An Analysis of Neighbor Discovery Protocol Attacks

Round 1

Reviewer 1 Report

The introduction of the article could use improvements in terms of clarity, conciseness, and structure. The narrative often repeats points and takes roundabout ways to explain NDP vulnerabilities and the necessity of SEND, thereby losing focus. Also, there's an overemphasis on the limitations of SEND, overshadowing its potential benefits. The transition from NDP vulnerabilities to SEND adoption issues and public network risks is abrupt and disrupts the flow of ideas.

A clear attention-grabbing hook is missing, and the explanation of key acronyms, like IANA and IPv4/IPv6, is overlooked, potentially confusing readers unfamiliar with these terms. Lastly, while the sections of the paper are outlined at the end, it would benefit from a clear statement of the paper's purpose—where’s the research question(s)? Include this so that the introduction could be a more compelling and informative piece, enhancing its appeal to a broader readership.

Interestingly, the paper provides a valuable overview of NDP attacks and their potential impact on networks and operating systems and correctly identifies the flawed assumption of trust in local area networks, but it could have explored this issue more deeply, particularly the potential for insider threats and the need for robust network security measures. Also, the paper's discussion on the detection of NDP flooding attacks lacks technical detail on how distinct packet patterns are identified and analyzed.

The paper also falls short in its discussion of mitigation strategies. It mentions the creation of a network profile to define legitimate network service providers but fails to provide a detailed explanation or concrete example of how this would work in practice. Furthermore, the paper's discussion on IPv6 security is lacking. The authors state that IPv6 uses IPsec to protect data from unauthorized access but does not delve into the limitations of IPsec or potential exploits by attackers.

Lastly, the paper's testbed analysis and conclusions could have been more robust. The methodology used in the testbed analysis is not detailed enough, and the conclusions could have been more impactful with specific recommendations for future research or practical steps for network administrators. The paper could also have benefited from a comparative analysis with other protocols or security measures, and a discussion on the practical implications of these attacks. Despite these shortcomings, the paper provides a good starting point for understanding NDP attacks and their potential impact.

Fine, just minor edits and missing abbreviations.

Author Response

Dear Reviewer,

I would like to express my gratitude for your active involvement in improving our research output. We have taken your comments into consideration and have made an effort to address them.

We have updated the manuscript and have uploaded it for your review. We hope that our revisions successfully incorporate the points you raised.

Response 1: we have made improvements to the Introduction section to make it more succinct and organized. Additionally, we have included additional information related to the NDP protocol and the specific protocol extensions that were added to make it more secure. It is important to note that these extensions also add complexity to the protocol, which can make implementing these solutions quite challenging. We kindly request that you refer to line 40 of the paper for more information.

Response 2: We have made some revisions to the paper introduction in order to further clarify the research question and aims. You can find these updates on Lines 79 to 84. Additionally, we have provided greater clarity on the main terms utilized, including IPv4/IPv6. These updates can be reviewed on Lines 24 to 38. We hope these changes improve the overall readability and comprehension of the paper.

Response 3: we have updated the Result Discussion section to include additional information about NDP attacks. Please refer to line 399 for these updates. Additionally, we have provided more technical details on our methods for detecting NDP flooding attacks.

Response 4: In order to better understand how we protected our IPv6 network, we have included separate paragraphs in both the Result Discussion and Conclusion sections. These paragraphs outline the specific mitigation techniques that were employed. Additionally, in the Introduction section, we delve into the reasons behind the current lack of security when it comes to IPv6. For more information on this topic, please refer to Line 45.

Response 5: we have provided additional information regarding the testbed methodology and tools used in the tests. This information can be found on line 198. Additionally, we have made our conclusions more robust and have included recommendations for future work.

Thank you again for your valuable feedback and we look forward to hearing your thoughts on our updated manuscript.

Reviewer 2 Report

The Neighbor Discovery Protocol (NDP) is a network protocol used in IPv6 networks to manage communication between neighboring devices. Its main functions include mapping IPv6 addresses to MAC addresses and discovering the availability of neighboring devices on the network. However, deploying NDP on public networks carries risks such as address spoofing attacks, denial-of-service attacks, and man-in-the-middle attacks. While Secure Neighbor Discovery (SEND) is implemented to secure NDP, it increases protocol complexity and cost, hindering widespread deployment. Research highlights the potential hazards of deploying IPv6 networks in public spaces without protecting NDP messages, as these risks can crash the entire local network. Through experiments using a GNS3 testbed environment and packet analysis with Wireshark, it is demonstrated that attackers can execute various NDP attacks with just a few commands. This underscores the importance of protecting against these potential issues when deploying IPv6 in widely accessible public networks. The analysis results also provide insights into the behavior of NDP attacks, which can be used to define various types of NDP attacks.

Room for improvement:

-Provide a use case scenario and explain NDP attack generation and NDP attack effects.

-How the authors validate their results. Include this in the discussion section

-What are the limitations of generating NDP attack

-Focus on the economic loss of the NDP attack

Author Response

Dear Reviewer,

I would like to express my gratitude for your active involvement in improving our research output. We have taken your comments into consideration and have made an effort to address them.

We have updated the manuscript and have uploaded it for your review. We hope that our revisions successfully incorporate the points you raised.

Response 1: we have revised the NDP Attack generation and effect sections to provide a more detailed explanation of the attack generation process as well as the effects of the attacks. Please refer to line 198 for this information.

Response 2, we have added a paragraph to describe the validation of our results. Our testbed utilizes an operating system that serves as a trusted source for generating NDP packets. Please refer to line 399 for further details.

Response 3: We have included a paragraph that outlines scope and the limitations of generating an NDP attack. This information can be found on line 277.

Response 4: We have added several paragraphs that specifically address the economic impact of the NDP attack. These paragraphs can be found between lines 79-84.

Thank you again for your valuable feedback and we look forward to hearing your thoughts on our updated manuscript.

Round 2

Reviewer 1 Report

Thanks!