Identification of the Possible Security Issues of the 464XLAT IPv6 Transition Technology

Abstract: This paper focuses on one of the most prominent IPv6 transition technologies named 464XLAT. The aim is to analyze the security threats that this technology might face. After carrying out the threat analysis using STRIDE method that stands for Spoofing, Tampering, Repudiation, Information Disclosure and Elevation of Privilege, and using DFD (Data-Flow Diagram) as a core for the analysis, we summarized the security vulnerabilities and attack points possibilities within this infrastructure. We have also built a t… Show more

“…The first step in applying the STRIDE method is to build the DFD of the examined system and specify the potential attacking points at each element. Therefore, the DFD for DS-Lite was built as shown in Figure 5, which shows the spots (1)(2)(3)(4)(5)(6)(7)(8)(9)(10)(11). The security analysis is divided into several groups such as the traffic between the client and B4, then between B4 and the AFTR, etc.…”

“…In [7], a testbed of 464XLAT was built using Debian-based virtual machines to evaluate the performance of the PLAT under a DoS (Denial of Service) attack, specifically testing the CPU performance and the pool of source port numbers. In a subsequent paper [8], the previous work was extended using a more powerful computer, allowing for an increase in the number of attacking clients (virtual machines) from 1 to 8. The PLAT performance was then tested after an attack using the hping3 command, ultimately demonstrating the susceptibility of the PLAT to DoS attacks.…”

Analysis of the Security Challenges Facing the DS-Lite IPv6 Transition Technology

“…The first step in applying the STRIDE method is to build the DFD of the examined system and specify the potential attacking points at each element. Therefore, the DFD for DS-Lite was built as shown in Figure 5, which shows the spots (1)(2)(3)(4)(5)(6)(7)(8)(9)(10)(11). The security analysis is divided into several groups such as the traffic between the client and B4, then between B4 and the AFTR, etc.…”

“…In [7], a testbed of 464XLAT was built using Debian-based virtual machines to evaluate the performance of the PLAT under a DoS (Denial of Service) attack, specifically testing the CPU performance and the pool of source port numbers. In a subsequent paper [8], the previous work was extended using a more powerful computer, allowing for an increase in the number of attacking clients (virtual machines) from 1 to 8. The PLAT performance was then tested after an attack using the hping3 command, ultimately demonstrating the susceptibility of the PLAT to DoS attacks.…”

Analysis of the Security Challenges Facing the DS-Lite IPv6 Transition Technology

Design and implementation of a software tester for benchmarking stateful NATxy gateways: Theory and practice of extending siitperf for stateful tests

Benchmarking methodology for stateful NAT64 gateways