Survey of security issues in IPv4 to IPv6 tunnel transition mechanisms

Abdullah, Shubair A.

doi:10.1504/ijsn.2017.10004577

Cited by 3 publications

(7 citation statements)

References 52 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Furthermore, some research works suggest the usage of separate rewall lters, one for IPv4 packets and another for IPv6 packets, in order to make sure that every packet is being ltered and examined [23].…”

Section: Mitigation Methodsmentioning

confidence: 99%

“…Another method is to deny the IPv6 tunnel by blocking a speci c protocol and its associated ports [23]. In case of 6in4 tunnel, an attacker might inject an already encapsulated packet within the tunnel, that's why rewalls can be enabled to inspect tunneled packets and the rewall should also permit any 6in4 tra c which is generated from the same segment or from outside it as well, in order to be able to lter tra c behind the segment as well [23]. Finally, IPsec has the ability to block any tra c that didn't pass the authentication phase [23].…”

Section: Mitigation Methodsmentioning

confidence: 99%

Section: Mitigation Methodsmentioning

confidence: 99%

“…One of the most used types of tunnels is the well-known 6in4 [23], which has several attacking scenarios. Each element within the IPv6 network sends RA message to declare that it is there and to allow other routers to update their table of existing IPv6 addresses.…”

Section: Attack Scenariosmentioning

confidence: 99%

“…An attacker might take advantage of this process especially when all routers are sitting on the same network, which gives the possibility to attack the 6to4 router with Route-Advertisement (RA) message, by sending spoofed packet to the victim [22]. The second type is spoo ng as explained by [23], where an attacker can take advantage of an existing tunnel and spoof one side of the tunnel endpoint and attack the other side as shown in Fig. 3.…”

Section: Attack Scenariosmentioning

confidence: 99%

See 4 more Smart Citations

The Possible Security Issues of the DS-Lite IPv6 Transition Technology

Al-Azzawi

Lencse

2022

Preprint

View full text Add to dashboard Cite

This paper focuses on one of the most prominent IPv6 transition technologies named DS-Lite (Dual Stack Lite). The aim is to analyze the security threats that this technology might be vulnerable to. The analysis is based on the STRIDE method that stands for Spoofing, Tampering, Repudiation, Information disclosure and Elevation of privilege. Using the DFD (Data Flow Diagram) of a DS-Lite system, we summarized the potential security vulnerabilities and potential attack points within this infrastructure. We have also built a testbed for DS-Lite topology using several virtual machines, which were created using CentOS Linux images. We used our testbed to perform MitM (Man in the Middle) attack and other type of attacks against the B4 (border gateway) and the AFTR (Address Family Transition Router) and then to monitor their performance and the number of packets being translated under attack by different number of clients using several attacking toolkits.

show abstract

Section: Mitigation Methodsmentioning

confidence: 99%

Section: Mitigation Methodsmentioning

confidence: 99%

Section: Mitigation Methodsmentioning

confidence: 99%

Section: Attack Scenariosmentioning

confidence: 99%

Section: Attack Scenariosmentioning

confidence: 99%

See 3 more Smart Citations

The Possible Security Issues of the DS-Lite IPv6 Transition Technology

Al-Azzawi

Lencse

2022

Preprint

View full text Add to dashboard Cite

show abstract

IPv6 Security Issues: A Systematic Review Following PRISMA Guidelines

Abdullah

Ashoor²

2022

Baghdad Sci.J

View full text Add to dashboard Cite

Since Internet Protocol version 6 is a new technology, insecure network configurations are inevitable. The researchers contributed a lot to spreading knowledge about IPv6 vulnerabilities and how to address them over the past two decades. In this study, a systematic literature review is conducted to analyze research progress in IPv6 security field following the Preferred Reporting Items for the Systematics Review and Meta-Analysis (PRISMA) method. A total of 427 studies have been reviewed from two databases, IEEE and Scopus. To fulfil the review goal, several key data elements were extracted from each study and two kinds of analysis were administered: descriptive analysis and literature classification. The results show positive signs of the research contributions in the field, and generally, they could be considered as a reference to explore the research of in the past two decades in IPv6 security field and to draw the future directions. For example, the percentage of publishing increased from 147 per decade from 2000-2010 to 330 per decade from 2011 to 2020 which means that the percentage increase was 124%. The number of citations is another key finding that reflects the great global interest in research devoted to IPv6 security issues, as it was 409 citations in the decade from 2000-2010, then increased to 1643 citations during the decade from 2011 to 2020, that is, the percentage increase was 302%.

show abstract

A Neuro-Fuzzy System to Detect IPv6 Router Alert Option DoS Packets

Abdullah

2019

IAJIT

View full text Add to dashboard Cite

Detecting the denial of service attacks that solely target the router is a maximum security imperative in deploying IPv6 networks. The state-of-the-art Denial of Service detection methods aim at leveraging the advantages of flow statistical features and machine learning techniques. However, the detection performance is highly affected by the quality of the feature selector and the reliability of datasets of IPv6 flow information. This paper proposes a new neuro-fuzzy inference system to tackle the problem of classifying the packets in IPv6 networks in crucial situation of small-supervised training dataset. The proposed system is capable of classifying the IPv6 router alert option packets into denial of service and normal by utilizing the neuro-fuzzy strengths to boost the classification accuracy. A mathematical analysis from the fuzzy sets theory perspective is provided to express performance benefit of the proposed system. An empirical performance test is conducted on comprehensive dataset of IPv6 packets produced in a supervised environment. The result shows that the proposed system overcomes robustly some state-of-the-art systems.

show abstract

Survey of security issues in IPv4 to IPv6 tunnel transition mechanisms

Cited by 3 publications

References 52 publications

The Possible Security Issues of the DS-Lite IPv6 Transition Technology

The Possible Security Issues of the DS-Lite IPv6 Transition Technology

IPv6 Security Issues: A Systematic Review Following PRISMA Guidelines

A Neuro-Fuzzy System to Detect IPv6 Router Alert Option DoS Packets

Contact Info

Product

Resources

About