Effectiveness of security tools to anomalies on tunneled traffic

Nazrulazhar Bahaman, Anton Satria Prabuwono, Mohd Zaki Mas'ud, Mohd Faizal Abdollah

    Research output: Contribution to journalArticle

    3 Citations (Scopus)

    Abstract

    Tunneling Mechanism has been proven as an option to link the communication between IPv6 networks and IPv4 environments without incurring the high costs of upgrading equipment. However, this mechanism has reduced the network performance and downgrade the level of security if compared to the native IPv6 network. The Transition Mechanism has also become a covert channel for spreading threats without being acknowledged by the network security tools. Even though the issue has been raised in the set of IETF rules, still they do not provide any recommendation to overcome the problem. Based on this reason, this study explored the effectiveness of conventional network security tools to detect any anomalies occurring on a tunneling mechanism especially against packet flooding attack in IPv6 tunneling. In order to achieve this objective, a testbed that has been deployed with conventional firewall and IDS is used to simulate the IPv6 to IPv4 tunneling mechanism, several network attacks are then launched and the network traffic is then captured to be analyzed. The result shows that the firewall with the default settings had blocked all the tunneling packets, while the firewall and IDS with the default rule of set had performed well in IPv4 but not in the IPv6 tunnel.

    Original languageEnglish
    Pages (from-to)191-199
    Number of pages9
    JournalInformation Technology Journal
    Volume11
    Issue number2
    DOIs
    Publication statusPublished - 2012

    Fingerprint

    Network security
    Network performance
    Testbeds
    Tunnels
    Communication
    Costs

    Keywords

    • Firewall
    • Flooding attack
    • Intrusion detection
    • Network analyzer
    • Tunneling

    ASJC Scopus subject areas

    • Computer Science (miscellaneous)

    Cite this

    Bahaman, N., Prabuwono, A. S., Mas'ud, M. Z., & Abdollah, M. F. (2012). Effectiveness of security tools to anomalies on tunneled traffic. Information Technology Journal, 11(2), 191-199. https://doi.org/10.3923/itj.2012.191.199

    Effectiveness of security tools to anomalies on tunneled traffic. / Bahaman, Nazrulazhar; Prabuwono, Anton Satria; Mas'ud, Mohd Zaki; Abdollah, Mohd Faizal.

    In: Information Technology Journal, Vol. 11, No. 2, 2012, p. 191-199.

    Research output: Contribution to journalArticle

    Bahaman, N, Prabuwono, AS, Mas'ud, MZ & Abdollah, MF 2012, 'Effectiveness of security tools to anomalies on tunneled traffic', Information Technology Journal, vol. 11, no. 2, pp. 191-199. https://doi.org/10.3923/itj.2012.191.199
    Bahaman, Nazrulazhar ; Prabuwono, Anton Satria ; Mas'ud, Mohd Zaki ; Abdollah, Mohd Faizal. / Effectiveness of security tools to anomalies on tunneled traffic. In: Information Technology Journal. 2012 ; Vol. 11, No. 2. pp. 191-199.
    @article{5a5acc0bd46e4d6abb2a685efcf172b2,
    title = "Effectiveness of security tools to anomalies on tunneled traffic",
    abstract = "Tunneling Mechanism has been proven as an option to link the communication between IPv6 networks and IPv4 environments without incurring the high costs of upgrading equipment. However, this mechanism has reduced the network performance and downgrade the level of security if compared to the native IPv6 network. The Transition Mechanism has also become a covert channel for spreading threats without being acknowledged by the network security tools. Even though the issue has been raised in the set of IETF rules, still they do not provide any recommendation to overcome the problem. Based on this reason, this study explored the effectiveness of conventional network security tools to detect any anomalies occurring on a tunneling mechanism especially against packet flooding attack in IPv6 tunneling. In order to achieve this objective, a testbed that has been deployed with conventional firewall and IDS is used to simulate the IPv6 to IPv4 tunneling mechanism, several network attacks are then launched and the network traffic is then captured to be analyzed. The result shows that the firewall with the default settings had blocked all the tunneling packets, while the firewall and IDS with the default rule of set had performed well in IPv4 but not in the IPv6 tunnel.",
    keywords = "Firewall, Flooding attack, Intrusion detection, Network analyzer, Tunneling",
    author = "Nazrulazhar Bahaman and Prabuwono, {Anton Satria} and Mas'ud, {Mohd Zaki} and Abdollah, {Mohd Faizal}",
    year = "2012",
    doi = "10.3923/itj.2012.191.199",
    language = "English",
    volume = "11",
    pages = "191--199",
    journal = "Information Technology Journal",
    issn = "1812-5638",
    publisher = "Asian Network for Scientific Information",
    number = "2",

    }

    TY - JOUR

    T1 - Effectiveness of security tools to anomalies on tunneled traffic

    AU - Bahaman, Nazrulazhar

    AU - Prabuwono, Anton Satria

    AU - Mas'ud, Mohd Zaki

    AU - Abdollah, Mohd Faizal

    PY - 2012

    Y1 - 2012

    N2 - Tunneling Mechanism has been proven as an option to link the communication between IPv6 networks and IPv4 environments without incurring the high costs of upgrading equipment. However, this mechanism has reduced the network performance and downgrade the level of security if compared to the native IPv6 network. The Transition Mechanism has also become a covert channel for spreading threats without being acknowledged by the network security tools. Even though the issue has been raised in the set of IETF rules, still they do not provide any recommendation to overcome the problem. Based on this reason, this study explored the effectiveness of conventional network security tools to detect any anomalies occurring on a tunneling mechanism especially against packet flooding attack in IPv6 tunneling. In order to achieve this objective, a testbed that has been deployed with conventional firewall and IDS is used to simulate the IPv6 to IPv4 tunneling mechanism, several network attacks are then launched and the network traffic is then captured to be analyzed. The result shows that the firewall with the default settings had blocked all the tunneling packets, while the firewall and IDS with the default rule of set had performed well in IPv4 but not in the IPv6 tunnel.

    AB - Tunneling Mechanism has been proven as an option to link the communication between IPv6 networks and IPv4 environments without incurring the high costs of upgrading equipment. However, this mechanism has reduced the network performance and downgrade the level of security if compared to the native IPv6 network. The Transition Mechanism has also become a covert channel for spreading threats without being acknowledged by the network security tools. Even though the issue has been raised in the set of IETF rules, still they do not provide any recommendation to overcome the problem. Based on this reason, this study explored the effectiveness of conventional network security tools to detect any anomalies occurring on a tunneling mechanism especially against packet flooding attack in IPv6 tunneling. In order to achieve this objective, a testbed that has been deployed with conventional firewall and IDS is used to simulate the IPv6 to IPv4 tunneling mechanism, several network attacks are then launched and the network traffic is then captured to be analyzed. The result shows that the firewall with the default settings had blocked all the tunneling packets, while the firewall and IDS with the default rule of set had performed well in IPv4 but not in the IPv6 tunnel.

    KW - Firewall

    KW - Flooding attack

    KW - Intrusion detection

    KW - Network analyzer

    KW - Tunneling

    UR - http://www.scopus.com/inward/record.url?scp=84857205650&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=84857205650&partnerID=8YFLogxK

    U2 - 10.3923/itj.2012.191.199

    DO - 10.3923/itj.2012.191.199

    M3 - Article

    VL - 11

    SP - 191

    EP - 199

    JO - Information Technology Journal

    JF - Information Technology Journal

    SN - 1812-5638

    IS - 2

    ER -