Abstract
IPv6 protocol has been widely deployed in the world. As the IANA pool of IPv4 addresses has run out, IPv6 will become increasingly important. Although the IPv6 protocol stack presents considerable advantages compared with the IPv4 protocol stack, IP source address spoofing is still exploited in IPv6 to initiate malicious attacks. Some techniques are proposed and deployed to implement source address validation at fine granularity. In this paper, we investigate the efficiency of fine granularity IP source address validation, e.g. whether filtering technology is deployed to prevent hosts from using forged IP address. We develop a detection tool with controlled spoofing ability which can infer whether the function of filtering spoofing address packets is enabled. We run this tool in 12 famous universities in China and collect the testing data. We gather a total of 41373 probes from 324 clients, and each probe includes sending at least 5 packets with the same spoofing source address to the control server. Results reveal that, 77.02% of the spoofing probes are completely filtered, 0.29% of the spoofing probes are partly filtered and the rest spoofing probes are not filtered at all. Overall, this illustrates that techniques of source address validation have been widely deployed in campus networks. Our statistical results provide practical basis for the deployment and further development of source address validation protocols in IPv6 networks.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.