Topic
Internet Control Message Protocol version 6
About: Internet Control Message Protocol version 6 is a research topic. Over the lifetime, 9 publications have been published within this topic receiving 72 citations.
Papers
TL;DR: This paper analyzes the various existing detection and prevention approaches that are proposed to tackle ICMPv6-based DoS and DDoS attacks against IPv6 networks using IC MPv6 messages.
Abstract: The number of internet users and devices that are in need for more IP addresses to be assigned to them is rapidly increasing. A new protocol named IPv6 was developed in 1998 to overcome the addressing issue and to improve network communications in general. IPv6 is an improved protocol compared to IPv4 in terms of security since it provides built-in security mechanisms, such as IPSec. In addition, it brought new functionalities, such as Neighbour Discovery Protocol (NDP) procedure, which depends on Internet Control Message Protocol version 6 (ICMPv6) protocol messages. However, IPv6 inherited a number of attacks from IPv4 in addition to new attacks it brought within its new features. One of the most common attacks is the Denial of Service (DoS) attack due to its ease of being launched in different ways. A more serious DoS attack can be launched from many hosts called Distributed Denial of Service (DDoS). DoS and DDoS attacks are thorny and a grave problem of today's internet, resulting in economic damages for organizations and individuals. Therefore, this paper is created to study the properties of DoS and DDoS attacks against IPv6 networks using ICMPv6 messages. Additionally, it analyzes the various existing detection and prevention approaches that are proposed to tackle ICMPv6-based DoS and DDoS attacks. Moreover, it explains the existing tools that might be used for performing these attacks.
60 citations
1 Sep 2018
TL;DR: A machine-learning based system to detect Distributed Denial of Service attacks that employ Neighbor Discovery protocol by using Machine learning techniques is introduced, due to the severity of the attacks and the importance of Neighbor discovery protocol in Internet Protocol version 6.
Abstract: the rapid growth of the Internet usage has caused problem on Internet protocol address space. To solve the space issue of Internet Protocol version 4 addresses, Internet Protocol version 6 was created to expand the availability of address spaces. Internet Protocol version 6 is designed to overcome the main limitations of Internet Protocol version 4 including the lack of security and the exhaustion of Internet Protocol address space. Internet Protocol version 6 protocols are not well supported by Network Intrusion Detection System, as is the case with Internet Protocol version 4 protocols. Several data mining techniques have been introduced to improve the classification mechanism of Intrusion detection system. In addition, extensive researches indicated that there is no Intrusion Detection systems for Internet Protocol version 6 using advanced machine-learning techniques to ward distributed denial of service attacks. With the increasing adoption of Internet Protocol version 6, Internet Protocol version 6-unique security issues become more urgent to address. Unlike Internet Protocol version 4, Internet Protocol version 6 relies on Internet Control Message Protocol version 6 in neighbor discovery. This means that blocking Internet Control Message Protocol version 6 traffic to reduce the possibility of using it as an attack tool, is not a viable option in most scenarios. One of the security threats posed by Internet Control Message Protocol version 6 is its possible use in Denial of Service attacks. This paper introduces a machine-learning based system to detect Distributed Denial of Service attacks that employ Neighbor Discovery protocol by using Machine learning techniques, due to the severity of the attacks and the importance of Neighbor Discovery protocol in Internet Protocol version 6. Decision tree algorithm and Random Forest Algorithm have given the highest accuracy result in comparison to the other algorithms.
15 citations
Patent•
19 Jun 2013
TL;DR: In this paper, a method for acquiring an Internet protocol version 6 (IPv6) prefix by adopting an ICMPv6 to generate a client address is presented, which comprises the following steps of: 1, acquiring IPv6 prefix information in a router advertisement (RA) message from a local side IPv6 router, and storing the prefix information into a dynamic host configuration protocol (DHCP) server configuration; and 2, when an address request is transmitted to equipment, combining the IPv6prefix information in the DHCP server configuration and a ClientID in a request packet of a
Abstract: The invention discloses a method for acquiring an Internet protocol version 6 (IPv6) prefix by adopting an Internet control message protocol version 6 (ICMPv6) to generate a client address. The method comprises the following steps of: 1, acquiring IPv6 prefix information in an ICMPv6 router advertisement (RA) message from a local side IPv6 router, and storing the IPv6 prefix information into a dynamic host configuration protocol (DHCP) server configuration; and 2, when an address request is transmitted to equipment, combining the IPv6 prefix information in the DHCP server configuration and a ClientID in a request packet of a client to generate an IPv6 address, and returning the IPv6 address to the client. The method has the advantages that the prefix information acquired from an Internet service provider (ISP) local side is stored in the configuration, unique IPv6 global addresses can be allocated according to different ClientIDs reported by the client, simplicity in software implementation is ensured, the modularization degree of software is high, and maintainability, expandability and stability are greatly improved.
6 citations
TL;DR: A hybrid IPv6 multihomed approach, which combines the host-based multihoming approach and the Router Advertisements defined in Internet Control Message Protocol version 6 (ICMPv6) is proposed, which offers fault tolerance, load balancing, and provider independence services to both site and host levels.
5 citations
23 Oct 2014
TL;DR: In this paper, some potential newer attacks on Smart Grid have been discussed and intrusion prevention mechanisms for these attacks are proposed to plugin the threats.
Abstract: Smart Grid is an integrated power grid with a. reliable, communication network running in parallel towards providing two way communications in the grid. It's trivial to mention that a network like this would connect a huge number of IP-enabled devices. IPv6 that offers 18-bit address space becomes an obvious choice in this context. In a smart grid, functionalities like neighborhood discovery, autonomic address configuration of a node or its router identification may often be invoked whenever newer equipments are introduced for capacity enhancement at some level of hierarchy. In IPv6, these basic functionalities like neighborhood discovery, autonomic address configuration of networking require to use Internet Control Message Protocol version 6 (ICMPv6). Such usage may lead to security breaches in the grid as a result of possible abuses of ICMPv6 protocol. In this paper, some potential newer attacks on Smart Grid have been discussed. Subsequently, intrusion prevention mechanisms for these attacks are proposed to plugin the threats.
5 citations
Related Topics (5)
Performance Metrics
| Year | Papers |
|---|---|
| 2020 | 1 |
| 2018 | 2 |
| 2017 | 1 |
| 2016 | 1 |
| 2014 | 2 |
| 2013 | 1 |