Abstract
Attacks against Neighbour Discovery Protocol (NDP) is a major security issue in Internet Protocol Version 6 (IPv6). Stateless Address Autoconfiguration (SLAAC) attack is a type of NDP attack used by attacker to attack SLAAC process. SLAAC attack can disrupt IPv6 link-local network and leaks sensitive information. Researchers have addressed this problem by proposing attack detection mechanism, but the mechanisms fully rely on predefined router database. The detection mechanisms also cannot detect hidden RA message in fragment packet and packet with Hop-by-Hop Options and Destination Options extension header. This paper proposes a rule-based detection mechanism named SADetection to detect SLAAC attack in IPv6 link-local network. SADetection has been tested using live data packets in testbed environment and has detected illegal Router Advertisement (RA) message in ICMPv6 packet as well as hidden RA message in packet with extension header. It has shown 98% detection accuracy and has proven the capability to protect IPv6 link-local network from SLAAC attack.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Deering, S., Hinden, R.: Internet Protocol, Version 6 (IPv6) Specification, RFC 8200. The Internet Engineering Task Force (IETF) (2017). https://www.ietf.org/rfc/rfc8200.txt
Narten, T., Nordmark, E., Simpson, W., Soliman, H.: Neighbor Discovery for IP version 6 (IPv6), RFC 4861. Internet Engineering Task Force (IETF) (2007). https://www.ietf.org/rfc/rfc4861.txt
Narten, T., Draves, R., Krishnan, S.: Privacy Extensions for Stateless Address Autoconfiguration in IPv6, RFC 4941. Internet Engineering Task Force (IETF) (2007). https://www.ietf.org/rfc/rfc4941.txt
Gont, F.: Security Implications of IPv6 Fragmentation with IPv6 Neighbor Discovery, RFC 6980. Internet Engineering Task Force (IETF) (2013). https://www.ietf.org/rfc/rfc4861.txt
SI6 Networks' IPv6 Toolkit. https://www.si6networks.com/tools/ipv6toolkit/index.html
Hacking IPv6 Networks. https://www.hackingipv6networks.com
Attacking the IPv6 Protocol Suite. https://www.thc.org/papers/vh_thc-ipv6_attack.pdf
Thomson, S., Narten, T., Jinmei, T.: IPv6 Stateless Address Autoconfiguration, RFC 4862. Internet Engineering Task Force (IETF) (2007). https://www.ietf.org/rfc/rfc4862.txt
Nikander, P., Kempf, J., Nordmark, E.: IPv6 Neighbor Discovery (ND) Trust Models and Threats, RFC 3756. Internet Engineering Task Force (IETF) (2004). https://www.ietf.org/rfc/rfc3756.txt
Levy-Abegnoli, E., Van de Velde, G., Popoviciu, C., Mohacsi, J.: IPv6 Router Advertisement Guard, RFC 6105. Internet Engineering Task Force (IETF) (2011). https://www.ietf.org/rfc/rfc6105.txt
Gont, F.: Implementation Advice for IPv6 Router Advertisement Guard (RA-Guard), RFC 7113. Internet Engineering Task Force (IETF) (2014). https://www.ietf.org/rfc/rfc7113.txt
Schutte, M.: IPv6 Plugin for the Snort Intrusion Detection System (2014). https://www.idsv6.de
Buenaventura, F.J., Gonzales, J.P., Lu, M.E., Ong, A.V.: IPv6 stateless address autoconfiguration (SLAAC) attacks and detection. In: Proceedings of the DLSU Research Congress, vol. 3 (2015)
Massamba, S.Y., Cheikh, S.A.R.R.: Securisation of an IPv6 Address Obtaining with SLAAC in Home Networks. OALib. 05, 1–2 (2018). https://doi.org/10.4236/oalib.1104424
Nelle, D., Scheffler, T.: Securing IPv6 neighbor discovery and SLAAC in access networks through SDN. In: Proceedings of the Applied Networking Research Workshop (ANRW 2019). Association for Computing Machinery, New York, pp. 23–29 (2019). https://doi.org/10.1145/3340301.3341132
Cooper, A., Gont, F., Thaler, D.: Security and Privacy Considerations for IPv6 Address Generation Mechanisms, RFC 7721. Internet Engineering Task Force (IETF) (2016). https://www.ietf.org/rfc/rfc7721.txt
Pappas, N.: Network IDS & IPS Deployment Strategies. The SANS Institute (2008). https://www.sans.org/reading-room/whitepapers/intrusion/paper/2143
Smith, M.: A Design for Building an IPS Using Open Source Products. The SANS Institute (2006). https://www.sans.org/reading-room/whitepapers/intrusion/paper/1662
Beck, F., Cholez, T., Festor, O., Chrisment, I.: Monitoring the neighbor discovery protocol. In: International Multi-Conference on Computing in the Global Information Technology, p. 57. IEEE Xplore Digital Library (2007). https://doi.org/10.1109/ICCGI.2007.39
Lu, Y., Wang, M., Huang, P.: An SDN-Based Authentication Mechanism for Securing Neighbor Discovery Protocol in IPv6. Secur. Commun. Netw. 1–9 (2017). https://doi.org/10.1155/2017/5838657
Csubák, D., Szücs, K., Vörös, P., Kiss, A.: Big Data Testbed for Network Attack Detection. Acta Polytechnica Hungarica 13(2) (2016)
Bansal, G., Kumar, N., Nandi, S., Biswas, S.: Detection of NDP based attacks using MLD. In: The 5th International Conference on Security of Information and Networks (SIN 2012), pp. 163–167 (2012)
Barbhuiya, F.A., Biswas, S., Nandi, S.: Detection of neighbor solicitation and advertisement spoofing in IPv6 neighbor discovery protocol. In: The 4th International Conference on Security of Information and Networks (SIN 2011), pp. 111–118 (2011). https://doi.org/10.1145/2070425.2070444
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Omar, N., Manickam, S. (2021). Rule-Based SLAAC Attack Detection Mechanism. In: Anbar, M., Abdullah, N., Manickam, S. (eds) Advances in Cyber Security. ACeS 2020. Communications in Computer and Information Science, vol 1347. Springer, Singapore. https://doi.org/10.1007/978-981-33-6835-4_29
Download citation
DOI: https://doi.org/10.1007/978-981-33-6835-4_29
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-33-6834-7
Online ISBN: 978-981-33-6835-4
eBook Packages: Computer ScienceComputer Science (R0)