Data Spoofing Attacks by IPv6 Tunnels

Yu CUI  Zhi-Hong TIAN  Bin-Xing FANG  Hong-Li ZHANG  Wei-Zhe ZHANG  

IEICE TRANSACTIONS on Communications   Vol.E96-B   No.11   pp.2875-2882
Publication Date: 2013/11/01
Online ISSN: 1745-1345
DOI: 10.1587/transcom.E96.B.2875
Print ISSN: 0916-8516
Type of Manuscript: PAPER
Category: Internet
IPv6,  tunnel,  IDS,  spoofing attacks,  tunnel interference,  

Full Text: PDF(1.3MB)>>
Buy this Article

Tunneling is one of the main methods for the transition from IPv4 to IPv6 networks. By encapsulating IPv6 packets in IPv4 or UDP packets, tunnels like 6to4, Isatap and Teredo provide a feasible way for IPv4 hosts to establish IPv6 connections to hosts in IPv6 internet or IPv6 islands. For IPv4 internet, the use of tunnels varies the traffic and increases the type of packets, making the network environment more complex. In addition to common tunnels, various types of tunnels with more layers are tested in this paper. The results of successful connections prove the usefulness of multi-layer packets with diverse layer-count and type on the internet. To ensure the security of internal networks, the influence on traffic analysis in dual-stack IDS devices caused by the diversity is studied. Three spoofing attacks of “data insertion”, “data evasion” and “attacks using UDP” are proposed to show the influence on IDS caused by tunnels. Compared to the attacks without tunnels, some constraining factors are eliminated, which may increase the security risk of IDS and decrease the attacker's difficulties. To summarize this kind of problem, the concept of “Tunnel Interference” is revealed. And as solutions to this problem, two methods, RA (Record All) and HEH (Hash for Each Header), are presented in this paper which theoretically solve these problems to a great extent. RA records all headers and compares from the outermost to innermost layer. HEH is hash-based and accumulates hash values of each header. Both of them have linear time and space complexity. Experimental results show that RA and HEH will lead to minor space increase and up to 1.2% time increment in each layer compared to the original dual-stack.