Dianxin kexue (Apr 2014)
A Defense Approach of DAD Attack in Stateless Auto Configuration
Abstract
In stateless address auto configuration, node needs to carry out duplicate address detection before using a new IP address. In the detection process, once a malicious node claims that the resolve IP address is occupied, the node's address configuration will fail. For this case, WAY(who are you)mechanism as a defensive approach was proposed. WAY mechanism uses reverse address confirmation, self-declaration and WAY-table inspection to filter the spoofing packets, which make attackers' cost increase and cannot carry out secondary attack. The experiments show that WAY mechanism can effectively compensate the security flaws of neighbor discovery protocol, significantly increase the success rate of stateless address auto configuration.
