By Topic

Protecting teredo clients from source routing exploits

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Bassam Naji Abdullah Al-tamimi ; NAV6 Centre, Universiti Sains Malaysia, 11800 USM, Pulau Pinang, Malaysia ; Abidah Mat Taib ; Rahmat Budiarto

Tunneling techniques such as configured tunnel, 6to4, ISATAP and Teredo are common mechanisms in the early deployment of IPv6 to connect between two isolated IPv6 LANs or hosts by using the IPv4 infrastructure. We focused on Teredo tunnel as it allows users behind NATs to obtain IPv6 connectivity. Teredo tunnel has been designed to encapsulate IPv6 packet in UDP using IPv6-in-UDPin-IPv4 technology. Though, Teredo tunnel raised some security threats including source routing exploits. This paper describes source routing exploits at the Teredo client and proposes a Teredo Client Protection Algorithm (TCPA) as an alternative mechanism to protect Teredo clients from IPv6 routing header risks. Since source routing in the IPv6 header could be exploited by either external or internal attackers, we believed our TCPA algorithm plays an impact in preventing potential attacks. TCPA is based on the filtration principle of matching. It operates on the Teredo client to deny the IPv6 packets which have routing header addresses unless the user allows these addresses traverse through it. The TCPA was implemented as a simulation in a real environment and the results showed that the proposed method is efficient and its logic sounds enough to protect Teredo client from attackers.

Published in:

Distributed Framework and Applications, 2008. DFmA 2008. First International Conference on

Date of Conference:

21-22 Oct. 2008