Defence mechanisms evaluation against RA flood attacks for Linux Victim Node

Kolahi, Samad; Barmada,Bashar; Mudaliar, Keysha

Thumbnail
Share
View fulltext online
Date
2017-12
Citation:
Kolahi, S. S., Barmada, B., & Mudaliar, K. (2017, December). Defence mechanisms evaluation against RA flood attacks for Linux-victim node. IEEE (Ed.), Asia-Pacific Signal and Information Processing Association Annual Summit and Conference (APSIPA ASC 2017) (pp.1000 - 1005). 10.1109/APSIPA.2017.8282169.
Permanent link to Research Bank record:
https://hdl.handle.net/10652/4180
Abstract
This research evaluates the performance of different defence mechanisms used in IPv6 networks to protect against router advertisement (RA) flood attacks that rely in ICMPv6 Router Advertisement messages to flood the network. Three types of RA flood attacks are considered: the default RA flood attack, RA flood attack with fragmented packets and RA flood attack with extended header packets. The victim machine is considered to be Linux Debian operating system. The defence mechanisms analysed here are: Access Control Lists, Disable Router Discovery, RA Guard, Validate Source MAC and VLAN. The performance is measured according to TCP throughput, TCP round-trip time (RTT) and CPU utilisation.
Keywords:
router advertisement (RA) flood attacks, defence mechanisms, IPv6 networks, Linux operating system, ICMPv6 Router Advertisement messages
ANZSRC Field of Research:
080303 Computer System Security
Copyright Holder:
Authors

Copyright Notice:
All rights reserved
Rights:
This digital work is protected by copyright. It may be consulted by you, provided you comply with the provisions of the Act and the following conditions of use. These documents or images may be used for research or private study purposes. Whether they can be used for any other purpose depends upon the Copyright Notice above. You will recognise the author's and publishers rights and give due acknowledgement where appropriate.
Metadata
Show detailed record
This item appears in