Abstract In this paper, we focus on one of the most prominent IPv6 transition technologies, namely Mapping of Address and Port using Translation (MAP-T), and we give attention to Mapping of Address and Port with Encapsulation (MAP-E) as well. We emphasize the uniqueness of MAP-T and MAP-E, and we discuss the differences between those two technologies, including their topology, functionality, and security vulnerabilities. We apply a threat modeling technique, Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege (STRIDE), to assess potential vulnerabilities in the MAP-T infrastructure. Furthermore, we build a testbed for MAP-T using the open-source software, Jool, and we conduct testing on the translation process capabilities of Jool and its port allocation per subscriber. Finally, we present various attacking scenarios against the main routers of MAP-T, such as IP address spoofing, information disclosure, and source port exhaustion, and we propose mitigation methods for several attacks.
Read full abstract