Access provided by Shenyang Normal University. Download reference work entry PDF
Definition
An Internet Protocol Version 6 (IPv6) is the most recent generation of Internet Protocol.
An Intrusion Detection System (IDS) is a device or software application that monitors a network for malicious activity or policy violations.
A Network Intrusion Detection Systems (NIDS) is a system that analyzes incoming network traffic.
Introduction
Our world has become a big network where everyone connects to it by the Internet. Most people living on the earth rely on this network. They are reading news, transferring money, and checking their emails and much more in their daily basic life. The goal of the new modern world is the availability, integrity, and confidentiality of this network. The rapid growth and widespread use of electronic devices and data processing (cloud computing, web application, Internet network, wireless networks, and private network) will raise the need for a solution that can provide a safe and secure infrastructure for a safe communication. To use the Internet, each device needs to have an Internet Protocol (IP) address. An IP address is a unique number that is assigned to every device that is connected to the network or Internet. The IP address enables devices to communicate with each other. There are two different versions of IPs, Internet Protocol Version 4 (IPv4) and Internet Protocol Version 6 (IPv6). IPv4 was developed in the early 1980s, but because of the rapid growth of the Internet, IPv4 has been fully allocated to Internet Services Providers and Internet users, and then there was a shortage of IPv4 available address (Icann 2011). IPv6 was standardized in 1996 to replace the current version of IPv4 and covers the biggest limitation of IPv4 which is the lack of enough addresses for all Internet users. In recent years, the major service providers have started to offer IPv6 addresses to their users (Icann 2011). Based on a report from Google on 16 Aug 2018, 23.91% of the users that access Google are over IPv6. This report shows how usage of IPv6 has grown during the last couple of years. With IP being the Internet’s main protocol, many constitutive Internet technologies are heavily tied to it and the change to version 6 resulted in updates of related protocols (Fig. 1).
The major changes between IPv4 and IPv6 can described as:
-
IPv6 large address:
IPv6 is 128bit, this mean, it can provide 340 trillion, trillion, trillion IPv6 addresses. That means IPv6 uses 128bit address space.
-
IPv6 fragmentation:
IPv6 is no longer required to be fragmented by the router. All fragmentation and reassembly are performed by sender and receiver host(s).
-
Addressing:
IPv6 uses three types of addresses which are unicast, multicast, and anycast. Unicast is only assigned to a single node of IPv6; however, a multicast is assigned to multiple nodes in a single multicast group.
-
Auto-configuration:
New capabilities of IPv6 that allow a new node automatically configure IP addresses.
-
Extension headers:
Referring to RFC 2460 (Deering and Hinden 1998), a full implementation must include support for six extension headers, which are Hop-by-Hop Options, Routing (Type 0), Fragment, Destination Options, Authentication Headers, and Encapsulating Security Payload.
Extension Headers
Apart from expanded addressing capabilities, one of the most important and significant changes in IPv6 is the improvement of supporting extension header with the options (Deering and Hinden1998). In IPv4, some of the header fields have been dropped to reduce the cost of packet handling and processing. However, this has been changed in IPv6 where the Extension Headers function is added. The Extension Headers are placed between IPv6 header and the upper layer header in a packet, and each of the Extension Headers is identified by a distinct next header value. As this is an optional field, each IPv6 packet can have zero, one, or more extension headers. Each Extension Headers have multiple of 8 octets long Fig. 2.
