FINAL YEAR PROJECT 2

NAME : MOHD AMIRUL AIZZAD BIN HAMDAN

ID : 51262112129
TITLE : EVOLUTION OF IPV4 TO IPV6 AND SECURITY ANALYSIS
SUPERVISOR : SIR AHMAD ROSHIDI BIN AMRAN
RESULT/ANALYSIS
ITEM IPV4 IPV6
Address 32 bits long.
Various address classes are defined: A,
B, C, D, or E depending on initial few
bits
128 bits long.
The host portion of an IPv6 address will be
derived from a MAC address or other
interface identifier.
Address
Resolution
ARP is used by IPv4 to find a physical
address, such as the MAC or link
address, associated with an IPv4
address.
IPv6 uses Neighbor Discovery Address
Resolution to map an IPv6 addresses onto
a MAC address
Address types Three basic types: unicast address,
multicast address, and broadcast
address.
Three basic types: unicast address,
multicast address, and anycast address
Multicast
Addresses
uses "Class D" addresses (224.0.0.0 to
239.255.255.255) for multicast - optional
strong support for multicast. Multicast is
used extensively in IPv6 mechanisms, such
as Router Discovery and Stateless Address
Autoconfiguration, so support is
mandatory
ITEM IPV4 IPV6
Configuration Must configure a newly installed system
before it can communicate with other
systems
Configuration is optional. IPv6 interfaces
are self-configuring using IPv6 stateless
auto configuration
DHCP DHCP is used to dynamically obtain an
IP addres
DHCP does not support IPv6.
FTP FTP allows you to send and receive files
across networks.
FTP does not support IPv6
NAT Basic firewall functions integrated into
TCP/IP
NAT does not support IPv6
IPSEC IPSEC that have been modify from IPv6
to work with IPv4. might not work well if
NAT is used
originally created as a part of IPv6. does
not work well with NAT
Result /analysis
IPv4 SITE TO SITE IPSEC VPN
Result /analysis
IPv6 SITE TO SITE IPSEC VPN
Show crypto ipsec sa
THREAT COMPARISON
TYPE IPv4 IPv6
Reconnaissance Possibility is high More difficult because of address
length
Sniffing attack Possibility is high More difficult because of Ipsec
Application attack Same possibility Same possibility

Flooding attack Same possibility

Same possibility

Smurf attack Possibility is high

Ipv6 have no broadcast so smurf
attack is impossible.
Viruses and worms Possibility is high

Worm / Viruses which use Internet
scanning for propogation will
need to adapt to the vastly
increased size of IPv6 subnets.
IPv6 makes some things better/worse/different, but no
more or less secure
Better
Automated scanning and worm propagation is harder due to huge
subnets
Link-local addressing can limit infrastructure attacks
IPsec is a mandatory feature
Worse
Lack of familiarity with IPv6 among operators
Immaturity of software
Vulnerabilities in transition techniques
CONCLUSION
From the Packet Tracer, we can see the different in configuration for
Ipv4 and Ipv6 in term of address length, routing, packet header,
address resolution and else.
From Gns3, the Ipsec is working as its stated. The data is safely
encrypted into vpn tunnel from one end to another end.
In conclusion, Ipv6 clearly have more advantage than ipv4. ipv6
have more robust security thus will benefit the user from threat such
as scan attack, reconnaissance and Ip sweep.
From this, we can say that the objective have been achieved