Virginia Tech
    • Log in
    View Item 
    •   VTechWorks Home
    • ETDs: Virginia Tech Electronic Theses and Dissertations
    • Masters Theses
    • View Item
    •   VTechWorks Home
    • ETDs: Virginia Tech Electronic Theses and Dissertations
    • Masters Theses
    • View Item
    JavaScript is disabled for your browser. Some features of this site may not work without it.

    Evaluation of Moving Target IPv6 Defense and Distributed Denial of Service Defenses

    Thumbnail
    View/Open
    DiMarco_PL_T_2013.pdf (806.5Kb)
    Downloads: 1636
    Date
    2013-12-13
    Author
    DiMarco, Peter Lewis
    Metadata
    Show full item record
    Abstract
    A Denial-of-Service (DoS) attack is a network attack from a single machine that attempts to prevent the victim, the targeted machine, from communicating to other devices on the network or perform its normal tasks. The extension of these attacks to include many malicious machines became known as Distributed Denial-of-Service (DDoS) attacks. DDoS attacks cause an immense amount of strain on both the victim and the devices used to reach the victim. In reaction to these attacks, preexisting technologies were used as DDoS defenses to mitigate the effects. The two most notable defenses used are the firewall and Internet Protocol Security (IPsec). The technologies behind these defenses emerged over twenty years ago and since then have been updated to conform to the newest Internet protocols. While these changes have kept the technologies viable, these defenses have still fallen victim to successful attacks. Because of the number of Internet connected devices and the small address space in Internet Protocol version 4 (IPv4), Internet Protocol version 6 (IPv6) was developed to solve the address space problem. With IPv6 however, there are new problems to address; therefore, these aforementioned defenses have to be further modifed to accommodate the new protocol. Moving Target IPv6 Defense (MT6D) has been developed to attempt to leverage the new standard against DDoS attacks in the IPv6 arena. This research evaluates the DDoS prevention capabilities of the aging defenses relative to the newly developed MT6D to determine which defense is best suited to defend against these attacks for a variety of scenarios. The threat environment in this study is limited to Synchronize (SYN) Flood, HTTP/GET Flood, Denial6, Dos-New-IP6, and Slowloris attacks. Attacks on the MT6D key distribution mechanism are not considered. Strengths and weaknesses of the aforementioned defenses are presented and analyzed. This project examines different metrics including the performance impact on the machines and the client throughput in an instrumented testbed. MT6D has high operating costs and low throughput compared to the other defenses. Under DDoS attacks, the firewall is unable to prevent attacks in IPv6 due to the inability to determine the same host from multiple Internet Protocol (IP) addresses. Overall, IPsec and MT6D effectively mitigate the DDoS attacks. Although, MT6D is susceptible to some attacks due to its operating at the guest level. At this point in MT6D's development, the difference in performance could be considered a reasonable price to pay for the added benefits from MT6D.
    URI
    http://hdl.handle.net/10919/24697
    Collections
    • Masters Theses [19413]

    If you believe that any material in VTechWorks should be removed, please see our policy and procedure for Requesting that Material be Amended or Removed. All takedown requests will be promptly acknowledged and investigated.

    Virginia Tech | University Libraries | Contact Us
     

     

    VTechWorks

    AboutPoliciesHelp

    Browse

    All of VTechWorksCommunities & CollectionsBy Issue DateAuthorsTitlesSubjectsThis CollectionBy Issue DateAuthorsTitlesSubjects

    My Account

    Log inRegister

    Statistics

    View Usage Statistics

    If you believe that any material in VTechWorks should be removed, please see our policy and procedure for Requesting that Material be Amended or Removed. All takedown requests will be promptly acknowledged and investigated.

    Virginia Tech | University Libraries | Contact Us