A Survey Of IPv6 Address Usage In The Public Domain Name System

The IPv6 protocol has been slowly increasing in use on the Internet. The main reason for the development of the protocol is that the address space provided by IPv4 is nearing exhaustion. The pool of addresses provided by IPv6 is 296 times larger than IPv4, and should be sufficient to provide an address for every device for the foreseeable future. Another potential advantage of this significantly large address space is the use of randomly assigned addresses as a security barrier as part of a defence in depth strategy. This research examined the addresses allocated by those implementing IPv6 to determine what method or pattern of allocation was being used by adopters of the protocol. This examination was done through the use of DNS queries of the AAAA IPv6 host record using public DNS servers. It was observed that 55.84% of IPv6 addresses were in the range of 0 to (232 − 1). For those addresses with unique interface identifier (IID) portions, a nearly equal number of sequential and random IIDs were observed. Hong Kong and Germany were found to have the greatest number of IPv6 addresses. These results suggest that adopters are allocating most addresses sequentially, meaning that no security advantage is being obtained. It is unclear as to whether this is through design or the following of accepted practice. Future research will continue to survey the IPv6 address space to determine whether the patterns observed here remain constant

Using passive and active enumeration methods to improve IPv6 host enumeration search algorithms

IPv6 off-link host enumeration, when compared to IPv4 host enumeration, is a difficult and expensive exercise. The expense arises from the difference in address space sizes between the two protocols, with IPv6 having a 296 larger address space than that of IPv4. This paper presents an algorithm for performing contextual IPv6 host enumeration against a target. The algorithm uses passive and active enumeration in order to focus the search upon areas of the address space where it is more probable that targets will exist. Experiments were conducted to test the proposed adaptive heuristic search algorithm involving applying the algorithm to a test dataset of IPv6 addresses, measuring the results and comparing those to a linear search against the same datasets. This research shows that the adaptive heuristic search algorithm achieved an average of 9,975 successful hits per simulation when applied to a dataset of realistic IPv6 addresses, whilst the linear search had an average of 8,642 when applied to the same dataset. Both algorithms performed poorly when applied to a dataset comprising randomly generated IPv6 addresses. The results show that the algorithm provides a good candidate for IPv6 off-link host enumeration, as it outperformed the linear search on average, whilst using less probes to do so

A survey of IPV6 address usage in the public domain name system

The IPv6 protocol has been slowly increasing in use on the Internet. The main reason for the development of the protocol is that the address space provided by IPv4 is nearing exhaustion. The pool of addresses provided by IPv6 is 296 times larger than IPv4, and should be sufficient to provide an address for every device for the foreseeable future. Another potential advantage of this significantly large address space is the use of randomly assigned addresses as a security barrier as part of a defence in depth strategy. This research examined the addresses allocated by those implementing IPv6 to determine what method or pattern of allocation was being used by adopters of the protocol. This examination was done through the use of DNS queries of the AAAA IPv6 host record using public DNS servers. It was observed that 55.84% of IPv6 addresses were in the range of 0 to (232 − 1). For those addresses with unique interface identifier (IID) portions, a nearly equal number of sequential and random IIDs were observed. Hong Kong and Germany were found to have the greatest number of IPv6 addresses. These results suggest that adopters are allocating most addresses sequentially, meaning that no security advantage is being obtained. It is unclear as to whether this is through design or the following of accepted practice. Future research will continue to survey the IPv6 address space to determine whether the patterns observed here remain constant

SISTEMA DE DETECCIÓN DE INTRUSOS A TRAVÉS DE UNA RED HONEYNET PARA ENTORNOS DE RED CABLEADA SOBRE IPV6

Las honeynet o redes señuelo son recursos de red que representan una medida de aseguramiento para toda organización que haga uso de las tecnologías de información y las comunicaciones. Esta herramienta es usada en el ámbito de la seguridad informática con la finalidad de atraer y analizar el comportamiento de los atacantes en internet. El propósito de este trabajo es presentar pruebas experimentales de los ataques informáticos más comunes en redes cableadas IPV6 a través de las herramientas como 6Guard, SNORT y Wireshark. También se evidencia en el artículo el diseño e implementación de una red Honeynet bajo IPv6, donde interactúan diferentes sistemas operativos. Dentro de los resultados obtenidos se pudo observar la detección completa de los ataques tipo THC-IPv6, como fake_router6, redir6, fake_advertise6, fake_solicitate6, flood_dhcp6, sendpees6, sendpeesmp6 y smurf6