IPv6 attack scenarios testbed

Deploying IPv6 in the enterprise network will increase the security issues since some of IPv6 features bring vulnerabilities. Thus, mitigating them with appropriate security policy is vital. By having attack scenario testing, it will expose network administrators to the IPv6 potential attack. For example, Bad ACK-Reset attack is used by an attacker to reset a new connection after exploiting network. Also, Packet Fragmentation attack is capable to control over the packet fragmentation services yet can cause problems in security measurement. Hence, this paper tested Bad ACK-Reset and Packet Fragmentation attack scenarios for analysis. This paper used Scapy (2.0.1) to generate packets for testing. A testbed simulation has been designed by using Graphical Network Simulator 3 (GNS3). Several ip6tables rules and access control lists (ACLs) were implemented at the host and the router respectively to counter Bad ACK-Reset and Packet Fragmentation attack scenarios. Information gained from the testing will provide a clear understanding on IPv6 security issues and help to design a proper network security policy. The current results from the testing can be used for future research in generating the security policies. Thus, our further research will focus on modelling the created security policy for IPv6 deployment.