Abstract
During 2012, we conducted a long term IPv6-darknet experiment. We observed a relatively high number of interesting events and therefore needed additional network security tools to capture and analyse potentially harmful IPv6 traffic. This paper presents HoneydV6, a low-interaction IPv6 honeypot that can simulate entire IPv6 networks and which may be utilized to detect and analyze IPv6 network attacks. Our implementation is based on the well-known low-interaction honeypot Honeyd. To the best of our knowledge, this is the first low-interaction honeypot which is able to simulate entire IPv6 networks on a single host. Enticing attackers to exploit an IPv6 honeypot requires new approaches and concepts because of the huge IPv6 address space. We solved this problem through a dynamic instantiation mechanism that increases the likelihood for an attacker to find a target host in our IPv6 honeynet.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
- 2.
- 3.
Download available from http://www.salbnet.org/
References
Ford, M., Stevens, J., Ronan, J.: Initial results from an IPv6 darknet. In: ICISP ’06: Proceedings of the International Conference on Internet Surveillance and Protection, Washington, DC, USA, p. 13. IEEE Computer Society (2006)
Heuse, M.: THC IPv6 attack tool kit. http://www.thc.org/thc-ipv6/
Thomson, S., Narten, T., Jinmei, T.: IPv6 Stateless Address Autoconfiguration. RFC 4862, September 2007
Seifert, C., Welch, I., Komisarczuk, P.: Taxonomy of honeypots. Technical report, Victoria University of Wellington, Wellington (2006)
Provos, N.: Honeyd: A virtual honeypot daemon. Technical report, Center for Information Technology Integration, University of Michigan, February 2003
ENISA Honeypot Study - Proactive Detection of Security Incidents (2012). http://www.enisa.europa.eu/activities/cert/support/proactive-detection/proactive-detection-of-security-incidents-II-honeypots
Pang, R., Yegneswaran, V., Barford, P., Paxson, V., Peterson, L.: Characteristics of internet background radiation. In: Proceedings of the 4th ACM SIGCOMM Conference on Internet Measurement, IMC ’04, pp. 27–40. ACM, New York (2004)
Huston, G.: Background Radiation in IPv6, October 2010. https://labs.ripe.net/Members/mirjam/background-radiation-in-ipv6
Johns, M.S.: Identification Protocol. RFC 1413 (Proposed Standard) February 1993
Kalt, C.: Internet Relay Chat: Architecture. RFC 2810 (Informational) April 2000
Dionaea: dionaea catches bugs. http://dionaea.carnivore.it/
Baecher, P., Koetter, M.: libemu - x86 Shellcode Emulation. http://libemu.carnivore.it/
Vrable, M., Ma, J., Chen, J., Moore, D., Vandekieft, E., Snoeren, A.C., Voelker, G.M., Savage, S.: Scalability, fidelity, and containment in the potemkin virtual honeyfarm. In: Proceedings of the Twentieth ACM Symposium on Operating Systems Principles, SOSP ’05, pp. 148–162. ACM, New York (2005)
Clemente, P., Lalande, J.F., Rouzaud-Cornabas, J.: HoneyCloud: elastic honeypots - on-attack provisioning of high-interaction honeypots. In: International Conference on Security and Cryptography, Rome, Italy, July 2012, pp. 434–439 (2012)
Sleator, D.D., Tarjan, R.E.: Self-adjusting binary search trees. J. ACM 32(3), 652–686 (1985)
Chown, T.: IPv6 Implications for Network Scanning. RFC 5157 (Informational) March 2008
SI6 Networks: SI6 Networks’ IPv6 Toolkit - A security assessment and troubleshooting tool for the IPv6 protocols (2012). http://www.si6networks.com/tools/ipv6toolkit
Provos, N., Holz, T.: Virtual Honeypots - From Botnet Tracking to Intrusion Detection. Addison-Wesley, Boston (2008)
Zinke, J., Habenschuß, J., Schnor, B.: Servload: generating representative workloads for web server benchmarking. In: International Symposium on Performance Evaluation of Computer and Telecommunication Systems (SPECT), Genoa (2012)
Nmap: Nmap Network Scanning - IPv6 fingerprinting. http://nmap.org/book/osdetect-ipv6-methods.html
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Schindler, S., Schnor, B., Kiertscher, S., Scheffler, T., Zack, E. (2014). IPv6 Network Attack Detection with HoneydV6. In: Obaidat, M., Filipe, J. (eds) E-Business and Telecommunications. ICETE 2013. Communications in Computer and Information Science, vol 456. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-44788-8_15
Download citation
DOI: https://doi.org/10.1007/978-3-662-44788-8_15
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-44787-1
Online ISBN: 978-3-662-44788-8
eBook Packages: Computer ScienceComputer Science (R0)