Accession Number : ADA561931


Title :   The Unexplored Impact of IPv6 on Intrusion Detection Systems


Descriptive Note : Master's thesis


Corporate Author : NAVAL POSTGRADUATE SCHOOL MONTEREY CA DEPT OF COMPUTER SCIENCE


Personal Author(s) : Gehrke, Keith A


Full Text : https://apps.dtic.mil/dtic/tr/fulltext/u2/a561931.pdf


Report Date : Mar 2012


Pagination or Media Count : 117


Abstract : With Department of Defense (DoD) networks steadily adopting and transitioning to the next-generation Internet Protocol, IPv6, careful consideration must be given to IPv6-specific implications for network protection. While Network Intrusion Detection Systems (NIDS) assist in protecting current IPv4 DoD networks, NIDS performance in operational DoD IPv6 environments is largely unknown. As a step toward more rigorous NIDS evaluation, we investigate the extent to which known IPv4 attacks are able to evade detection when converted to equivalent IPv6 attacks. Utilizing 13 general attack classes, we test the IPv6 readiness of two popular open source NIDSs: SNORT and BRO. Attacks in each class are evaluated in a virtual test bed that models both native and transitional networks. In the native IPv6 environment, we achieve a 95% detection rate for SNORT as compared to 8% with BRO. In addition, we discover a bug in SNORT where a carefully crafted IPv6 packet causes the NIDS to fail to open, allowing full circumvention. Our findings suggest that, with respect to IPv6, both NIDS signatures and NIDS software require additional testing and evaluation to be operationally ready.


Descriptors :   *ATTACK , *COMMUNICATIONS PROTOCOLS , *DEPARTMENT OF DEFENSE , *INTERNET , *INTRUSION DETECTION(COMPUTERS) , *OPERATIONAL READINESS , *TEST AND EVALUATION , COMPUTER NETWORKS , PROTECTION , TEST BEDS , THESES , TRANSITIONS


Subject Categories : Computer Systems
      Computer Systems Management and Standards
      Military Forces and Organizations


Distribution Statement : APPROVED FOR PUBLIC RELEASE