Defence mechanisms evaluation against RA flood attacks for Linux Victim Node
Kolahi, Samad; Barmada,Bashar; Mudaliar, Keysha
View fulltext online
Citation:Kolahi, S. S., Barmada, B., & Mudaliar, K. (2017, December). Defence mechanisms evaluation against RA flood attacks for Linux-victim node. IEEE (Ed.), Asia-Pacific Signal and Information Processing Association Annual Summit and Conference (APSIPA ASC 2017) (pp.1000 - 1005). 10.1109/APSIPA.2017.8282169.
Permanent link to Research Bank record:http://hdl.handle.net/10652/4180
This research evaluates the performance of different defence mechanisms used in IPv6 networks to protect against router advertisement (RA) flood attacks that rely in ICMPv6 Router Advertisement messages to flood the network. Three types of RA flood attacks are considered: the default RA flood attack, RA flood attack with fragmented packets and RA flood attack with extended header packets. The victim machine is considered to be Linux Debian operating system. The defence mechanisms analysed here are: Access Control Lists, Disable Router Discovery, RA Guard, Validate Source MAC and VLAN. The performance is measured according to TCP throughput, TCP round-trip time (RTT) and CPU utilisation.