Hyhoneydv6: A hybrid Honeypot Architecture for IPv6 Networks

Artigo Acesso aberto

Hyhoneydv6: A hybrid Honeypot Architecture for IPv6 Networks

2015; Volume: 6; Issue: 2 Linguagem: Inglês

10.20533/ijicr.2042.4655.2015.0071

ISSN

2042-4655

Autores

Sven Schindler, Bettina Schnor, Thomas Scheffler,

Tópico(s)

IPv6, Mobility, Handover, Networks, Security

Resumo

This paper presents a new hybrid honeypot archi-tecture which focuses on the coverage of large IPv6 address spaces.Results from a 15-months darknet experiment verify that attackers and researchers utilise various approaches to scan wide and unforeseeable IPv6 address ranges which cannot be managed with current honeypot solutions.The huge IPv6 address space not only makes it hard for attackers to find target hosts, it also makes it difficult for a honeypot to get found by an attacker.We solve this challenge through the use of dynamically configured high-interaction honeypots that can cover large chunks of the IPv6 address space.A new proxy mechanism is used to transparently handover and forward traffic from low-to highinteraction honeypots on demand to provide the best possible service granularity.Measurements with our prototype implementation show that the proposed approach performs well on off-the-shelf hardware and has low maintenance costs.The ICMPv6 traffic was dominated by Echo Request-based network scans and the TCP traffic contained mostly TCP SYN 4 www.tcpdump.org

Ver no editor

Altmetric

PlumX

Entrar

Lembrar minha senha

Receber meu e-mail de confirmação

Hyhoneydv6: A hybrid Honeypot Architecture for IPv6 Networks