IPv6攻击场景测试平台

2012 IEEE Symposium on Humanities, Science and Engineering Research Pub Date : 2012-06-24 DOI:10.1109/SHUSER.2012.6269008

W. Ali, A. Taib, N. Hussin, J. Othman

{"title":"IPv6攻击场景测试平台","authors":"W. Ali, A. Taib, N. Hussin, J. Othman","doi":"10.1109/SHUSER.2012.6269008","DOIUrl":null,"url":null,"abstract":"Deploying IPv6 in the enterprise network will increase the security issues since some of IPv6 features bring vulnerabilities. Thus, mitigating them with appropriate security policy is vital. By having attack scenario testing, it will expose network administrators to the IPv6 potential attack. For example, Bad ACK-Reset attack is used by an attacker to reset a new connection after exploiting network. Also, Packet Fragmentation attack is capable to control over the packet fragmentation services yet can cause problems in security measurement. Hence, this paper tested Bad ACK-Reset and Packet Fragmentation attack scenarios for analysis. This paper used Scapy (2.0.1) to generate packets for testing. A testbed simulation has been designed by using Graphical Network Simulator 3 (GNS3). Several ip6tables rules and access control lists (ACLs) were implemented at the host and the router respectively to counter Bad ACK-Reset and Packet Fragmentation attack scenarios. Information gained from the testing will provide a clear understanding on IPv6 security issues and help to design a proper network security policy. The current results from the testing can be used for future research in generating the security policies. Thus, our further research will focus on modelling the created security policy for IPv6 deployment.","PeriodicalId":426671,"journal":{"name":"2012 IEEE Symposium on Humanities, Science and Engineering Research","volume":"18 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-06-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":"{\"title\":\"IPv6 attack scenarios testbed\",\"authors\":\"W. Ali, A. Taib, N. Hussin, J. Othman\",\"doi\":\"10.1109/SHUSER.2012.6269008\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Deploying IPv6 in the enterprise network will increase the security issues since some of IPv6 features bring vulnerabilities. Thus, mitigating them with appropriate security policy is vital. By having attack scenario testing, it will expose network administrators to the IPv6 potential attack. For example, Bad ACK-Reset attack is used by an attacker to reset a new connection after exploiting network. Also, Packet Fragmentation attack is capable to control over the packet fragmentation services yet can cause problems in security measurement. Hence, this paper tested Bad ACK-Reset and Packet Fragmentation attack scenarios for analysis. This paper used Scapy (2.0.1) to generate packets for testing. A testbed simulation has been designed by using Graphical Network Simulator 3 (GNS3). Several ip6tables rules and access control lists (ACLs) were implemented at the host and the router respectively to counter Bad ACK-Reset and Packet Fragmentation attack scenarios. Information gained from the testing will provide a clear understanding on IPv6 security issues and help to design a proper network security policy. The current results from the testing can be used for future research in generating the security policies. Thus, our further research will focus on modelling the created security policy for IPv6 deployment.\",\"PeriodicalId\":426671,\"journal\":{\"name\":\"2012 IEEE Symposium on Humanities, Science and Engineering Research\",\"volume\":\"18 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2012-06-24\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"7\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2012 IEEE Symposium on Humanities, Science and Engineering Research\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SHUSER.2012.6269008\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 IEEE Symposium on Humanities, Science and Engineering Research","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SHUSER.2012.6269008","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 7

摘要

在企业网络中部署IPv6会增加安全问题，因为IPv6的一些特性会带来漏洞。因此，使用适当的安全策略来减轻它们是至关重要的。通过攻击场景测试，将网络管理员暴露在IPv6的潜在攻击中。例如，Bad ACK-Reset攻击是攻击者利用网络后重置新的连接。同时，报文分片攻击能够控制报文分片服务，但也会造成安全度量方面的问题。因此，本文测试了Bad ACK-Reset和Packet Fragmentation攻击场景进行分析。本文使用Scapy(2.0.1)生成用于测试的数据包。利用图形网络模拟器3 (GNS3)设计了仿真试验台。在主机和路由器上分别实现了几个ip6tables规则和访问控制列表(acl)，以应对Bad ACK-Reset和Packet Fragmentation攻击场景。从测试中获得的信息将提供对IPv6安全问题的清晰理解，并有助于设计适当的网络安全策略。测试的当前结果可用于未来生成安全策略的研究。因此，我们进一步的研究将集中在建模为IPv6部署创建的安全策略。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

IPv6 attack scenarios testbed

Deploying IPv6 in the enterprise network will increase the security issues since some of IPv6 features bring vulnerabilities. Thus, mitigating them with appropriate security policy is vital. By having attack scenario testing, it will expose network administrators to the IPv6 potential attack. For example, Bad ACK-Reset attack is used by an attacker to reset a new connection after exploiting network. Also, Packet Fragmentation attack is capable to control over the packet fragmentation services yet can cause problems in security measurement. Hence, this paper tested Bad ACK-Reset and Packet Fragmentation attack scenarios for analysis. This paper used Scapy (2.0.1) to generate packets for testing. A testbed simulation has been designed by using Graphical Network Simulator 3 (GNS3). Several ip6tables rules and access control lists (ACLs) were implemented at the host and the router respectively to counter Bad ACK-Reset and Packet Fragmentation attack scenarios. Information gained from the testing will provide a clear understanding on IPv6 security issues and help to design a proper network security policy. The current results from the testing can be used for future research in generating the security policies. Thus, our further research will focus on modelling the created security policy for IPv6 deployment.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2012 IEEE Symposium on Humanities, Science and Engineering Research

自引率

0.00%

发文量