Prevention of MITM attack caused by rogue router advertisements in IPv6

Abstract

Router discovery in IPv6 is vulnerable to rogue Router Advertisements (RAs), wherein unintended and possibly incorrect RAs make their way into the network. An IPv6 host obtains several important information from an RA like the default router's address and the prefix for autoconfiguring its IPv6 address. Incorrect data in the RA fields result in operational problems in the network. This can occur as a result of misconfigurations or malicious intentions. A variation of this security threat occurs in the form of a node sending a rogue RA with the spoofed address of the legit router but with the router lifetime field set to zero. This causes the legit router to be removed as the default router for hosts on the subnet. Further, the malicious node could advertise itself as the default router and essentially perform a man-in-The-middle (MITM) attack. This paper demonstrates such a possibility on an IPv6 testbed and presents a possible solution to prevent the same. The implementation of the solution is done on the Linux kernel and results testifying the solution are presented. � 2016 IEEE.