Title:
|
IPV6 NEIGHBOR DISCOVERY PROTOCOL: A SECURITY CASE STUDY* |
Author(s):
|
Emilia Rosti , Julian Rrushi |
ISBN:
|
972-99353-6-X |
Editors:
|
Nuno Guimarães and Pedro Isaías |
Year:
|
2005 |
Edition:
|
1 |
Keywords:
|
IPv6, network security, experimental evaluation, neighbor discovery protocol. |
Type:
|
Full Paper |
First Page:
|
313 |
Last Page:
|
320 |
Language:
|
English |
Cover:
|
|
Full Contents:
|
click to dowload
|
Paper Abstract:
|
In this paper we present an experimental study of the security issues of the Neighbor Discovery protocol in an IPv6 native network. The Neighbor Discovery protocol allows a device on a network to gather information about the current network configuration parameters from the other devices already on the network and to auto-configure its network interface based on the information thus gathered. Since such a protocol operates without any security feature, as its trust model assumes a fully trustworthy network. As such, it is vulnerable to any attack that distributes bogus information. We have developed FRAG, a tool that allows a user to build router advertisement messages with arbitrary parameter values, in order to launch specific attacks. The attacks we describe in this paper have been conducted in a lab setting reproducing a wide area network. Our work shows how a router can be mislead into changing even statically configured parameters, if it accepts router advertisements from other routers. The consequences of such changes range from isolating the victim machine from network traffic, to a complete denial of service. |
|
|
|
|