IPv6 Multicast Vulnerability – An Overview
Abstract
IPv6 is the next Internet Protocol version designed to eventually replace IPv4 as the amount of potentially allocated IPv4 addresses is insufficient. The vulnerabilities of IPv6 protocols and the attacks against them demand more attention to be paid. The multicast mechanism is one of the crucial mechanisms that are related to the nature of IPv6 protocol. Despite its usefulness in performing basic tasks in IPv6 environments, the multicast mechanism is considered as a security hole that calls to be understood by the security specialists and IPv6 network administrators. To address the multicast security aspects, this paper presents the attacks that utilize the multicast vulnerability along with the identification of countermeasures for each attack. In particular, this paper analyzes the state-of-the-art attacks and ranks them based on a new severity ranking method to provide significant security guidance for deploying IPv6 networks.
References
Arjuman, N. C., & Manickam, S. (2015). A review on ICMPv6 vulnerabilities and its mitigation techniques: Classification and art. Paper presented at the Computer, Communications, and Control Technology (I4CT), 2015 International Conference on.
Baker, F., & Savola, P. (2004). RFC 3704. Ingress Filtering for Multihomed Networks.
Bansal, G., Kumar, N., Nandi, S., & Biswas, S. (2012). Detection of NDP based attacks using MLD. Paper presented at the Proceedings of the Fifth International Conference on Security of Information and Networks.
Barbhuiya, F. A., Biswas, S., & Nandi, S. (2011). Detection of neighbor solicitation and advertisement spoofing in IPv6 neighbor discovery protocol. Paper presented at the Proceedings of the 4th international conference on Security of information and networks.
Davies, J. (2012). Understanding IPv6: Understanding IPv6 _p3: Pearson Education.
Elejla, O. E., Anbar, M., & Belaton, B. (2016). ICMPv6-Based DoS and DDoS Attacks and Defense Mechanisms: Review. IETE Technical Review, 1-18.
Hagen, S. (2014). Pv6 Essentials, 3rd Edition: O'Reilly Media, Inc.
Hinden, R., & Deering, S. (2006). RFC 4291. IP version, 6, 13-15.
Horley, E. (2014). Practical IPv6 for Windows Administrators: Apress.
Lencse, G., & Kadobayashi, Y. (2018). Methodology for the identification of potential security issues of different IPv6 transition technologies: Threat analysis of DNS64 and stateful NAT64. Computers & Security, 77, 397-411.
Lencse, G., & Kadobayashi, Y. (2019). Comprehensive survey of IPv6 transition technologies: A subjective classification for security analysis. IEICE Transactions on Communications, 102(10), 2021-2035.
R. M. Saad, S. R., and S. Manickam. (2013). A Study on Detecting ICMPv6 Flooding Attack based on IDS. Australian Journal of Basic and Applied Sciences, 7(2), 175-181.
Saad, R. M., Anbar, M., Manickam, S., & Alomari, E. (2015). An Intelligent ICMPv6 DDoS Flooding-Attack Detection Framework (v6IIDS) using Back-Propagation Neural Network. IETE Technical Review, 1-12.
Shubair, A. (2017). Survey of security issues in IPv4 to IPv6 tunnel transition mechanisms. International Journal of Security and Networks, 12(2), 83-102.
Weber, J. (2013). IPv6 Security Test Laboratory. (Master), Ruhr-University Bochum, Germany.
- IPv6; multicast; vulnerability; reconnaissance phase; smurf attak; DoS attack
Copyright (c) 2021 Author(s) of this work retain copyright and grant the journal right, publishing license of first publication with the work simultaneously licensed under Creative Commons Attribution International License (CC BY 4.0). Author(s) and ACAA permit unrestricted use, distribution, and reproduction in any medium, provided the original work with proper citation. ACAA publishing house is located in Oman / Sohar , Zip code 311. ISNI 0000 0004 9361 5767
This work is licensed under a Creative Commons Attribution 4.0 International License.