Discover LinuxSecurity Features
IPv6 approach for TCP SYN Flood attack over VoIP, Part IV
A firewall enabled for application filtering and IPv6 can drop application performance by a staggering 90 % or more compared to best case IPV4 results.
Given methods are used to IPv6 Application performance:
- Emulate real application traffic -data, voice, video over tens of thousands of clients and/or servers.
- Measure performance and Quality of Experience with Web pages/s, VoIP call set-up time, FTP file transfer rate and instant message passing with TCP SYN handshaking signals.
Multiply services over IPv4/v6 must address three additional challenges that will impact network performance must be handled following DoS attacks. IPv6 approaches can handle these with Network tester configurations.
6.2 DoS Attacks
- Must be filtered, including traditional layer 3-4 attacks such as TCP SYN Flood which is ported to IPv6.
- ICMPv6 attacks
- Application layer attacks (such as SIP setup/teardown flood and RTP stream Insertion).
- Application attacks are particularly effective because they degrade the CPU performance.
6.3 VoIP Attack Vulnerability
VoIP attack vulnerability simulates DoS attacks to measure impact on VoIP with:
- Traditional DoS attacks (TCP SYN flood, ping of Death)
- VoIP voice insertion-simulate rogue RTP streams.
- VoIP DoS simulates bursts of call setups and teardowns on the same addresses
6.4 Performance Challenges
6.4.1
Longer IPv6 addresses:
Firewall rule sets and ACL must work IPv6 addresses. It can degrade performance.
6.4.2
IPv6 variable-length headers:
Parsing more complex encryption and authentication header sections must be parsed and filtered and it may also need to perform encryption/decryption or calculation of message authentication codes to be filter on application-layer headers and content.
6.4.3
IPv6 DoS attacks
IPv6/v4 and IPv4/v6 tunneling can hide application-layer attacks within complex handcrafted TCP SYN packets.
6.5 Triple-Play Methodology
It is a new approach needed to ensure that application aware devices do not become bottlenecks:
6.5.1
Real-Time Application Performance.
6.5.2
Add DoS attacks over IPv6 including SIP setup-teardown attacks. Quantify the
reduction in application performance.