research-article

A flexible framework for detecting IPv6 vulnerabilities

Authors:

Christoph MeinelAuthors Info & Claims

SIN '13: Proceedings of the 6th International Conference on Security of Information and Networks

Pages 196 - 202

https://doi.org/10.1145/2523514.2527001

Published: 26 November 2013 Publication History

Get Access

Abstract

Security has recently become a very important concern for entities using IPv6 networks. This is especially true with the recent news reports where governments and companies have admitted to credible cyber attacks against them in which confidential information and the security of data have been compromised. In this paper we will introduce a flexible framework that can be used for penetration testing of IPv6 networks. Due to the large address space in each of the IPv6 subnets, the traditional scanning approaches do not work. Here we introduce our new scanning algorithm which will find the IPv6 nodes on the Internet which are using Domain Name System (DNS) servers. Our implementation results showed that the use of the DNS Security Extension (DNSSEC) with NSEC3 [4], which is a new and promising approach for the prevention of zone walking, was not able to prevent us from gathering information about nodes on different networks.

References

[1]

R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose. Protocol Modifications for the DNS Security Extensions. IETF, Mar. 2005. http://tools.ietf.org/html/rfc4035.

Crossref

Google Scholar

[2]

S. Cheshire and M. Krochmal. Multicast DNS. IETF, Feb. 2013. http://tools.ietf.org/html/rfc6762.

Crossref

Google Scholar

[3]

S. Deering and R. Hinden. Internet Protocol, Version 6 (IPv6) Specification. IETF, Dec. 1998. http://tools.ietf.org/html/rfc2460.

Digital Library

Google Scholar

[4]

B. Laurie, G. Sisson, R. Arends, and D. Blacka. DNS Security (DNSSEC) Hashed Authenticated Denial of Existence. IETF, Mar. 2008. http://tools.ietf.org/html/rfc5155.

Crossref

Google Scholar

[5]

G. F. Lyon. Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning. ISBN-10 0-9799587-1-7, Jan. 2009.

Digital Library

Google Scholar

[6]

P. Mockapetris. Domain Names - Implementation and Specification. IETF, Nov. 1987. http://tools.ietf.org/html/rfc1035.

Digital Library

Google Scholar

[7]

C. Ottow, F. van Vliet, P. de Boer, and A. Pras. The Impact of IPv6 on Penetration Testing. Springer, 7479: 88--99, Auguest 2012.

Google Scholar

[8]

H. Rafiee, M. v. Loewis, and C. Meinel. Challenges and Solutions for DNS Security in IPv6. IGI, http://www.igi-global.com/chapter/challenges-and-solutions-for-dns-security-in-ipv6/78870, 2013.

Google Scholar

[9]

Peach fuzzer. Secure Development and Security Advisory Service, 2013. http://peachfuzzer.com/.

Google Scholar

Cited By

View all

Wala FBohacek S(2024)Zone-Hopping: Sensitive Information Leakage Prevention for DNSSEC-NSEC2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume (DSN-S)10.1109/DSN-S60304.2024.00035(104-110)Online publication date: 24-Jun-2024
https://doi.org/10.1109/DSN-S60304.2024.00035
Rafiee HMeinel C(2019)Necessary Standard for Providing Privacy and Security in IPv6 NetworksCyber Law, Privacy, and Security10.4018/978-1-5225-8897-9.ch017(327-345)Online publication date: 2019
https://doi.org/10.4018/978-1-5225-8897-9.ch017
Bergenholtz EIlie DMoss ACasalicchio E(2019)Finding a needle in a haystack - A comparative study of IPv6 scanning methods2019 International Symposium on Networks, Computers and Communications (ISNCC)10.1109/ISNCC.2019.8909131(1-6)Online publication date: Jun-2019
https://doi.org/10.1109/ISNCC.2019.8909131
Show More Cited By

Index Terms

A flexible framework for detecting IPv6 vulnerabilities
1. General and reference
  1. Cross-computing tools and techniques
    1. Metrics
2. Information systems
  1. Information systems applications

Recommendations

The Blind Man's Bluff Approach to Security Using IPv6

Most networks today employ static network defenses. The problem with static defenses is that adversaries have unlimited time to circumvent them. This article proposes a moving-target defense based on the Internet Protocol version 6 (IPv6) that ...
Performance analysis of probabilistic packet marking in IPv6

Probabilistic packet marking (PPM) has received considerable attention as an IP traceback approach against distributed Denial-of-Service attack, which is one of the most challenging security threat in the Internet. PPM is a technique that seeks to ...
A Novel Zone-Walking Protection for Secure DNS Server

A zone walking attack is to get all existing domain information from a secured DNS server. NSEC3 protocol was proposed to defend against zone walking attacks in a secured DNS server, although NSEC3 uses more CPU time. In this paper, the authors have ...

Comments

Information & Contributors

Information

Published In

SIN '13: Proceedings of the 6th International Conference on Security of Information and Networks

November 2013

483 pages

ISBN:9781450324984

DOI:10.1145/2523514

General Chairs:
Atilla Elçi
Aksaray University, Turkey
,
Manoj Singh Gaur
Malaviya National Institute of Technology, India
,
Mehmet A. Orgun
Macquarie University, Australia
,
Oleg B. Makarevich
Southern Federal University, Russia

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 26 November 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SIN '13

Sponsor:

MNIT
Aksaray Univ.
SFedU

SIN '13: The 6th International Conference on Security of Information and Networks

November 26 - 28, 2013

Aksaray, Turkey

Acceptance Rates

Overall Acceptance Rate 102 of 289 submissions, 35%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
258
Total Downloads

Downloads (Last 12 months)4
Downloads (Last 6 weeks)0

Reflects downloads up to 02 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Wala FBohacek S(2024)Zone-Hopping: Sensitive Information Leakage Prevention for DNSSEC-NSEC2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume (DSN-S)10.1109/DSN-S60304.2024.00035(104-110)Online publication date: 24-Jun-2024
https://doi.org/10.1109/DSN-S60304.2024.00035
Rafiee HMeinel C(2019)Necessary Standard for Providing Privacy and Security in IPv6 NetworksCyber Law, Privacy, and Security10.4018/978-1-5225-8897-9.ch017(327-345)Online publication date: 2019
https://doi.org/10.4018/978-1-5225-8897-9.ch017
Bergenholtz EIlie DMoss ACasalicchio E(2019)Finding a needle in a haystack - A comparative study of IPv6 scanning methods2019 International Symposium on Networks, Computers and Communications (ISNCC)10.1109/ISNCC.2019.8909131(1-6)Online publication date: Jun-2019
https://doi.org/10.1109/ISNCC.2019.8909131
Rafiee HMeinel C(2014)Necessary Standard for Providing Privacy and Security in IPv6 NetworksInformation Security in Diverse Computing Environments10.4018/978-1-4666-6158-5.ch007(109-126)Online publication date: 2014
https://doi.org/10.4018/978-1-4666-6158-5.ch007
Wander MSchwittmann LBoelmann CWeis T(2014)GPU-Based NSEC3 Hash BreakingProceedings of the 2014 IEEE 13th International Symposium on Network Computing and Applications10.1109/NCA.2014.27(137-144)Online publication date: 21-Aug-2014
https://dl.acm.org/doi/10.1109/NCA.2014.27

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Cited By

Index Terms

Recommendations

The Blind Man's Bluff Approach to Security Using IPv6

Performance analysis of probabilistic packet marking in IPv6

A Novel Zone-Walking Protection for Secure DNS Server

Comments

Information

Published In

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations