Skip to main content
SpringerLink
Log in
Book cover

International Conference on E-Business and Telecommunications

ICETE 2013: E-Business and Telecommunications pp 252–269Cite as

IPv6 Network Attack Detection with HoneydV6

  • Conference paper
  • First Online:

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 456))

Abstract

During 2012, we conducted a long term IPv6-darknet experiment. We observed a relatively high number of interesting events and therefore needed additional network security tools to capture and analyse potentially harmful IPv6 traffic. This paper presents HoneydV6, a low-interaction IPv6 honeypot that can simulate entire IPv6 networks and which may be utilized to detect and analyze IPv6 network attacks. Our implementation is based on the well-known low-interaction honeypot Honeyd. To the best of our knowledge, this is the first low-interaction honeypot which is able to simulate entire IPv6 networks on a single host. Enticing attackers to exploit an IPv6 honeypot requires new approaches and concepts because of the huge IPv6 address space. We solved this problem through a dynamic instantiation mechanism that increases the likelihood for an attacker to find a target host in our IPv6 honeynet.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    http://www.honeyd.org/

  2. 2.

    http://www.tcpdump.org/

  3. 3.

    Download available from http://www.salbnet.org/

References

  1. Ford, M., Stevens, J., Ronan, J.: Initial results from an IPv6 darknet. In: ICISP ’06: Proceedings of the International Conference on Internet Surveillance and Protection, Washington, DC, USA, p. 13. IEEE Computer Society (2006)

    Google Scholar 

  2. Heuse, M.: THC IPv6 attack tool kit. http://www.thc.org/thc-ipv6/

  3. Thomson, S., Narten, T., Jinmei, T.: IPv6 Stateless Address Autoconfiguration. RFC 4862, September 2007

    Google Scholar 

  4. Seifert, C., Welch, I., Komisarczuk, P.: Taxonomy of honeypots. Technical report, Victoria University of Wellington, Wellington (2006)

    Google Scholar 

  5. Provos, N.: Honeyd: A virtual honeypot daemon. Technical report, Center for Information Technology Integration, University of Michigan, February 2003

    Google Scholar 

  6. ENISA Honeypot Study - Proactive Detection of Security Incidents (2012). http://www.enisa.europa.eu/activities/cert/support/proactive-detection/proactive-detection-of-security-incidents-II-honeypots

  7. Pang, R., Yegneswaran, V., Barford, P., Paxson, V., Peterson, L.: Characteristics of internet background radiation. In: Proceedings of the 4th ACM SIGCOMM Conference on Internet Measurement, IMC ’04, pp. 27–40. ACM, New York (2004)

    Google Scholar 

  8. Huston, G.: Background Radiation in IPv6, October 2010. https://labs.ripe.net/Members/mirjam/background-radiation-in-ipv6

  9. Johns, M.S.: Identification Protocol. RFC 1413 (Proposed Standard) February 1993

    Google Scholar 

  10. Kalt, C.: Internet Relay Chat: Architecture. RFC 2810 (Informational) April 2000

    Google Scholar 

  11. Dionaea: dionaea catches bugs. http://dionaea.carnivore.it/

  12. Baecher, P., Koetter, M.: libemu - x86 Shellcode Emulation. http://libemu.carnivore.it/

  13. Vrable, M., Ma, J., Chen, J., Moore, D., Vandekieft, E., Snoeren, A.C., Voelker, G.M., Savage, S.: Scalability, fidelity, and containment in the potemkin virtual honeyfarm. In: Proceedings of the Twentieth ACM Symposium on Operating Systems Principles, SOSP ’05, pp. 148–162. ACM, New York (2005)

    Google Scholar 

  14. Clemente, P., Lalande, J.F., Rouzaud-Cornabas, J.: HoneyCloud: elastic honeypots - on-attack provisioning of high-interaction honeypots. In: International Conference on Security and Cryptography, Rome, Italy, July 2012, pp. 434–439 (2012)

    Google Scholar 

  15. Sleator, D.D., Tarjan, R.E.: Self-adjusting binary search trees. J. ACM 32(3), 652–686 (1985)

    Article  MathSciNet  MATH  Google Scholar 

  16. Chown, T.: IPv6 Implications for Network Scanning. RFC 5157 (Informational) March 2008

    Google Scholar 

  17. SI6 Networks: SI6 Networks’ IPv6 Toolkit - A security assessment and troubleshooting tool for the IPv6 protocols (2012). http://www.si6networks.com/tools/ipv6toolkit

  18. Provos, N., Holz, T.: Virtual Honeypots - From Botnet Tracking to Intrusion Detection. Addison-Wesley, Boston (2008)

    Google Scholar 

  19. Zinke, J., Habenschuß, J., Schnor, B.: Servload: generating representative workloads for web server benchmarking. In: International Symposium on Performance Evaluation of Computer and Telecommunication Systems (SPECT), Genoa (2012)

    Google Scholar 

  20. Nmap: Nmap Network Scanning - IPv6 fingerprinting. http://nmap.org/book/osdetect-ipv6-methods.html

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University of Potsdam, Potsdam, Germany

    Sven Schindler, Bettina Schnor & Simon Kiertscher

  2. Department of Electrical Engineering, Beuth Hochschule, Berlin, Germany

    Thomas Scheffler

  3. EANTC AG, Berlin, Germany

    Eldad Zack

Authors
  1. Sven Schindler
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Bettina Schnor
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Simon Kiertscher
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Thomas Scheffler
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Eldad Zack
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sven Schindler .

Editor information

Editors and Affiliations

  1. Department of Computer Science, Monmouth University, West Long Branch, New Jersey, USA

    Mohammad S. Obaidat

  2. Polytechnic Institute of Setúbal, INSTICC, Setúbal, Portugal

    Joaquim Filipe

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Schindler, S., Schnor, B., Kiertscher, S., Scheffler, T., Zack, E. (2014). IPv6 Network Attack Detection with HoneydV6. In: Obaidat, M., Filipe, J. (eds) E-Business and Telecommunications. ICETE 2013. Communications in Computer and Information Science, vol 456. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-44788-8_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-44788-8_15

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-662-44787-1

  • Online ISBN: 978-3-662-44788-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation