Microsoft Word - 4[1]..doc37
IPv6 An Analysis of Security Threat and Network Attack in IPv6
(B.H. Jung)
(J.D. Lim)
(Y.H. Kim)
(K.Y. Kim)
IPv6 IPv6
. IPv6 IPv4 IPsec
IPv6 , IPv6
. IPv6
/
.





.
. IPv6
. IPv6
. IPv6
.
38
, BcN,
PC ,
TV, ,
IP
. IPv4
IP
, IPv4 2022
.
, , 2000
IPv6
. ,
IPv6
, 2005 4 “Coalition Sum-
mit for IPv6” , ,
IPv6
“Metronnet6”
.
IT839 IPv6
IPv6 (WiBro, VoIP,
) [1].
2006
. , , ,
BSD, IPv6
. ,
IPv6
(ISP) IPv6
. ,
IPv4 IPv6
IPv6
. IPv6 ,

. IPv6 IPv4 IPsec
IP
. , IP
IPv6

IPv4 . ,
IPv4/IPv6 IPv4
IPv6

. IPv6
. , IETF
IPv6
, IPv4/IPv6
,
.
IPv6
, SNMP, RMON,
Cisco NetFlow[2] IPv6
, /IDS/IPS
IPv6
. , IPv6

IPv6 .
. IPv6
IPv6
( 1) IPv4
IPv6
. IPv6
128
IPv6
. , IPv4 IPv6

.
IPv6: IPv6 IETF IPv6
1988
IP , IP
IPv6 .

39
.


. IPv4 ping sweep, port scan
.
IPv6 ping sweep, port scan
IPv6 . ,
IPv4 8 28
, IPv6
64 264 . ,
IPv6 MAC EUI-64
. , DNS
DNS
. IPv6

(, DHCP , NTP
) .
2) (Unauthorized access)
4

. IPv6 IPsec AH ,
.
IPv4 IPv6
. ,

. , MIPv6
(home agent)
. , ICMPv6
IPv6
.
ICMPv6 type 2, ICMPv6 type 130-
132, ICMPv6 type 133/134, ICMPv6 type 135/
136, ICMPv6 type 4 .
IPv6
- .
DNS NTP IPv6

.
fragmentation)

NIDS
. IPv6
. IPv4

, RFC2460
IPv6 MTU 1280
( ) .
4) 3 4 (Layer 3/4 spoofing)
IPv4 DoS, ,
IP . RFC2827
(ingress filtering)

. IPv6
RFC2827
. , , IPv4 IPv6
6to4
.
L7 Attacks L3/4 Spoofing
Unauthorized Access Rogue Devices
22 1 2007 2
40
DHCP
. , ARP IP-MAC
. IPv6 state-
less ,
. stateless
, “
” .
ARP IPv6 ICMPv6 ND
. IETF SEND
.
tion attacks: smurf)


. IPv6 IP-directed broadcast
. RFC2463 IPv6
ICMPv6
. ,

.
ICMP
.

. IPv4 MD5

. IPv6 BGP
TCP MD5 , IS-IS
RFC3567
, OSPFv3 RIPng
IPsec AH/ESP .
8)
, IPv6

.
DoS

.
IPsec
. ,
IPsec
.
IPv4 IPv6 .
12) (Rogue devices)
, DHCP, DNS ,
. IPsec
.
13) Man-in-the-middle
. IKEv2
.
.
41

.
IPsec
ESP
. ESP
, AH
ESP IPv6 /




.
ESP ( )


. ESP


.




.
RFC2462 IPv6 Stateless Address Auto-
configuration stateless
IPv6


ID
IPv6 .
ID IPv6

.
,
, IPv6


. IPv6 ID

.
IPv6
DAD
.

DAD .
DAD
ID IPv6
DAD
. RFC2462 IPv6 DAD

[3]. DAD

.
3. ND
RFC2461 2462 IPv6 ND
RFC2461
22 1 2007 2
42
[3]-[5]. ND ARP
stateless .
. /
1) NS/NA
IPv4 ARP
NS/NA source link-layer
target link-layer


.
.
2) NUD
NUD

. NS/NA
victim

, victim

NUD
. NUD
victim
.
victim NUD
NA
NS/NA
.
. /
1)
.


