Home // ICIMP 2012, The Seventh International Conference on Internet Monitoring and Protection // View article

A Light-weighted Source Address Validation Method in IPv4/IPv6 Translation

Authors:
Yu Zhu
Jun Bi
Yayuan Sun

Keywords: IPv4/IPv6 translation; Anti-spoofing; Source address validation; Packet filtering; Internet Security; Access control.

Abstract:
since global IPv4 address has already exhausted in 2011, IPv6 is going to be deployed more widely in the next years. Both IPv4 and IPv6 would coexist in Internet for many years. Some transition technologies can help IPv4 to work with IPv6, but most of them are vulnerable to IP address spoofing attack. This paper proposes a source address validation method which works with IPv4/IPv6 translation. Only one change is required in DNS translation, based on current translation technology. Currently, an IPv4 server’s address in DNS reply would be translated to an IPv4-mapped IPv6 address by DNS translator. In this paper, we proposed a method called “gateway identify code” (GIC) that the translator gateway embeds authentication information in IPv4-mapped IPv6 address in translated DNS reply. A host who receives this DNS reply would use this GIC embedded address to start communication. When packets reach translator gateway, validation is performed to check whether the GIC is correct. This technology can work with both stateful translation method and stateless translation method, including NAT-PT, NAT64 and IVI. This method will protect the address pool and filter the IP address spoofing attack.

Pages: 23 to 29

Copyright: Copyright (c) IARIA, 2012

Publication date: May 27, 2012

Published in: conference

ISSN: 2308-3980

ISBN: 978-1-61208-201-1

Location: Stuttgart, Germany

Dates: from May 27, 2012 to June 1, 2012