Abstract

The Neighbor Discovery Protocol (NDP) is one of the main protocols in the Internet Protocol version 6 (IPv6) suite. It provides many basic functions for the normal operations of IPv6 in a Local Area Network (LAN), such as address auto-configuration and address resolution. However, NDP has several vulnerabilities that can be used by malicious nodes to launch attacks, because NDP messages are easily spoofed. Surrounding this problem many solutions have been proposed for securing NDP but these solutions either proposed new protocols that need to be supported by all nodes or built mechanisms that require the cooperation of all nodes. In this paper we overview NDP vulnerabilities and available solutions to overcome their impacts on IPv6 network. In addition a research test bed setup to implement these vulnerabilities was introduced. Moreover attacks that prove these vulnerabilities are implemented on different types of operating systems, Windows and Linux platforms. Three network metrics throughput, delay and resources consumption have been chosen to investigate, analyze and evaluate the impacts of NDP related attacks on IPv6 link-local communication. Overall, the results had shown that performance of Linux based operating system is better than Windows based operating system.

Highlights

  • Internet Protocol version 6 (IPv6) is a protocol designed as the successor to IPv4 protocol (Hakiem et al, 2015)

  • The former is used for discovery of the IPv6 nodes on the same link and the latter allows the hosts to automatically configure the IPv6 address without the outside help like Dynamic Host Configuration Protocol (DHCP) server

  • During Neighbor Advertisement (NA), Neighbor Solicitation (NS) and Router Solicitation (RS) flooding attacks throughput dropped from 1400 Mega Bytes per second (MBps) to just few MBps for Windows 8 while for Ubuntu 16.04 the throughput were dropped slightly compared to Windows 8

Read more

Summary

Introduction

IPv6 is a protocol designed as the successor to IPv4 protocol (Hakiem et al, 2015). It is used to solve the problems faced by IPv4 in today’s internet, such as IP address space limitation, security and scalability. As a response the attacker will replay to every single check for an IPv6 address that victim trying to use, claiming that he (attacker) already using this address (Rehman and Manickam, 2015c) This will prevent the victim from gaining a valid address and denied access to the communication link, as per Fig. 3. Attacker in this type of attack pretending to act as last hop router by sending spoofed RA messages either as a response to RS message or in a routine base. The conceptual neighbor cache is the resource being attacked, which will be occupied with attempts to resolve IPv6 addresses containing a valid prefix but invalid suffix (Mohamed et al, 2017)

Evaluation Methods
Results
Conclusion

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.