DoS Vulnerabilities in IPv6

  • J. Smith
  • E. Ahmed
  • C. Chellappan
  • S. P. Meenakshi
  • S. V. Raghavan
  • S. Suriadi
  • A. B. Tickle


Central to the functioning of the Internet itself as well as most corporate and organisational intranets is the TCP/IP suite of protocols. Within the TCP/IP suite, the transmission control protocol (TCP) offers a robust delivery mechanism for all kinds of data across a network of arbitrary complexity. The other key protocol component, the Internet protocol (IP), primarily manages the routing of messages (aka packets or datagrams) between communicating entities. The Internet protocol (IP) also deals with issues related to network and computer addresses, that is so-called IP addresses. The current version of the Internet protocol (IP) is IPv4. As has been discussed in the previous chapters, the vulnerabilities of IPv4 have been exploited in denial-of-service (DoS) attacks. IPv4 also has a number of design limitations of which the impending exhaustion of available IPv4 addresses is one of the more critical. Development of IPv6, the designated successor to IPv4, has been underway since 1998. IPv6 attempts to address some of the security limitations of IPv4 but, importantly, also solves the address shortage problem by using 128-bit addresses compared to the 32-bit addresses adopted in IPv4. This creates a potential address space within IPv6 that is more than 20 orders of magnitude larger than IPv4’s address space.


