Ameen Al-Azzawi, and Gábor Lencse
Lightweight 4over6 Test-bed for Security Analysis
In this paper, we focus on one of the most prominent IPv6 transition technologies, namely lw4o6 (Lightweight 4over6). We emphasize the uniqueness of lw4o6 and the difference between lw4o6 and the conventional DS-Lite (Dual-Stack Lite), their topology, functionality and security vulnerabilities. We analyze the potential vulnerabilities of lw4o6 infrastructure by applying the STRIDE threat modelling technique, which stands for Spoof- ing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege. Moreover, we build a test-bed for lw4o6 using Snabb, which is an open source software. We test Snabb’s tunneling and binding capabilities and most importantly, port allocation per subscriber. At the end, we present multiple attacking scenarios (Denial of Service, Information Disclosure, Spoofing, etc.) against lw4o6’s main routers and come up with mitigation methods for such attacks.
Please cite this paper the following way:
Ameen Al-Azzawi, and Gábor Lencse , "Lightweight 4over6 Test-bed for Security Analysis", Infocommunications Journal, Vol. XV, No 3, September 2023, pp. 30-41., https://doi.org/10.36244/ICJ.2023.3.4