IPV6 Alias Resolution Via Induced Router Fragmentation
NAVAL POSTGRADUATE SCHOOL MONTEREY CA
Pagination or Media Count:
IPv4 addresses are a scarce resource with available allocations nearing exhaustion. DoD and government agencies were mandated to transition to IPv6 for greater security and flexibility. The transition to IPv6 faces a series of challenges associated with protecting the network. Among many defensive challenges associated with IPv6 is the inability to accurately identify and understand the network s router-level topology. Providing an accurate IPv6 topology map is needed for security, situational awareness, and understanding the operational deployment and evolution of IPv6. To better understand IPv6 networks, this thesis focuses on the alias resolution problem whereby we seek to identify multiple interfaces belonging to a single IPv6 router. Alias resolution is critical to developing an accurate router-level topology map. This thesis presents a fingerprint-based IPv6 alias resolution technique that induces fragmented responses from IPv6 router interfaces. We demonstrate perfect alias resolution accuracy in a controlled environment, and on a small subset of the production IPv6 Internet for which ground-truth is known. Internet-wide testing finds that over 70 of IPv6 interfaces probed respond to the method.
- Computer Systems