Stack Overflow Based Defense for IPv6 Router Advertisement Flooding (DoS) Attack

Goel, Jai Narayan; Mehtre, B. M.

doi:10.1007/978-81-322-2529-4_31

Jai Narayan Goel^6,7 &
B. M. Mehtre⁷

Part of the book series: Smart Innovation, Systems and Technologies ((SIST,volume 44))

908 Accesses
1 Citations

Abstract

Internet Protocol version 6 (IPv6) is the future for Internet. But still it has some serious security problems e.g., IPv6 Router advertisement (RA) flood. IPv6 Router advertisement (RA) flooding is a severe Denial of Service attack. In this attack using only single computer, attacker can attack all the computers connected to the Local area Network. As a result all victim machines get frozen and become unresponsive. In this chapter, we have described IPv6 RA flood attack in a test environment and its effects on victims. We proposed an effective solution to counter IPv6 RA flood attack by using a stack. The proposed system would use a stack at victim’s machine. All the incoming RA packets would be sent to this stack before they are processed by the system. After regular interval, RA packet would Pop up from the stack and would be sent for processing. The proposed approach would protect from the IPv6 RA flood, detect the attack and also raise an alarm to alert the user. This proposed approach can also be used to counter other DoS attacks with some modification. We have also provided an algorithm and experimental results in this chapter.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 169.00; Price excludes VAT (USA)

Softcover Book: USD 219.99; Price excludes VAT (USA)

Hardcover Book: USD 219.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Droms, R.: Dynamic host configuration protocol. RFC1541. March (1997)
Google Scholar
Deering, S.E.: Internet protocol version 6 (IPv6) specification. RFC2460. December (1998)
Google Scholar
Rostaaski, M., Mushynskyy, T.: Security issues of IPv6 network autoconfiguration. In: Computer Information Systems and Industrial Management, pp. 218–228. Springer, Berlin (2013)
Google Scholar
Narten, T., Nordmark, E., Simpson, W., Soliman, H.: Neighbor discovery for IP version 6 (IPv6). RFC4861. September (2007)
Google Scholar
Deering, S.: ICMP router discovery messages. RFC 1256. September (1991)
Google Scholar
Arkko, J., Aura, T., Kempf, J., Mntyl, V.M., Nikander, P., Roe, M.: Securing IPv6 neighbor and router discovery. In: Proceedings of the 1st ACM Workshop on Wireless Security, pp. 77–86 (2002)
Google Scholar
Caicedo, C.E., Joshi, J.B., Tuladhar, S.R.: IPv6 security challenges. IEEE Comput. 42(2), 36–42 (2009)
Article Google Scholar
Lee, J.H., Ernst, T.: IPv6 security issues in cooperative intelligent transportation systems. Comput. J. bxs006 (2012)
Google Scholar
Ullrich, J., Krombholz, K., Hobel, H., Dabrowski, A., Weippl, E.: IPv6 security: attacks and countermeasures in a nutshell. In: Proceedings of the 8th USENIX conference on Offensive Technologies. USENIX Association 2014, pp. 5–16 (2014)
Google Scholar
Hermann, S., Fabian, B.: A comparison of internet protocol (IPv6) security guidelines. Future Internet. 6(1), 1–60 (2014)
Article Google Scholar
Nikander, P., Kempf, J., Nordmark, E.: IPv6 neighbor discovery (ND) trust models and threats. RFC 3756, Internet Engineering Task Force. May (2004)
Google Scholar
Levy-Abegnoli, E., Van de Velde, G., Popoviciu, C., Mohacsi, J.: IPv6 router advertisement guard. RFC 6105, Internet Engineering Task Force. February (2011)
Google Scholar
Chown, T., Venaas, S.: Rogue IPv6 router advertisement problem statement. RFC6104. February (2011)
Google Scholar
Goel, J.N., Mehtre, B.M.: Dynamic IPv6 activation based defense for IPv6 router advertisement flooding (DoS) attack. In: 2014 IEEE International Conference on Computational Intelligence and Computing Research (ICCIC), pp. 628–632 (2014)
Google Scholar
GNS3 Tool. http://www.gns3.com
VMware Tool. http://www.vmware.com/in
KALI Linux. http://www.kali.org
Hauser, V.: A complete tool set to attack the inherent protocol weaknesses of IPv6 and ICMPv6. https://www.thc.org/thc-ipv6/

Download references

Author information

Authors and Affiliations

School of Computer and Information Sciences, University of Hyderabad, Hyderabad, 500046, India
Jai Narayan Goel
Center for Information Assurance and Management, Institute for Development and Research in Banking Technology, Hyderabad, 500057, India
Jai Narayan Goel & B. M. Mehtre

Authors

Jai Narayan Goel
View author publications
You can also search for this author in PubMed Google Scholar
B. M. Mehtre
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to B. M. Mehtre .

Editor information

Editors and Affiliations

Department of Computer Science, Liverpool Hope University, Liverpool, United Kingdom
Atulya Nagar
Department of Computer Science and Engineering, National Institute of Technology Rourkela, Rourkela, India
Durga Prasad Mohapatra
Computer Science & Engineering, University of Calcutta, Kolkata, West Bengal, India
Nabendu Chaki

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Goel, J.N., Mehtre, B.M. (2016). Stack Overflow Based Defense for IPv6 Router Advertisement Flooding (DoS) Attack. In: Nagar, A., Mohapatra, D., Chaki, N. (eds) Proceedings of 3rd International Conference on Advanced Computing, Networking and Informatics. Smart Innovation, Systems and Technologies, vol 44. Springer, New Delhi. https://doi.org/10.1007/978-81-322-2529-4_31

Download citation

DOI: https://doi.org/10.1007/978-81-322-2529-4_31
Published: 03 September 2015
Publisher Name: Springer, New Delhi
Print ISBN: 978-81-322-2528-7
Online ISBN: 978-81-322-2529-4
eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics