Project 8 - IPv6 attack detector (Toàn)

Student: Toàn Phạm Văn
Primary mentor: Thanh Nguyen
Backup mentor: Ryan Smith

Google Melange: http://www.google-melange.com/gsoc/project/google/gsoc2012/suto/19001

Project Overview:
ith the growth of Internet, IPv6 are starting to be put into use more widely on global internet, is expected to fully replace IPv4 in the future. With this growth, some vulnerabilities has been identified in this protocol suite and be used in some malicious tool so this proposal mainly focus on develop a tool that can detect and prevent that kind of attack, so far it can be a framework to detect future attack on ipv6 protocol.

Project Plan:

  • April 23rd - May20th: Community Bonding Period

Project Source Code Repository:
http://code.google.com/p/ipv6-guard/

Student Weekly Blog: https://www.honeynet.or/blog/260

Project Useful Links:

Project Updates:

  • Plan for next week(29/07-04/08/2012)
  • - Implement active detect when running :
    + Auto gather neighbor information
    + Auto gather trusted router on network
    + Implement a daemon honeypot to detect an attack on network

  • Done last week
  • - Refactor all source code to lib/module/factory , clean and improve some code
    - Setup and testing new tool from thc-ipv6

  • Plan for next week(02-09/07/2012)
  • -Improve code
    -Midterm evaluation

  • Done last week(25-31/06/2012
  • - Gather all neighbor and filter to get correct address table. After that will use this result to compare with incoming packet to detect attack.
    -Partial Processing MITM with redirects Attack detection.
    -Done Reset default Router Attack detection and prevention
    -Improve packet counter method to detect attack per IP source address

  • Done Last Week
  • (18-26/06/2012)
    - Design a counter to block when attack, remove block when stop attack.
    - When start sniffing, gather all possible router on the wire, after that try to remove fake via number of packet per second and time alive unnormal.
    - Finish Fake/Flood RA packets processing function
    -Finish Flood NS packets processing function

  • Last Week:
  • (18/06/2012)
    -Partial processing Fake Router Advertisement packet
    -Partial processing Flood Neighbor solicitation packet
    - Block packet based on rate limit
    - Reaction via Ip6tables ( Block Source Address from flooding packet )
    - Setup system to demonstration attacking methodology on Ipv6
    -Using sample script to detect attack and alamr
    -Calling external module to prevent that kind of attack
    -Testing snort rules with that feature
    Discuss with Xu, Thanh, Ryan about generic design and how to implements of IPv6 Attack Detection Tool.
    -Setup SVN Repository. ( Done)
    -Finalize design document. (Done)
    -Sample code demonstrated. (Done)