Abstract:

The discovery of SLAAC attack has increased security threats in IPv6 network. SLAAC attacks is proliferated by the availability of attacking toolkits. Security safeguard must be deployed to detect and eliminate SLAAC attacks. Security safeguards such as IPSec, Secure NDP SeND , Trust-ND and other methods have not been widely implemented due to high processing power requirement for cryptographic process and alteration of original Neighbor Discovery Protocol NDP . Detection mechanism is more practical because does not modify original NDP, can be enhanced with specific capability and uses less intensive processing power. This paper proposes SLAAC attacks detection mechanism using ongoing packet verification and authentication. The detection mechanism not only detect SLAAC attack launched using ICMPv6 type 134 packet but also able to SLAAC attacks launched using packet with fragment and extension header without modification of original NDP.

Keywords: