I6-FPS: Automating the ICMPv6 Filtering Rules

Abstract

Enterprises are required to utilize Internet Control Message Protocol version 6 (ICMPv6) when IPv6 is deployed. In IPv4, Internet Control Message Protocol (ICMP) is aggressively filtered by a network administrator while in IPv6, ICMPv6 messages cannot be aggressively filtered due to the function of ICMPv6 message. ICMPv6 security risks increase when ICMPv6 threats and vulnerabilities are exploited. Thus, it is very crucial for enterprises to address the issues. In practice, network researchers must review several resources to identify ICMPv6 related attacks occurring due to the exploitation of ICMPv6 vulnerabilities. Overlooking any of these issues will jeopardize the security of ICMPv6. While conducting the attack scenarios testing, IPv6-Filtering Prototype System (I6-FPS) was developed to overcome the deficiency and limited filtering tools that supported IPv6 filtering rules (ip6table). I6-FPS is used to automate and simplify the writing of ip6table and it was developed using PHP5 and Shell script languages. This research revealed that I6-FPS is significant in the initial phase of securing IPv6 deployment as well as focusing on the ICMPv6 filtering rules. The I6-FPS has the potential to be enhanced and developed over time by including more functions to that system in generating specific filtering ip6table rules.