.
.


.
2)
RFC2461 IPv6



1 on-link
.

vic-
tim
on-link
.



.

( )
.

.
4) On-link
RA
on-link 1

/ IPv6
43
. IPv6
1
ND (ARP)

.
5)

RA

ID IPv6
. RA

IPv6
.
6)

IPv6


. RA

RA

.
4. IPv6
.
IPv6 0
, IPv4 loose source
routing .



.



IPv6

.

.
ICMP traceback
ICMP
traceback


.
, ICMP
traceback
.
1)
IPv6 IP



fragmentable TCP

22 1 2007 2
44
ment offset overlapping
IPv4
fragment offset overlapping
[6]. ,
.

.
fragment ID
.



.


.
3) Fragmentation
IDS

. , RFC2460 IPv6 Specification
IPv6


.
(offset)


.
RFC2460



. RFC2460 hop-by-hop

.
,

.
RFC
.
IPv6
CoA


. IPv6

.


.
. HAO
RFC3775 Mobile IPv6
2
( 0)

[7].


. HAO
IPv6
.
/ IPv6
45
.

.
HAO
.
.
IPv6
. ,
.

,
.

. ,

,

.

.
CN
, HA victim HA
. CN
CN victim

.
CoA , CN
CoA
DoS . CN
victim CoA
DDoS .
CN
, CN
(DoS
).
.

.
. IPv6

IPv6 IPv4
IPv4

IPv6 .
,
ICMPv4 ICMPv6
.
, IPv6 IPv4

TCP SYN flooding, TCP ISN, UDP flooding

. IPv6
flooding
imps6-tools
. ICMPv4 ICMPv6
, IPv4
IPv6
.
IPv6
IPv4
, IPv4

.
2. IPv4/IPv6


22 1 2007 2
46
[8]. IPv4/IPv6
(dual stack), IPv6-
to-IPv4 , (translation)
. IPv6
,
IPv6-to-IPv4
, IPv6-to-IPv4
[9]. IPv6-
to-IPv4 , IPv4
IPv6 IPv4
IPv6
Relay6, 6tunnel, nt6tun-
nel, asybo .
IPv6
IPv6
backdoor trojan
. IPv6-to-IPv4
6To4DDoS,
6tunneldos
IPv6 IPv4
. , 6to4
(victim)

,

reflection ,
IPv6 ser-
vice theft .
3. IPv6
IPv6
IPv4
.
IPv6 IP
IPv4
.
IP flow label
, (auto-configuration)
, NS/NA
. IP flow label
, IPv6 IP flow
label flow
, flow
[10].
, IPv6
RA
IP

,
. , NIC
IP

,
. ,
DAD
,
. IP
.
NS/NA , NS/NA

[11]. ,
NS source link-layer
address NA
target link-layer address



.
. THC IPv6
THC[12] IPv6

. IPv6 .
/ IPv6
47
. A B
B MAC
(ff02::1) ICMPv6 ND( :
NS) , B NA
A .
NA MAC
A B
.
MAC
. MAC
ICMP
IPv6
.
, IP
.
IPv6

ND( : NS)
(ff02::1) .
NA

. thc-ipv6 dos-new-ipv6 DAD
DAD
NA

.

