ND attacks
ND messages are easy to be exploited by the spoofers/attackers in the IPv6 network if there are no security mechanisms. The attackers could send forged ND packets to redirect the traffic meant for a host from a router/gateway to them. The ND attacks include the following types:
-
Address Spoofing Attack: An attacker could send forged NS/NA packets with the IPv6 address of a victim host. The ND entry maintained by the gateway and other hosts for the victim host will be updated with the wrong address information (of that of the attacker). As a result, all packets intended for the victim host will be sent to the attacking host rather than the victim host. In figure 14, the gateway sends a Neighbor Solicitation for the IPv6 address 2002::10. An attacker could send a Neighbor Advertisement as a reply causing the gateway to learn 2002::10 is at Mac B. The traffic gets redirected to the attacker.There can be other kind of DOS Attacks where the spoofer sends Neighbor Advertisement packets with different source IPv6 addresses to fill up the neighbor cache of the device, resulting in no room for valid clients.
-
RA Attack: An attacker could send forged RA packets with the IPv6 address of a victim gateway. This can cause all hosts attached to the victim gateway to maintain incorrect IPv6 configuration parameters and ND entries.In Figure 15, when the victim host sends a router solicitation, the attacker could send a route advertisement as a reply causing the victim host to receive the wrong network parameters. Hence the legitimate traffic to the victim hosts gets blocked.