Internet Control Message Protocol Version 6 (ICMPv6)
Unlike ICMP for IPv4, ICMP for IPv6 (Conta and Deering 2006) play an important role in IPv6 network. ICMPv4 is not required in IPv4, but ICMPv6 is a required element and therefore it cannot be filtered completely. ICMPv6 has a next header value of 58. The main reason that ICMP was developed as a protocol was to be used for tests and diagnosis on IPv4 networks. The most important features that ICMP provides are to enable the utilities such as ping and trace route to help verify end-to-end IP communication and connectivity and provide information about any errors on the connection back to nodes (Davies and Mohacsi 2007). ICMPv6 messages can be categorized into two categories (Davies and Mohacsi 2007):
Error messages:
-
1 Destination Unreachable
-
2 Packet Too Big
-
3 Time Exceeded
-
4 Parameter Problem
-
100 Private experimentation
-
101 Private experimentation
-
127 Reserved for expansion of ICMPv6 error messages
Informational messages:
-
128 Echo Request
-
29 Echo Reply
Error messages will generate a report of any errors that occur during the message delivery. Informational messages will allow sharing of required information between nodes. As in other features, attackers may use ICMP for exploitation, and therefore sys-admin has no choice but to completely filter the protocol to prevent such attacks (DoS/DDoS, Evasion, Scan, Man in the Middle) (Davies and Mohacsi 2007). However, unlike ICMPv4, ICMPv6 cannot be filtered/blocked completely due to the important role that it plays in the IPv6 network. According to RFC 4890, filtering ICMPv6 on routers and firewalls is different from on a host. ICMPv6 is a required protocol on every IPv6 network. ICMPv6 provides the following functions (Davies and Mohacsi 2007):
-
Neighbor Discovery Protocol (NDP), Neighbor Advertisements (NA), and Neighbor Solicitations (NS) provide the IPv6 equivalent of IPv4 Address Resolution Protocol (ARP) functionality.
-
Router Advertisements (RA) and Router Solicitations (RS) help nodes determine information about their LAN, such as the network prefix, the default gateway, and other information that can help them communicate.
-
Echo Request and Echo Reply support the Ping6 utility.
-
PMTUD determines the proper MTU size for communications.
-
Multicast Listener Discovery (MLD) provides IGMP-like functionality for communicating IP multicast join and leave.
-
Multicast Router Discovery (MRD) discovers multicast routers.
-
Node Information Query (NIQ) shares information about nodes between nodes.
-
Secure Neighbor Discovery (SEND) helps secure communications between neighbors.
-
Mobile IPv6 is used for mobile communications.
Neighbor Discovery Protocol (NDP)
As defined in RFC2461, Neighbor Discovery is a protocol for IPv6. Since Address Resolution Protocol (ARP) has been removed in IPv6, both hosts and routers use Neighbor Discovery messages to determine the link layer addresses of nodes on the local link. When a host is connected to an IPv6 network, it sends Router Solicitation messages to routers on the same link to get network information such as network prefix, default router, and other network parameters. Stateless Auto-Configuration is another feature based on Neighbor Discovery Protocol which allows new hosts on the local link to get and configure their IPv6 address (Thomson and Narten 2007) (Table 1).
The transition from IPv4 to IPv6 should have eliminated any related security issue to the new protocol. The security mechanisms for network layer protocol should be examined in many different areas. One of these areas is how Operating Systems handle the IPv6 fragmented packet and how Network Intrusion Detection Systems can detect an attack on the IPv6 network. If used properly by an attacker, this feature in IPv6 can lead to Network Intrusion Detection System (NIDS) evasion, Firewall evasion, Operating System fingerprint, Network Mapping, Denial of Service (DoS)/Distributed Denial of Service (DDoS) attack, and Remote code execution attack (Ptacek and Newsham 1998; Erickson 2007; Chen 2014; Reese 2009).
IPv6 Vulnerabilities
Despite the security improvements in IPv6, some vulnerabilities are still common between IPv4 and IPv6. Insertion, Evasion, and Denial of Service are three different categories of attacks, which were proposed by Ptacek and Newsham (1998) for the first time. Most of the vulnerabilities are common between IPv4 and IPv6 (Mali et al. 2015; Satrya et al. 2015; Tripathi and Mehtre 2013), and because of the changes that were made in the IPv6 implantation (Deering and Hinden 1998), additional vulnerabilities arise as well. There are many features which are new and unique to IPv6. One of them is the improved support of headers (extensions and options) which were not existing before in IPv4.
