FINGERPRINTING IPV4 AND IPV6 ROUTERS USING ICMP
Bofman, Wesley G.
Shaffer, Alan B.
MetadataShow full item record
This project reassesses and expands on a simple fingerprinting method for Internet Protocol version 4 (IPv4) routers, and extends that methodology to Internet Protocol version 6 (IPv6) routers. The initial methodology, developed by Vanaubel, Pansiot, Merindol, and Donnet, utilized initial time to live (iTTL) values derived from Internet Control Message Protocol (ICMP) echo-reply and TTL exceeded messages. The current project used ICMP echo-reply and destination unreachable/port unreachable, combined with a third iTTL value derived from ICMP timestamp messages, to strengthen the fingerprint. We adapted the methodology to IPv6-enabled routers using the initial hop limit (iHL) values from ICMPv6 echo-reply and destination unreachable/port unreachable messages. The main goal of this project is to develop a simple fingerprinting technique to identify IPv4 and IPv6 router platforms. We were able to successfully expand the previously developed IPv4 router fingerprint using the ICMP timestamp reply message. Using this fingerprinting methodology, Juniper routers can be identified. However, this fingerprinting technique cannot distinguish between Cisco and Huawei routers. With IPv6, it became evident that most routing devices follow the recommended iHL value of 64 (RFC 1700). Thus, our methodology cannot distinguish between IPv6 routing devices. We recommend additional analysis of Cisco and Huawei devices running IPv4 to identify differences in activity, as well as further research into IPv6 routers.
RightsThis publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Showing items related by title, author, creator and subject.
Altinkaya, Mustafa (Monterey, California. Naval Postgraduate School, 2000);In Server and Agent Based Active Network Management (SAAM) architecture, a server will make routing and other important decisions on behalf of the routers in its region. In order to make the right decisions and to support ...
Uysal, H. Huseyin (Monterey, California. Naval Postgraduate School, 2000);This thesis presents a model of link state advertisement generation for the SAAM (Server and Agent Based Network Management) architecture. The model includes generation and processing of link state data. In a SAAM network, ...
Kioumourtzis, Georgios A. (Monterey, California. Naval Postgraduate School, 2005);Mobile Ad hoc Networks (MANETs) are of much interest to both the research community and the military because of the potential to establish a communication network in any situation that involves emergencies. Examples are ...