Jump to content

IPV6 NDP monitoring

heroplay
 Share

Recommended Posts

heroplay

heroplay 0

Posted
Posted (edited)

Can ESET monitor NDP in IPV6? I know that it blocks arp spoofing but can it monitor similar attacks to NDP IPV6?

Thanks!

Edited by heroplay
Link to comment
Share on other sites
heroplay

heroplay 0

Posted
  • Author
Posted (edited)

ESET can detect ARP Poisoning based from my experience, I can't find my screenshot to prove it. ARP spoofing can also be done when the attacker is already connected to the network and I think there are cases also that neighbor discovery protocol (IPV6), which is ARP in IPV4 that are used to accomplish a man in the middle attack.

Edited by heroplay
Link to comment
Share on other sites
itman

itman 1,659

Posted
Posted (edited)

Based on what I posted below, IPv6 NDP protection if it currently exists at all would be found in commercial network hardware based firewall appliances:

Internet Protocol version 6 (IPv6) uses Network Discovery Protocol (NDP) to find the Media Access Control (MAC) address to communicate with hosts in a LAN. Like its predecessor, Address Resolution Protocol (ARP) in IPv4, NDP is stateless and lacks authentication by default. The traditional spoofing attacks for exploiting the IP to MAC resolution using ARP in IPv4 are also relevant in NDP. By using spoofed MAC addresses, a malicious host can also launch Denial-of-Service (DoS), Man-in-the-Middle(MiTM) attacks etc. in IPv6 network. Although there are various detection/prevention mechanisms available for IPv4, many of them are not yet implemented in IPv6 as the protocol is relatively new and slowly coming in use. Few mechanisms have been proposed for detection/prevention of these attacks in IPv6, but they either are non-scalable, computationally expensive, require management of cryptographic keys or change in the protocol itself. In this paper, we propose an active detection mechanism for NDP based attacks in IPv6 network to overcome these problems. Experimental results illustrate the efficacy and performance of the scheme.

Ref.: http://link.springer.com/article/10.1007/s13119-013-0018-2

Edited by itman
Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...