FINGERPRINTING IPV4 AND IPV6 ROUTERS USING ICMP
Loading...
Authors
Bofman, Wesley G.
Maniego, Fernando
Subjects
IPv4
IPv6
ICMP
ICMPv6
initial TTL
initial Hop Limit
fingerprinting
router signatures
network discovery
IPv6
ICMP
ICMPv6
initial TTL
initial Hop Limit
fingerprinting
router signatures
network discovery
Advisors
Beverly, Robert
Date of Issue
2019-06
Date
Publisher
Monterey, CA; Naval Postgraduate School
Language
Abstract
This project reassesses and expands on a simple fingerprinting method for Internet Protocol version 4 (IPv4) routers, and extends that methodology to Internet Protocol version 6 (IPv6) routers. The initial methodology, developed by Vanaubel, Pansiot, Merindol, and Donnet, utilized initial time to live (iTTL) values derived from Internet Control Message Protocol (ICMP) echo-reply and TTL exceeded messages. The current project used ICMP echo-reply and destination unreachable/port unreachable, combined with a third iTTL value derived from ICMP timestamp messages, to strengthen the fingerprint. We adapted the methodology to IPv6-enabled routers using the initial hop limit (iHL) values from ICMPv6 echo-reply and destination unreachable/port unreachable messages. The main goal of this project is to develop a simple fingerprinting technique to identify IPv4 and IPv6 router platforms. We were able to successfully expand the previously developed IPv4 router fingerprint using the ICMP timestamp reply message. Using this fingerprinting methodology, Juniper routers can be identified. However, this fingerprinting technique cannot distinguish between Cisco and Huawei routers. With IPv6, it became evident that most routing devices follow the recommended iHL value of 64 (RFC 1700). Thus, our methodology cannot distinguish between IPv6 routing devices. We recommend additional analysis of Cisco and Huawei devices running IPv4 to identify differences in activity, as well as further research into IPv6 routers.
Type
Thesis
Description
Series/Report No
Department
Information Sciences (IS)
Information Sciences (IS)
Organization
Identifiers
NPS Report Number
Sponsors
Funder
Format
Citation
Distribution Statement
Approved for public release; distribution is unlimited.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.