Insertion, Evasion, and Denial of Service are three different categories of attacks, which were proposed by Ptacek and Newsham (1998) for the first time. The aim of these attacks is to make the IDS or victim host process different data or process the same data but differently. By using an insertion attack, IDS accepts a packet(s) that is rejected by the host. The packet looks valid only to the IDS. The attacker can bypass the signature-based IDS by inserting the traffic in such way that the signature is never matched or found. This process is different in Evasion attack; in Evasion attack the IDS rejects the packet that the end host accepts. The attacker can send some or all malicious traffic into the network without being caught by the IDS.
IPv6 Fragmentation Attack
Referring to all the aforementioned (RFC2460, 1998; RFC 3964, 2004; RFC 7123, 2014) recommendations of corresponding IPv6 Requests for Comment (RFCs) and previous sections, when using IPv6 Extension Headers and IPv6 Fragmentation, there are potential attacks against the Operating System (OS). In case of discrepancies between the behavior of several OS, this can lead to OS fingerprinting, Intrusion Detection System (IDS) insertion and IDS evasion, and Firewall evasion. Furthermore, there are still some issues regarding the handling of the IPv6 fragments (Atlasis 2012). One of the simplest examples of the one of the most common attacks can be fragmentation attack, which is common between IPv4 and IPv6 (Atlasis 2017).
Several IPv6 fragmentation and overlapping methods were used to test the effectiveness of some of the most popular OS, and it is found that none of them is fully RFC compliant while most of them seem to have significant issues (Fig. 3).
Operating System Fingerprint
This method is used for identification of the victim host. In human life, fingerprints can be used to identify a person. Similarly, an OS has its unique implementation of communication protocols by which it can be identified. In order to identify the OS and its version remotely and without having a direct access to that system, the attacker uses fingerprinting to analyze certain characteristic and network behavior communication (Eckstein and Atlasis 2011). By using such a method, the attacker can easily discover the live host on the network and identify their OS, and furthermore by using this method, the attacker could even reveal the victim host’s missing security patches or service packs. As a result, the attacker can easily use the related vulnerability to gain access to and control the end host easily (Allen 2007).
ICMPv6 Flooding Attack
ICMPv6 flooding attack is one of the most common attacks in both IP versions. The aim of using ICMPv6 attack is to use all of a victim’s resources (bandwidth, CPU, and RAM) by sending a large amount of traffic. The packet can contain any ICMPv6 type with source address referring to another node on the network (Martin and Dunn 2007).
To disturb the communications between routers and hosts, an attacker can use ICMPv6 error or informational messages such as ECHO (request and reply), Router Advertisement, Neighbor Advertisement, Neighbor Solicitation (NS), and Multicast Listener Discovery messages for a successful attack (Chen 2014).
ICMPv6 Amplification
The amplification attack is considered as one of the common security challenges in IPv4 and still exists in IPv6. The amplification attack allows the attackers to generate huge numbers of packets using a small number of packets and amplify it to a large number of packets based on the multicast address feature.
Broadcast Amplification attack also known as Smurf (Fig. 4) is the most well-known amplification attack, which is based on ICMPv6 multicast address function. The attacker uses Smurf attack to launch a DoS attack by sending an ECHO request packet to a multicast address with spoofed source address of victim machine. Once all nodes of the targeted multicast address have received a packet, all nodes start to reply to the source, which is the victim, and flood it with a large number of ECHO reply attacks. The victim will be overwhelmed and cannot respond to genuine requests (Martin and Dunn 2007). In addition, there is another version of Smurf attack which is called rSmurf (Remote Smurf) attack that has stronger amplification, because each packet generated by rsmurf6 can generate a large number of packets on the remote LAN. As a result, one malicious packet will generate a storm of traffic on victim network.