Transmission Control Protocol Internet Protocol Malicious Node Internet Protocol Address Internet Engineering Task Force 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Abley, J., P. Savola, and G. Neville-Neil. 2007. Deprecation of type 0 routing headers in IPv6. Accessed 24 Feb 2011.
  2. 2.
    Aura, T., and M. Roe. 2006. Designing the mobile IPv6 security protocol. Annales des Télécommunications 61(3–4): 332–356.Google Scholar
  3. 3.
    Biondi, P., and A. Ebalard. 2007. IPv6 routing header security. Accessed 24 Feb 2011.
  4. 4.
    Branagan, M., R. Dawson, and D. Longley. 2006. Security risk analysis for complex systems. In Proceedings of the Information Security for South Africa 2006 from Insight to Foresight Conference, Pretoria, South Africa, 2006.Google Scholar
  5. 5.
    Caelli, W.J., D. Longley, and A.B. Tickle. 1992. A methodology for describing information and physical security architectures. In Eighth International Conference on Information Security (SEC), 277–296, Singapore, 1992. IFIP Transactions.Google Scholar
  6. 6.
    Conta, A., S. Deering, and M. Gupta. 2006. Internet control message protocol (ICMPv6) for the internet protocol version 6 (IPv6) Specification. Accessed 24 Feb 2011.
  7. 7.
    Convery, S. and D. Miller. 2004. IPv6 and IPv4 threat comparison and best-practice evaluation. Accessed 24 Feb 2011.
  8. 8.
    Crawford, M. and B. Haberman. 2006. IPv6 node information queries. Accessed 24 Feb 2011.
  9. 9.
    Davies, E., S. Krishnan, and P. Savola. 2007. IPv6 transition/co-existence security considerations. Accessed 24 Feb 2011.
  10. 10.
    Dawson, R.E. 2008. Secure communications for critical infrastructure control systems. Master’s thesis, Queensland University of Technology, Brisbane.Google Scholar
  11. 11.
    Deering, S. and R. Hinden. 1998. Internet protocol, version 6 (IPv6) specification. Accessed 24 Feb 2011. Updated by RFC 5095.
  12. 12.
    Eastlake 3rd, D. 2005. Cryptographic algorithm implementation requirements for encapsulating security payload (ESP) and authentication header (AH). Accessed 24 Feb 2011. Obsoleted by RFC 4835.
  13. 13.
    Gont, F. 2008. ICMP attacks against TCP. Draft, IETF. Accessed 24 Feb 2011.
  14. 14.
    Henry, M.H., R.M. Layer, K.Z. Snow, and D.R. Zaret. 2009. Evaluating the risk of cyber attacks on SCADA systems via Petri net analysis with application to hazardous liquid loading operations. In IEEE Conference on Technologies for Homeland Security, 2009. HST ’09, 607–614, 2009.Google Scholar
  15. 15.
    Hoagland, J. 2006. The Teredo protocol: Tunneling past network security and other security implications. Technical report, Symantec. Accessed 24 Feb 2011.
  16. 16.
    Hoagland, J., S. Krishnan, and D. Thaler. 2008. Security concerns with IP tunneling. “internet-draft”, “Internet Engineering Task Force”. Accessed 24 Feb 2011.
  17. 17.
    Huitema, C. 2006. Teredo: Tunneling IPv6 over UDP through network address translations (NATs). Accessed 24 Feb 2011.
  18. 18.
    Jensen, K., L.M. Kristensen, and L. Wells. 2007. Coloured Petri Nets and CPN Tools for modelling and validation of concurrent systems. STTT 9(3–4): 213–254.CrossRefGoogle Scholar
  19. 19.
    Jingbo, H. and M. Longhua. 2006. Fault diagnosis of substation based on Petri nets technology. In International Conference on Power System Technology, 2006. PowerCon 2006, 1–5, 2006.Google Scholar
  20. 20.
    Johnson, D., C. Perkins, and J. Arkko. 2004. Mobility support in IPv6. Accessed 24 Feb 2011.
  21. 21.
    Kempf, J., J. Arkko, and P. Nikander. 2004. Mobile IPv6 security. Wireless Personal Communications 29(3–4): 389–414.CrossRefGoogle Scholar
  22. 22.
    Kent, S. 2005. IP authentication header. Accessed 24 Feb 2011.
  23. 23.
    Kim, J.-W., H.-H. Cho, G.-J. Mun, J.-H. Seo, B.-N. Noh, and Y.-M. Kim. 2007. Experiments and countermeasures of security vulnerabilities on next generation network. Future Generation Communication and Networking 2: 559–564.CrossRefGoogle Scholar
  24. 24.
    Kwok, L.F., and D. Longley. 1999. Information security management and modeling. Information Management and Computer Security 7: 30–39.CrossRefGoogle Scholar
  25. 25.
    Loughney, J. 2006. IPv6 node requirements. Accessed 24 Feb 2011. Updated by RFC 5095.
  26. 26.
    Narten, T., E. Nordmark, W. Simpson, and H. Soliman. 2007. Neighbor discovery for IP version 6 (IPv6). Accessed 24 Feb 2011.
  27. 27.
    National Infrastructure Co-ordination Centre. 2005. Vulnerability issues in ICMP packets with TCP payloads. Vulnerability Advisory 532967/NISCC/ICMP, National Infrastructure Co-ordination Centre.Google Scholar
  28. 28.
    Nikander, P., J. Arkko, T. Aura, G. Montenegro, and E. Nordmark. 2005. Mobile IP version 6 route optimization security design background. Accessed 24 Feb 2011.
  29. 29.
    Nikander, P., J. Kempf, and E. Nordmark. 2004. IPv6 neighbor discovery (ND) trust models and threats. Accessed 24 Feb 2011.
  30. 30.
    Partridge, C., and A. Jackson. 1999. IPv6 router alert option. Accessed 24 Feb 2011.
  31. 31.
    Perkins, C. 2002. IP mobility support for IPv4. Accessed 24 Feb 2011. Updated by RFC 4721.
  32. 32.
    Potraj, C. 2007. Firewall design considerations for IPv6. Report I733-04IR-2007, National Security Agency.Google Scholar
  33. 33.
    Savola, P. 2001. Security of IPv6 routing header and home address options. Technical report, IETF. Accessed 25 Aug 2011.
  34. 34.
    Savola, P., and C. Patel. 2004. Security considerations for 6to4. Accessed 24 Feb 2011.
  35. 35.
    ICANN Security and Stability Advisory Committee. 2007. Survey of IPv6 support in commercial firewalls. Technical Report SAC 021, Internet Corporation for Assigned Names and Numbers (ICANN). Accessed 25 Aug 2011.
  36. 36.
    Stouffer, K., J. Falco, and K. Kent. 2006. Guide to supervisory control and data acquisition (SCADA) and industrial control systems security. NIST, USA, initial public draft edition. Accessed 25 Aug 2011.
  37. 37.
    Suriadi, S., A. Tickle, E. Ahmed, J. Smith, and H. Morarji. 2010. Risk modelling the transition of scada system to ipv6. In What Kind of Information Society? Governance, Virtuality, Surveillance, Sustainability, Resilience, eds. J. Berleur, M. Hercheui, and L. Hilty, IFIP advances in information and communication technology, vol. 328, 384–395. Boston: Springer. 10.1007/978-3-642-15479-9_36.Google Scholar
  38. 38.
    Ten, C.-W., C.-C. Liu, and M. Govindarasu. 2007. Vulnerability assessment of cybersecurity for SCADA systems using attack trees. In Power Engineering Society General Meeting, 2007. IEEE, 1–8.Google Scholar
  39. 39.
    The 6net Consortium. 2005. An IPv6 deployment guide. The 6net Consortium. Accessed 25 Aug 2011.
  40. 40.
    The Hackers Choice. 2006. THC IPv6 attack toolkit. Accessed 24 Feb 2011.
  41. 41.
    Thomson, S., T. Narten, and T. Jinmei. 2007. IPv6 stateless address autoconfiguration. Accessed 24 Feb 2011.
  42. 42.
    Van Leeuwen, B. 2007. Impacts of ipv6 on infrastructure control systems. SANDIA REPORT (SAND2007-0383P), Sept 2007.Google Scholar
  43. 43.
    Zhang, Y.-M., Z.-W. Yu, and H.-H. Cao. 2008. Insider attacks study against mobile IPv6 protocol. In 4th International Conference on Wireless Communications, Networking and Mobile Computing, 2008. WiCOM ’08, 1–4 October 2008.Google Scholar
  44. 44.
    Zheng, Q., T. Liu, X. Guan, Y. Qu, and N. Wang. 2007. A new worm exploiting IPv4-IPv6 dual-stack networks. In WORM ’07: Proceedings of the 2007 ACM workshop on Recurring malcode, 9–15, New York, 2007. ACM.Google Scholar

Copyright information

© Springer India Pvt. Ltd. 2011

Authors and Affiliations

  • J. Smith
    • 1
  • E. Ahmed
    • 1
  • C. Chellappan
    • 2
  • S. P. Meenakshi
    • 3
  • S. V. Raghavan
    • 3
  • S. Suriadi
    • 1
  • A. B. Tickle
    • 1
  1. 1.Information Security InstituteQueensland University of TechnologyBrisbaneAustralia
  2. 2.College of Engineering GuindyAnna UniversityChennaiIndia
  3. 3.Department of Computer Science and EngineeringIndian Institute of Technology MadrasChennaiIndia

Personalised recommendations