Student: Toàn Phạm Văn
Primary mentor: Thanh Nguyen
Backup mentor: Ryan Smith
Google Melange: http://www.google-melange.com/gsoc/project/google/gsoc2012/suto/19001
ith the growth of Internet, IPv6 are starting to be put into use more widely on global internet, is expected to fully replace IPv4 in the future. With this growth, some vulnerabilities has been identified in this protocol suite and be used in some malicious tool so this proposal mainly focus on develop a tool that can detect and prevent that kind of attack, so far it can be a framework to detect future attack on ipv6 protocol.
- April 23rd - May20th: Community Bonding Period
Project Source Code Repository:
Student Weekly Blog: https://www.honeynet.or/blog/260
Project Useful Links:
Plan for next week(29/07-04/08/2012)
- Implement active detect when running :
Done last week
+ Auto gather neighbor information
+ Auto gather trusted router on network
+ Implement a daemon honeypot to detect an attack on network
- Refactor all source code to lib/module/factory , clean and improve some code
Plan for next week(02-09/07/2012)
- Setup and testing new tool from thc-ipv6
Done last week(25-31/06/2012
- Gather all neighbor and filter to get correct address table. After that will use this result to compare with incoming packet to detect attack.
Done Last Week
-Partial Processing MITM with redirects Attack detection.
-Done Reset default Router Attack detection and prevention
-Improve packet counter method to detect attack per IP source address
- Design a counter to block when attack, remove block when stop attack.
- When start sniffing, gather all possible router on the wire, after that try to remove fake via number of packet per second and time alive unnormal.
- Finish Fake/Flood RA packets processing function
-Finish Flood NS packets processing function
-Partial processing Fake Router Advertisement packet
-Partial processing Flood Neighbor solicitation packet
- Block packet based on rate limit
- Reaction via Ip6tables ( Block Source Address from flooding packet )
- Setup system to demonstration attacking methodology on Ipv6
-Using sample script to detect attack and alamr
-Calling external module to prevent that kind of attack
-Testing snort rules with that feature
Discuss with Xu, Thanh, Ryan about generic design and how to implements of IPv6 Attack Detection Tool.
-Setup SVN Repository. ( Done)
-Finalize design document. (Done)
-Sample code demonstrated. (Done)