ICMPv6 Protocol Exploitation
By sending a Router Advertisement (RA) packet, any node on a network can claim that they are a router. An attacker can use this feature of ICMPv6 to perform a Man in the Middle (MitM) attack by presenting themselves as a router. The first method an attacker can use to launch a Dos/DDoS attack is by using Router Discovery packets, which are Router Solicitation (ICMPv6 type 133) and Router Advertisement (ICMPv6 134). The second method will be using Neighbor Discovery (ICMPv6 types 135 and 136) packets. The third method will be using Redirect furcation (ICMPv6 type 137) packets.
The Router Discovery process is responsible for packet routing. On the IPv6 network, a host will find a router by sending a Router Solicitation packet to router multicast address (FF02::2). Once the Router Solicitation packet is received by the default router, in response to that packet, the router will send Router Advertisement to the host. The Router Advertisement packet contains the information needed by the host such as router specification, onlink prefix, and network parameter (Tripathi and Mehtre 2013). An attacker can misuse Router Solicitation and Router Advertisement packet and perform the following attacks:
-
Default router is “killed”: By default, every node has a router table to list all routers on the network. When a node does not have any record in the table, it will consider that all destinations are on link (Narten et al. 2007). Now an attacker can send a Router Advertisement packet with router lifetime equal to zero and spoofed address. When the host receives the Router Advertisement packet, it will delete the router record because of the lifetime, and then it will redirect all packets to the destination without a router address. If the traffic is going outside of network, all packets will be lost, and therefore an attack has occurred (Tripathi and Mehtre 2013).
-
Bogus address configuration prefix attack: As mentioned earlier, one feature of IPv6 is that in absence of DHCP server, a node will generate their own IPv6 using Stateless Auto-Configuration with subnet prefixes of Router Advertisement messages that are received from a default router (Kempf and Nordmark 2004). The router sends Router Advertisement messages accordingly to all nodes to update their routing table information. By sending a Router Advertisement message with invalid subnet prefix to multicast address (FF02::1), an attacker can launch an attack. Now all nodes will generate an invoice IPv6 address based on the invalid prefix that was received, and all communication between hosts will be disrupted.
-
Parameter spoofing: As mentioned earlier, Router Advertisement messages contain network parameter information, and they are very useful to the host to send IPv6 packets later. An attacker can send a Router Advertisement message (e.g., with a small hob limit), which contains false network parameters that can disturb the packet transmission and host’s communications.
Neighbor Discovery Attack
Neighbor Solicitation and Neighbor Advertisement are two ICMPv6 messages that Neighbor Discovery Protocol (non-routing one) uses. Two of the most important jobs that NDP is responsible for are neighbor unreachability and Duplicate Address Detection (DAD). An attacker can use these functions as an advantage and launch an attack.
Duplicate address detection DoS attack: Another feature on IPv6 network is Duplicate Address Detection (DAD). When a node needs a new IPv6 address, it will send Neighbor Solicitation to all-nodes multicast address “FF02::1” to check whether that IP is in use or not. If the sender did not receive a reply, that means the IPv6 address is free and the new node can use it. An attacker can use this as an advantage and send a spoofed Neighbor Advertisement packet claiming that the address is in use every time that node sends a request. By using such an attack, the new nodes will not get an IPv6 address, and therefore there is not any connectivity (Fig. 5) (Zhao-Wen et al. 2007).
Neighbor Unreachability Detection failure: Neighbor Unreachability Detection (NUD) process detects when a neighbor is unreachable. Once this has happened, the node starts to send a Neighbor Solicitation packet to lost node address and waits for a Neighbor Advertisement reply for a short period. If no Neighbor Advertisement is received, the node will delete the peer node from its Neighbor Cache Entry table. An attacker can send a malicious Neighbor Advertisement reply to a Neighbor Solicitation request to show that the node is still alive and on the network which it is not.
