Implementación de un prototipo como sistema detector de intrusos para detectar ataques dirigidos al protocolo IPV6 desarrollado con herramientas Open Source.

Abstract

The research work has increased security on the local network by detecting attacks targeting the IPv6 protocol that can compromise confidentiality, integrity and availability. We compared the indicators considered in the variables and applied the descriptive and inferential statistics for the demonstration of the hypothesis. The software tools used were: Virtual box that allowed the virtualization of Linux distributions, security Onion, specialized distribution in intrusion detection systems, Snort as detector system engine, Graylog as IPv6 log manager, TCHIPv6 suite as IPv6 traffic generator Malicious and Wireshark as an analysis tool for IPv6 traffic frames. lt was developed implemented, and compared the results obtained by working on the local network at the Faculty of lnformatics and Electronics from the ESPOCH, among the prototypes I (Security Onion using the custom rules and coupled the logs management module) and II (Security Onion using the official rules of Snort) which obtained a valuation of 16 and 4 points according to the Likert scales respectively. lt is concluded that the proposed system detects and manages the intrusion alerts improving three times the level of security within the local network. lt is recommended that students or professionals interested in the subject continue the analysis of abnormal patterns of IPv6 traffic in order to increase the number of IPv6 alerts to detect.