Dynamics of abusive IPv6 networks
Turner, Mark J.
MetadataShow full item record
The exhaustion of available public IPv4 addresses has had a significant impact in an expanding, networked world and has led to increased adoption of IPv6. As IPv6 becomes more commonplace, it permits abusive and malicious parties to exploit both new and existing vulnerabilities. Among such vulnerabilities is abusive electronic messaging, or spam. To better understand the impact of spam utilizing IPv6 as its delivery protocol, this study focused on both real-world IPv6 spam collected from large production domain and IPv6 spam laboratory measurements. This study used various network traffic analysis tools to detect, classify, and associate IPv6 spamming behavior, both at the victim mail exchanger and among IPv6 wide-area routes. Furthermore, popular mail transfer agents were tested in an effort to profile their IPv6 behavior and correlate with spam obtained from the real world production domain. Results show that while IPv6 spamming behavior is growing, it is still in its infancy and no outstanding characteristics emerged that allow for definitive classification as a dominant IPv6 spamming behavior.
RightsThis publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Showing items related by title, author, creator and subject.
Nolan, Le E. (Monterey, California. Naval Postgraduate School, 2012-09);This thesis investigates a novel approach to identifying discriminating features of communications involving abusive hosts. The technique uses per-packet TCP header and timing features to identify congestion, flow-control, ...
Nguyen, Thuy D.; Irvine, Cynthia E. (2017-04);Most forensic investigators are trained to recognize abusive network behavior in conventional information systems, but they may not know how to detect anomalous traffic patterns in industrial control systems (ICS) that ...
Nguyen, Thuy D. (2016-12); NPS-CS-16-004Network security monitoring is an important element in incident response and forensics investigation. Most forensic investigators are trained to recognize abusive network behavior in conventional information systems, but ...