ICMPv6 Redirect Message Attack
IPv6 nodes use ICMPv6 “Redirect” message to find a better path to their destination. The router will send “Redirect” message to a node to optimize the packet routing process and the delivery path. The following attack types can utilize ICMPv6 redirect messages:
-
The traffic can be forwarded to non-existent link.
-
The traffic can be redirected to an existing node. This will result in the node being overwhelmed.
Gaming company has become more attractive targets for attackers during the last couple of years. Moving the gaming companies Internet Protocol from Version 4 to Version 6 will create some vulnerabilities which attackers can use to launch ICMPv6, DDoS, and some other malicious activities by bypassing the detection by using some of IPv6 new features such as Extension Headers and Fragmentations.
Attacking Tools
This section covers some of the most common attack tools to perform an attack on IP level.
Fragrouter is a network intrusion detection evasion toolkit developed by Dug Sing. It implements most of the attacks described in the Ptacek & Newsham in 1998. (It features a simple rule set language to delay, duplicate, drop, fragment, etc.).
THC-IPV6-ATTACK-TOOLKIT is a collection of attacking tools that can be used to test the implementation of IPv6 network and test firewall and NIDS. This collection contains the following tools (van Hauser 2008):
-
parasite6: ICMPv6 neighbor solicitation/advertisement spoofer, puts you as man-in-the middle, same as ARP mitm (and parasite)
-
alive6: an effective alive scanning, which will detect all systems listening to this address
-
dnsdict6: paralyzed DNS IPv6 dictionary brute forcer
-
fake_router6: announce yourself as a router on the network, with the highest priority
-
redir6: redirect traffic to you intelligently (man-in-the-middle) with a clever ICMPv6 redirect spoofer
-
dos-new-ip6: detect new IPv6 devices and tell them that their chosen IP collides on the network (DOS)
Havij is an automated SQL injection tool that takes advantage of a vulnerable web application to find and exploit SQL injection vulnerabilities. An attacker can perform back-end database fingerprint, DBMS login names and password hashes, and much more like fetching data from a database. However, this tool is capable of accessing the underlying file system and executing the operating system shell commands.
Acunetix is a web vulnerability scanner designed to replicate a hacker’s methodology to find vulnerabilities like SQL injection and DoS/DDOS attack. By using Acunetix you can use an extensive feature set of both automated and manual penetration testing tools, security analysis and repair detected threats.
Mendax is a TCP de-synchronizer that injects overlapping segments in randomly generated order. An attacker can use Mendax to evade NIDS. Mendax is not a router, but is a stand-alone TCP client program which can be used by an attacker to perform an evasion from an input text file, performs a fixed set of evasion technique, and sends restructured exploit to the victim host (Gorton and Champion 2003).
In Table 2 a summary of Evasion and Insertion attack tools is provided.
Related Work
Alnakhalny et al. (Saad et al. 2014) proposed a detection method for ICMPV6 flood attack based on Dynamic Evolving Neural Fuzzy Inference System (DENFIS). DENFIS is a system that uses online clustering to perform online and offline learning. The proposed system is based on self-machine learning. However, one important question here is if the attacker uses a mixture of method to bypass the detection, it will take time for the machine to learn that algorithm and detect future attack. Because of that, attackers will change their method, and therefore the detection method could not be useful for such attack.
Anbar et al. (Saad et al. 2016) proposed An Intelligent ICMPv6 DDoS Flooding attack Detection Framework (v6IIDS) Using Backpropagation Neural Network. Their aim is to detect ICMPv6 Flooding attack using an Intelligent Intrusion Detection System in an IPv6 Network (v6IIDS). The proposed system detection has four processes. These processes are data collection and pre-processing, traffic analysis, anomaly-based detection, and ICMPv6 flooding detection.
Rafiee et al. (Rafiee and Meinel 2013) proposed a new algorithm to tackle the issue with Cryptographically Generated Addresses (CGA) [3972] and Privacy Extension [4941] in IPv6 state-less configuration. The proposed method uses a new way to generate Interface Identifier (IID) to reduce the computing cost and prevent security theatres related to state-less configuration such as IP spoofing. However, it seems the proposed algorithm cannot detect Duplicated Address Detection attack on IPv6.
Kent et al. (Kent and Seo 2005) provided Security Architecture for the Internet Protocol. In IPv6 unlike IPv4, Internet Protocol Security (IPSec) is mandatory. IPSec draws a line between protected and unprotected interfaces for host or network. If traffic want to cross the boundary, they are subject to the access control list that is specified by the system admin who is responsible for IPSec configuration. These controls indicate whether packets cross the boundary unimpeded, are afforded security services via AH or ESP, or are discarded.
IPSec provide an end-to-end security between end hosts and all intermediate nodes. IPsec has the following weaknesses (Yang et al. 2010; Arkko and Nikander 2005):
-
Not support the upper layer
-
Because it needs key exchange, it will use IKE management, which requires a valid IPv6 address. So it cannot work when a new host joins a network and therefore is not able to protect Network Discovery Protocol.
Because of the complex configuration, most of the users do not implement IPsec for link local addresses.
Kempf et al. (Kempf et al. 2005) proposed SEcure Neighbor Discovery (SEND) protocol to mitigate the issue of IPsec for link local comminution. SEND is an extension of NDP that adds several options such as Cryptographically Generated Addresses (CGA), RSA Signature and Timestamp, and Nonce Options. In addition, they introduce four new Authorization Delegation Discovery, Certification Path Solicitation Message Format, Certification Path Advertisement Message Format, Router Authorization Certificate Profile and Suitability of Standard Identity Certificates (Kempf et al. 2005; Securing IPv6 2002).
A review of SEND done by Meinel et al. (Alsa’Deh and Meinel 2012). They are challenging SEND as it is not provided link layer security and cover NDP communication confidentiality. The Cryptographically Generated Addresses cannot assure the real node identity. Because of the structure of SEND, it will use more CPU of nodes and bandwidth to process. In addition, if Router Authorization and Standard Identity Certificates implement into routers, It will put an extra workload on them.
Hussain et al. (Hussain et al. 2016) proposed a two-stage hybrid classification (Fig. 6) method using Support Vector Machine (SVM) as anomaly detection in the first stage and Artificial Neural Network (ANN) as misuse detection in the second. The advantages of using SVM and ANN are better classification accuracy and a low probability of false positive. The proposed system classifies the type of attack into four classes: Denial of Service (DOS), Remote to Local (R2L), User to Root (U2R), and Probe. The first stage is looking for any abnormal activities that could be an intrusion, while the second stage does the future analysis, and if there are any known attacks, it will classify them into the four categories that were already mentioned.
Data Preprocess will prepare and pre-process network traffic in the data pre-process module. Once data has been received and pre-processed, it will be sent to the next process, which is “Detection and Classification.” The detection and classification process has two stages: NIDS using SVM for anomaly and ANN for misuse detection. The data then passes to the Alarm module, which interprets event results on both stages and reports the intrusion detection activity.
Conclusion
IPv6 introduces new features and capabilities. These results in new issues, and security issues is one of the most important among them. Most of the vulnerabilities are common between IPv4 and IPv6, and because of the changes that were made in the IPv6 implantation, additional vulnerabilities arise as well. There are many features which are new and unique to IPv6. One of them is the improved support of headers (extensions and options) which were not existing before in IPv4.This entry reviewed an overview of Internet Protocol Version 6 (IPv6), IPv6 new features, and some of the most common vulnerabilities; also, a review was discussed for existing solutions and how those solutions can mitigate the vulnerability discussed in this entry. By adopting IPv6, gaming industries will become an attractive target for attackers to launch an attack such as ICMPv6 and DDoS to game companies. These sorts of attacks already launched to Sony, EA, and Steam really affected the gaming industry in terms of availability. In addition, the customer data on gaming companies could be in danger, as attackers could use IPv6 new features to bypass the detection on NIDSs and do malicious activities on gaming server.