.
(ff02::1)
RA ICMPv6
. RA

. ICMPv6 thc-
ipv6 fake_router6 RA

.
. IPv4
ICMP echo request 3
1. ND 2. NS
Multicast Address query = Who-has IP B?
parasite6 : Answer to every NS, claim to be every system on the LAN
2. NA: ICMP Type = 136 Src = B Dst = A Data = Link Layer
Address
inet6 addr: 2001:220:804:20::3/64 Scope:Global
A B
1. ND
Multicast Address query = Who-has IP A?
dos-new-ipv6 : Answer to every NS, claim to be every system on the LAN
2. No reply if nobody owns the
IP Address
A
1. RS 2. RA
1. RS: ICMP Type = 133 Src = :: Dst = FF02::2 query = please send RA
fake_router6 : Sets any IP as default router
2. RA: ICMP Type = 134 Src = Router Link- local Address Dst = FF02::1 Data = options, prefix, lifetime, autoconfig flag
( 4) THC : fake_router6
A
48
. ICMP echo re-
quest victim

victim
. thc-ipv6 smurf6 ICMP6
.
• Fake_mipv6: MIPv6
. IPv6
(covert channel) TCP/
IP
[13],[14].
IRC
.
0
1 .
.
• DO: MIPv6 BU ,

[15]. 2003 Thomas
Graf http://trash.net/
~reeler/j6p.tar.bz2 .
DO option type 2
00
. 01 .
, 00
.
IPv6-over-IPv4
. SIT, 6to4,
Teredo[16] .
, 6to4
.
, 6to4 2002::/16
, 41
. ,
UDP Teredo
.

.


ESP
,
IPsec
,
(distributed firewall or personal
firewall) IPsec
. RFC3041[17]
1. ND 2. NS
1. ER: ICMP type = 128 (Echo Request) Src = B Dst = A (or All-Node Multicast
Address)
2. ER: ICMP type = 129 (Echo Reply) Src = A Dst = B
( 5) THC : smurf6
A B
49
IP , DAD

IPsec AH
DAD
/
. ND
, ND
IPv6



. ,
SEND
/

. IPv6
,


,
, fragment overlapping,
IPv6

, / .
2. , /


,
IPv6 , ICMPv4
ICMPv6 (Type 2, 4, 130-136)
, 1280
, IPv6 , IPv4/
IPv6
. ,
static
ND , BGP, IS-IS
,
OSFPv4, RIPng IPsec , 6to4

[18].
.
.
IPv6 , IPv6
, IPv6
, IPv6
.
IPv6 ,
IPv6
.
IPv6

, IPv6

.

ACL Access Control List
BcN Broadband convergence Network
50

[2] Cisco NetFlow, http://www.cisco.com/warp/public/
ress Autoconfiguration,” RFC2462, Dec. 1998.
[4] P. Nikander, J. Kempf, and E. Nordmark, “RFC3756:
IPv6 Neighbor Discovery (ND) Trust Models and
Threats,” IETF, May 2004.
bor Discovery for IP Version 6 (IPv6),” RFC2461,
Dec. 1998.
sion 6 (IPv6) Specification,” RFC2460, Dec. 1998.
[7] D. Johnson, C. Perkins, and J. Arkko, “Mobility Sup-
port in IPv6,” RFC3775, June 2004.
[8] R. Gilligan and E. Nordmark, “RFC2893: Transition
Mechanisms for IPv6 Hosts and Routers,” IETF,
Aug. 2000.
Internet Security Systems, 2003.
[10] J. Rajahalme, A. Conta, B. Carpenter, and S. Deer-
ing, “RFC3697: IPv6 Flow Label Specification,”
IETF, Mar. 2004.
Neighbor Discovery for IP Version 6,” IETF, Dec.
1998.
fault.net/
Steve J. Chapin, “Covert Channels in IPv6,” Work-
shop on Privacy Enhancing Technologies, 2005.
[14] D. Llamas, C. Allison, and A. Miller, “Covert Chan-
nels in Internet Protocols: A Survey,” Workshop on
Privacy Enhancing Technologies, 2005.
The Swiss Unix User Group, Switzerland, http://
gray-world.net/papers/messip6.txt, 2003.
through NATs,” RFC4380, Feb. 2006.
[17] T. Narten and R. Draves, “Privacy Extensions for
Stateless Address Autoconfiguration in IPv6,” RFC
3041, Jan. 2001.
, 21 5, 2006, pp.163-170.
I.
III. IPv6
IV. IPv6
V. IPv6
VI.