Denial of Service attack in IPv6 networks and counter measurements

Sammanfattning: This thesis describes and expresses the different IPv6 based cyber-attacks which could result in the Denial of Service (DoS) on the IPv6 network. IPv6 is the next generation internet protocol and the demand of its benefits is implacable. Therefore, we tried to answer to the following questions: How effective is DoS in IPv6 networks? How to protect IPv6 networks from DoS? The effect of implementing new changes in network often leads to new challenges and security breaches that make IP based networks challenging to monitor and defense. Better understanding of types of network and traffic requirements will assist in building robust network. The project done for this thesis is based on investigating the strength of some possible methods of launching the DoS on future solely IPv6 networks with open source tools. Moreover, it is based to signify how differently some network devices respond to this type of attack either locally or remotely in respect of the CPU utilization and the bandwidth usage. Packet analyzer is used to capture and analyze these attacks. The DoS attacks in this project include the protocols IPv6, ICMPv6 and TCP with two different category methods and variety of different IPv6 extension headers and packet formats. While the extension header mechanism is an important part of the IPv6 architecture, by taking advantage of it including the hop-by-hop option, router alert, AH and specially packets with big size extension headers which cause slow processing, we achieved the goal to strangle the nodes (specially routers) with the high CPU utilization in the project test environment. We also tested the efficacy of IPv6 fragmentation with 36 different options and their results are represented on 3 different areas of the network.   This thesis has concentrated on different kinds of attacks that have low impact on the local area devices such as the default gateway router but very high impact on the targets’ devices (remotely) with different autonomous system number that an attacker would not have any administrative control on. Some of the attacks expressed in this thesis need future work and analysis since they are out of scope for this work and therefore we just illustrate the result of these tests.     The results of this thesis can be used for judgmental evaluation of the IPv6 security against DoS attack.