Abstract
Networks are transitioning from IP version 4 to the new version 6. Fundamental differences in the protocols introduce new security challenges with varying levels of evidence. As enabling IPv6 in an existing network is often already challenging on the functional level, security aspects are overlooked, even those that are emphasized in literature. Reusing existing security solutions for IPv4 might seem easy and cost-effective, but is based on the unproven assumption that IPv6 attack traffic features the same characteristics. By performing network measurements and analyzing IPv6 attacks on the network-level, we determine the current state of security in the IPv6 domain. With the inevitable switch to the new protocol version, assessing the applicability of existing security approaches and determining the requirements for new solutions becomes a necessity.
Chapter PDF
Similar content being viewed by others
References
Beck, F., Cholez, T., Festor, O., Chrisment, I.: Monitoring the neighbor discovery protocol. In: The Second International Workshop on IPv6 Today-Technology and Deployment-IPv6TD 2007 (2007)
Caicedo, C.E., Joshi, J.B., Tuladhar, S.R.: IPv6 security challenges. Computer (2), 36–42 (2009)
Elich, M., Velan, P., Jirsik, T., Celeda, P.: An investigation into teredo and 6to4 transition mechanisms: Traffic analysis. In: 2013 IEEE 38th Conference on Local Computer Networks Workshops (LCN Workshops), pp. 1018–1024 (October 2013 2013)
Ford, M., Stevens, J., Ronan, J.: Initial Results from an IPv6 Darknet. In: International Conference on Internet Surveillance and Protection, ICISP 2006, pp. 13–17 (2006)
Giobbi, R.: Bypassing Firewalls with IPv6 Tunnels (2009), http://www.cert.org/blogs/certcc/post.cfm?EntryID=37 (accessed March 2015)
Gont, F.: Security implications of IPv6 on IPv4 networks, RFC 7123, Internet Engineering Task Force (2014)
Gont, F., et al.: DHCPv6-Shield: Protecting Against Rogue DHCPv6 Servers (2012)
Heuse, M.: THC IPv6 attack tool kit, https://www.thc.org/thc-ipv6/ (accessed March 2015)
Huston, G.: Background Radiation in IPv6. The ISP Column, APNIC (2010)
Krishnan, S., Hoagland, J., Thaler, D.: Security Concerns with IP Tunneling, RFC 6169, Internet Engineering Task Force (2011)
Levy-Abegnoli, E., Van de Velde, G., Popoviciu, C., Mohacsi, J.: IPv6 Router Advertisement Guard. Tech. rep., RFC 6105, Internet Engineering Task Force (2011)
Schindler, S., Schnor, B., Kiertscher, S., Scheffler, T., Zack, E.: IPv6 network attack detection with HoneydV6. In: Obaidat, M.S., Filipe, J. (eds.) ICETE 2013. CCIS, vol. 456, pp. 252–269. Springer, Heidelberg (2014)
SURFnet: Preparing an IPv6 addressing plan (2013), https://www.surf.nl/en/knowledge-and-innovation/knowledge-base/2013/white-paper-preparing-an-ipv6-address-plan.html (accessed March 2015)
Ullrich, J., Krombholz, K., Hobel, H., Dabrowski, A., Weippl, E.: IPv6 security: attacks and countermeasures in a nutshell. In: Proceedings of the 8th USENIX Conference on Offensive Technologies, pp. 5–16. USENIX Association (2014)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 IFIP International Federation for Information Processing
About this paper
Cite this paper
Hendriks, L., Sperotto, A., Pras, A. (2015). Characterizing the IPv6 Security Landscape by Large-Scale Measurements. In: Latré, S., Charalambides, M., François, J., Schmitt, C., Stiller, B. (eds) Intelligent Mechanisms for Network Configuration and Security. AIMS 2015. Lecture Notes in Computer Science(), vol 9122. Springer, Cham. https://doi.org/10.1007/978-3-319-20034-7_16
Download citation
DOI: https://doi.org/10.1007/978-3-319-20034-7_16
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-20033-0
Online ISBN: 978-3-319-20034-7
eBook Packages: Computer ScienceComputer Science (R0)