13th USENIX Security Symposium, pages 15–28, 2004.
[6] Johanna Ullrich and Katharina Krombholz and Heidelinde Hobel and Adrian Dabrowski and Edgar Weippl.Ipv6 security: Attacks and countermeasures in a nutshell.In 8th USENIX Workshop on Offensive Technologies (WOOT 14), San Diego, CA, 2014. USENIX Association.
[7] M Tim Jones.Anatomy of the libvirt virtualization library.IBM developer Works, pages 97–108, 2010.
[8] Georgios Portokalidis, Asia Slowinska, and Herbert Bos.Argos: an Emulator for Fingerprinting Zero-Day Attacks.In Proc. ACM SIGOPS EUROSYS’2006, Leuven, Belgium, April 2006.
[9] N. Provos and T. Holz.Virtual Honeypots: From Botnet Tracking to Intrusion Detection.Addison-Wesley, 2008.
[10] Michael Vrable, Justin Ma, Jay Chen, David Moore, Erik Vandekieft, Alex C. Snoeren, Geoffrey M. Voelker, and Stefan Savage.Scalability, fidelity, and containment in the potemkin virtual honeyfarm.In Proceedings of the Twentieth ACM Symposium on Operating Systems Principles, SOSP ’05, pages 148–162, New York, NY, USA, 2005. ACM.
Sven Schindler (Potsdam University) Taming the IPv6 Address Space with Hyhoneydv6 Frame 28 of 28