References
Acunetix scanner. Accessed 16 Feb 2017. [Online]. Available: https://www.acunetix.com/
Allen, J.M.: OS and application fingerprinting techniques, 2007. [Online]. Available: https://www.giac.org/paper/gsec/8496/os-application-fingerprinting-techniques/113048
Alsa’Deh, A., Meinel, C.: Secure neighbor discovery: review, challenges, perspectives, and recommendations, IEEE Secur. Priv. 10(4): 26–34 (2012). [Online]. Available: https://doi.org/10.1109/MSP.2012.27
Arkko, J., Nikander, P.: Limitations of IPsec policy mechanisms. Lecture notes in computer science (Including subseries, 2005). [Online]. Available: https://doi.org/10.1007/11542322_29
Atlasis, A.: Attacking ipv6 implementation using fragmentation. BlackHat Europe, 2012. [Online]. Available: http://media.blackhat.com/bh-eu-12/Atlasis/bh-eu-12-Atlasis-Attacking_IPv6-WP.pdf
Atlasis, A.: The impact of extension headers on IPv6 access control lists real life use cases. Heidelberg (2017)
Chen, J.G.Y.: Detecting DoS/DDoS attacks under IPv6, pp. 847–855. Springer, New York City (2014)
Conta, A., Deering, S.: Internet control message protocol (ICMPv6) for the internet protocol, version, Vol. 6, no. 6, 2006. [Online]. Available: https://www.rfc-editor.org/info/rfc4443
Davies, E., Mohacsi, J.: Recommendations for filtering ICMPv6 messages in firewalls, 2007. [Online]. Available: https://www.rfc- editor.org/info/rfc4890
Deering, S., Hinden, R.: Internet protocol, version, Vol. 6, 1998. [Online]. Available: https://www.ietf.org/rfc/rfc2460.txt
Eckstein, C., Atlasis, A.: OS Fingerprinting with IPv6, Infosec reading room, SANS Institute, 2011
Erickson, J.: The art of exploitation, 1–492, 2007. [Online]. Available: https://leaksource.files.wordpress.com/2014/08/hacking-the- art-of-exploitation.pdf
Gorton, S., Champion, T.G.: Combining evasion techniques to avoid network intrusion detection systems. Skaion corporation, pp. 1–20, 2003. http://www.Skaion.Com/Research/Tgcrsd-Raid.Pdf
Havij. Accessed 17 July 2017. [Online]. Available: https://www.darknet.org.uk/2010/09/havij-advanced-automated-sql-injection-tool
Hussain, J., Lalmuanawma, S., Chhakchhuak, L.: A two-stage hybrid classification technique for network intrusion detection system. Int. J. Comput. Commun. Eng. Res. 3(2): 16–27 (2016). [Online]. Available: https://doi.org/10.1080/18756891.2016.1237186
Icann, Internet protocol (ip) addresses. Beginner’s Guide. icann, 2011. [Online]. Available: https://www.icann.org/en/system/files/files/ip-addresses-beginners-guide-04mar11-en.pdf
Kempf, J., Nordmark, E.: IPv6 neighbor discovery (ND) trust models and threats. Internet Soc. 1(23), 2004. [Online]. Available: https://doi.org/10.17487/rfc3756
Kempf, J., Zill, B., Nikander, P.: SEcure neighbor discovery, 2005. [Online]. Available: https://www.rfc-editor.org/info/rfc3971
Kent, S., Seo, K.: Security architecture for the Internet protocol, 2005. [Online]. Available: https://www.rfc-editor.org/info/rfc4301
Mali, P., Phadke, R., Rao, J., Sanghvi, R.: Mitigating IPv6 vulnerabilities, 2015. [Online]. Available: https://www.colorado.edu/itp/sites/default/files/attached-files/57971-97277_-_ronak_sanghvi_-_may_1_2015_1212_am_-_research_paper_final_team5.pdf
