IPv6-in-IPv4 Tunnel Discovery: Methods and Experimental Results

International Journal of Mobile Computing and Multimedia Communications, 2013

Internet Protocol version 6 (IPv6) is created to occupy the insufficient current Internet addresses. Consequently this significant contribution offers huge number of Internet addresses. Besides, the security also has been improved to challenge today threats in competent on IPv6 network. As alternative, an automatic tunneling was introduced along with other transition mechanisms to ensure smooth implementation on existing network. However, it’s believed that the implementation of automatic tunneling has altered the form of the IPv4 threats. Then the gained information from this mechanism is exploited to attempt the target network. As a concern, this paper thoroughly describes on potential of reconnaissance attack reach through automatic tunneling named 6to4 Tunneling. The preference development tools and networking defense mechanism suite, is setup to conduct proposed attack method under 6to4 tunnel testbed environment. As a result, the attacking method is feasible to attempt and 6to...

2013 XXXIX Latin American Computing Conference (CLEI), 2013

The central pool of IPv4 addresses managed by IANA was depleted in February 2011. A similar situation will soon happen at the level of LACNIC, the local RIR for South America. Therefore, it is necessary to deploy the new version of the Internet Protocol (IPv6) which dramatically expands the address space. However, this deployment must be done gradually and consequently. Many transition technics have been proposed, with different operational theory and availability according to the network environment. For this reason, it is important to evaluate the performance of these transition technics to help network administrators and researchers in their selection. In this paper, we present a performance comparison of some tunneling mechanisms such as ISATAP, 6to4, 6rd, and Teredo in real testbeds. The RTT and the throughput for UDP and TCP are measured for every mechanism for both Ethernet and Fast Ethernet technologies. From this research, we can conclude that ISATAP presents the best performance and Teredo can be seen as a last resort solution since it has a high overhead.

Lecture Notes in Computer Science, 2012

While the IETF standardized IPv6 more than fifteen years ago, IPv4 is still the prevalent Internet protocol today. On June 8th, 2011, several large content and service providers coordinated a large-scale IPv6 test-run, by enabling support for IPv6 simultaneously: the World IPv6 Day. In this paper, we compare IPv6 activity before, during, and after the event. We examine traffic traces recorded at a large European Internet Exchange Point (IXP) and on the campus of a major US university; analyzing volume, application mix, and the use of tunneling protocols for transporting IPv6 packets. For the exchange point we find that native IPv6 traffic almost doubled during the World IPv6 Day while changes in tunneled traffic were limited. At the university, IPv6 traffic increased from 3-6 GB/day to over 130 GB/day during the World IPv6 Day, accompanied by a significant shift in the application and HTTP destination mix. Our results also show that a significant number of participants at the World IPv6 Day kept their IPv6 support online even after the test period ended, suggesting that they did not encounter any significant problems.

Proceedings of the 3rd Usenix Conference on Offensive Technologies, 2009

IPv6 is the future network layer protocol for the Internet. Since it is not compatible with its predecessor, some interoperability mechanisms were designed. An important category of these mechanisms is automatic tunnels, which enable IPv6 communication over an IPv4 network without prior configuration. This category includes ISATAP, 6to4 and Teredo. We present a novel class of attacks that exploit vulnerabilities in these tunnels. These attacks take advantage of inconsistencies between a tunnel's overlay IPv6 routing state and the native IPv6 routing state. The attacks form routing loops which can be abused as a vehicle for traffic amplification to facilitate DoS attacks. We exhibit five attacks of this class. One of the presented attacks can DoS a Teredo server using a single packet. The exploited vulnerabilities are embedded in the design of the tunnels; hence any implementation of these tunnels may be vulnerable. In particular, the attacks were tested against the ISATAP, 6to4 and Teredo implementations of Windows Vista and Windows Server 2008 R2.

