IPv6 routing discovers Protocol Security Risks

In IPv4, you must manually set the gateway address. The IPv6 protocol consists of two types of ICMP6 packets: RS and RA. The protocol is used to help nodes in the LAN find gateways or routers, so that the nodes can communicate with the Internet. On the other hand, for new IPv6 nodes that just access the network, you can set your own IPv6 address based on the gateway or route information to communicate with other nodes.

How IPv6 routing discovery works:

(1) the client sends a routing request message RS to all router addresses (FF02: 2) or the router periodically sends a route request message to all nodes (FF02: 1 multicast address) send the route message RA.

The local link address must be entered for the IP packet source address of the RA packet. This is because the router usually has multiple NICs. If the global address is entered, the node that receives the announcement should not be sent to that Nic, the local link address is one-to-one correspondence with the Mac address of the NIC, which uniquely identifies the NIC as a node service. The destination address of the IP packet is divided into two types. If RA is a route that regularly broadcasts the whole LAN, enter the broadcast address. If RA is a response to RS, enter the address of the Request node. Other parameters, such as lifetime, reachable time, and options, are set parameters, such as prefix) and priority. Most of these parameters are of little significance to this article, however, priority settings allow you to gain an advantage in all routes.

(2) The client configures the address prefix and route information based on the RA message.

The RS packet of a route request is relatively simple. The IP packet's destination address must be a broadcast address, and the source address must be the requester's address. options can be the requester's Mac address.

Analysis of Security Risks of IPv6 routing Detection Protocols

Through the above analysis, we can easily find the vulnerability of this Protocol. Due to the lack of source address authentication, any node in the LAN can send a route Declaration Message RA, thus disguising itself as a routing. For a node that dynamically acquires an IPv6 address, it cannot identify which node is the correct route. If a malicious node is disguised as a routing rule and the routing priority is set to the highest in RA, nodes that dynamically obtain IP addresses are likely to forward data packets to this malicious node.

The primary cause of these vulnerabilities is the lack of authentication mechanisms.