SEUI-64, bits an IPv6 addressing strategy to mitigate reconnaissance attacks

Abstract It has been widely assumed by the research community that the network reconnaissance attacks in IPv6 networks are unfeasible because they would take tremendous effort to perform address scanning of 264 hosts in an IPv6 subnet. However, recent research has revealed feasibility of these attacks by investigating a number of native IPv6 networks. The research concluded that an intelligent attacker could easily reduce the target search space by predicting the network host addressing schemes when performing the scanning. This indeed enhances security concerns and undermines the chances of IPv6 being deployed. This paper outlines the IPv6 addressing strategies currently used and proposes a new strategy to mitigate reconnaissance attacks. The new strategy is evaluated against some reconnaissance attack approaches and compared with some recent IPv6 addressing strategies. The experimental results confirm the effectiveness and validation of the addressing strategy in terms of the mitigation of reconnaissance attacks.