2006 8th International Conference Advanced Communication Technology, 2006

Numerous IPv6 transition mechanisms have been calculation and so on. For example, if IP-in-IP tunneling developed for supporting interoperability between IPv4 and IPv6. mechanisms are used in IPv6 transition mechanisms, IP header Although performance aspects of these mechanisms are overhead will be increased to 4.81% as shown in Tab. 2. Header requirements for practical deployment, they have yet to be overhead analysis is a very simple and crude way to predict empirically evaluated. In this paper we present the impact of IPv6 transition mechanisms on user application. Our experimental results show that though performance overheads were minimal, We have found that the most significant differentiators of with small, fragmented and translation packets some performance performance lie with more subtle details of protocol and transition degradation did occur. mechanism operations. For example, if an IPv6 source sends

Journal of Network and Computer Applications, 2008

IPv4 to IPv6 transition is an inevitable process when deploying IPv6 networks within the present IPv4 Internet. The two protocols are expected to coexist for a number of years during the transition period. A number of transition techniques exist to address the various needs of different networks. One of them is tunneling mechanism. Tunneling means encapsulation of one protocol into another one so that the encapsulated protocol is send as payload on the network. In this paper, a scheme is presented for tunneling of IPv4 packets in IPv6 packets. This scheme will be useful in the future when most of the networks would be converted into IPv6 networks involving minimum IPv4 routing.

Computers and Communications, 2005. …, 2005

2010

Sharing of information and resources among different devices require networking. As networks are expanding day by day, Internet Protocols are gaining more and more popularity. Different transition mechanisms have been established and yet a lot of research is to be carried out. Internet Protocol version 6 (IPv6) is the next generation Internet Protocol proposed by the Internet Engineering Task Force (IETF) to supersede the current Internet Protocol version 4 (IPv4). To enable the integration of IPv6 into current networks, several transition mechanisms have been proposed by the IETF IPng Transition Working Group. This work examines and empirically evaluates two transition mechanisms, namely 6-over-4, and IPv6 in IPv4 tunneling, as they relate to the performance of IPv6.This paper outlines many of the common known threats against IPv4 and then compares and contrasts how these threats, or similar ones, might affect an IPv6 network. Some new threats specific to IPv6 are also considered. The current capabilities of available products are evaluated, as is how any inherent protocol characteristics of IPv6 affect the nature of the threat. This is prefaced by a brief overview of current best practices around the design of an IPv4 Internet edge network and then followed by a review of how that IPv4 edge network needs to evolve in order to secure the addition of IPv6.

12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops, 2011

Network monitoring is an essential task of network management. Information obtained by monitoring devices gives a real picture of the network in production including transmitted data volumes, top hosts, a list of frequently used applications etc. Deep analysis of data collected by monitoring can reveal network attacks or detect misuse of network services. In addition, Data Retention Act requires each ISP to track user's activities. Protocol IPv6 puts new challenges for network administrators in the context of user identification. Unlike IPv4, an IPv6 address no longer uniquely identifies a user or PC. IPv6 address can be randomly generated and keeps changing in time. PCs with IPv6 stack can also communicate via predefined tunnels over IPv4 infrastructure. That tunneled traffic mostly bypasses network security implemented via firewalls. In this paper, we identify major monitoring and security issues of IPv6 connectivity and propose a solution based on SNMP and Netflow data that helps to uniquely identify users. The solution requires an extended set of monitoring data to be collected from network devices. We present a new data structure based on extended Netflow records. Feasibility of the approach is demonstrated on the Brno University of Technology (BUT) campus network.

ArXiv, 2016

Active network measurements constitute an impor- tant part in gaining a better understanding of the Internet. Although IPv4-wide scans are now easily possible, random active probing is infeasible in the IPv6 Internet. Therefore, we propose a hybrid approach to generate a hitlist of IPv6 addresses for scanning: First, we extract IPv6 addresses from passive flow data. Second, we leverage publicly available resources such as rDNS data to gather further IPv6 addresses. Third, we conduct traceroute measurements from several vantage points to obtain additional addresses. We perform multiple active measurements on gathered IPv6 addresses and evaluate response rates over time. We extensively compare all IPv6 address sources. In total we found 150M unique IPv6 addresses over the course of four weeks. Our hitlist covers 72% of announced prefixes and 84% of Autonomous Systems. Finally, we give concrete recommendations to maximize source efficiency for different scan types.