Martin, C.E., Dunn, J.H.: Internet protocol, version, Vol. 6, pp. 1–7, 2007. [Online]. Available: https://doi.org/10.1109/MILCOM.2007.4455200
Narten, T., Nordmark, E., Simpson, W., Soliman, H.: Neighbor discovery for, IP version, Vol. 6, 2007. [Online]. Available: https://www.rfc-editor.org/info/rfc4861
Ptacek, T.H., Newsham, T.N.: Insertion, evasion and denial of service: eluding network intrusion detection, 1998. [Online]. Available: http://www.aciri.org/vern/Ptacek-Newsham-Evasion-98.ps
Rafiee, H., Meinel, C.: SSAS: a simple secure addressing scheme for IPv6 autoconfiguration, 2013. [Online]. Available: https://doi.org/10.1109/PST.2013.6596063
Reese, G.: Cloud Application Architectures, 1st Edition. 1st ed. [Place of publication not identified]: O’Reilly Media, Inc., pp. 2–4 (2009)
Saad, R.M.A., Almomani, A., Altaher, A., Gupta, B.B., Manickam, S.: ICMPv6 flood attack detection using DENFIS algorithms. Indian J. Sci. Technol. 7(2), 168–173 (2014)
Saad, R.M.A., Anbar, M., Manickam, S., Alomari, E.: An intelligent ICMPv6 DDoS flooding-attack detection framework (V6IIDS) using back-propagation neural network. IETE Tech. Rev. (Institution of Electronics and Telecommunication Engineers, India) 33(3), 244–255 (2016). [Online]. Available: https://doi.org/10.1080/02564602.2015.1098576
Satrya, G.B., Chandra, R.L., Yulianto, F.A.: The detection of DDOS flooding attack using hybrid analysis in IPv6 networks. Technology, ICoICT, 2015. [Online]. Available: https://doi.org/10.1109/ICoICT.2015.7231429
Securing IPv6 neighbor and router discovery, pp. 77–86, 2002. [Online]. Available: https://doi.org/10.1145/570681.570690
Thomson, S., Narten, T.: IPv6 stateless address autoconfiguration, 2007. [Online]. Available: https://www.rfc-editor.org/info/rfc4862
Tripathi, N., Mehtre, B.: DoS and DDos attacks: impact, analysis and countermeasures, 7, 2013. [Online]. Available: https://www.researchgate.net/publication/259941506_DoS_and_DDoS_Attacks_Impact_Analysis_and_Countermeasures
van Hauser, THC-IPV6-attack-toolkit, 2008. [Online]. Available: https://github.com/vanhauser-thc/thc-ipv6
Yang, D., Song, X., Guo, Q.: Security on IPv6, Vol. 3, pp. 323–326, 2010. [Online]. Available: https://doi.org/10.1109/ICACC.2010.5486848
Zhao-Wen, L., Lu-hua, W., Yan, M.: Possible attacks based on IPv6 features and its detection, 2007. [Online]. Available: http://master.apan.net/meetings/xian2007/publication/031_lin.pdf
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 Springer Nature Switzerland AG
About this entry
Cite this entry
Tajdini, M., Kolivand, H. (2024). IPv6 Common Security Vulnerabilities and Tools: Overview of IPv6 with Respect to Online Games. In: Lee, N. (eds) Encyclopedia of Computer Graphics and Games. Springer, Cham. https://doi.org/10.1007/978-3-031-23161-2_388
Download citation
DOI: https://doi.org/10.1007/978-3-031-23161-2_388
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-23159-9
Online ISBN: 978-3-031-23161-2
eBook Packages: Computer ScienceReference Module Computer Science and Engineering