Denial of service attack: an analysis to IPv6 extension headers security nightmares

Abstract

Dealing with scarcity issues of internet protocol version 4 (IPv4), internet engineering task force (IETF) developed internet protocol version 6 (IPv6) to support the needs of IP addresses for future use of the internet, however, one challenge that must be faced while transitioning to IPv6 is in the area of security. IPv6 is a new protocol that has many new probabilities for attackers to exploit the protocol stack and one of them is through IPv6 extension headers. Mishandling of extension headers are the security nightmares for network administrators, allowing for new security threats that will cause denial of service (DoS). As a result, the mishandling of IPv6 extension Headers creates new attack vectors that could lead to DoS–which can be exploited for different purposes, such as creating covert channels, fragmentation attacks, and routing header 0 attacks. Furthermore, this paper becomes proof of concepts that even to this day our well-known network devices are still exploitable by these attack vectors.