IPSec and ICMP do not go along too well in case of IPv6. Manual configuration is desired in this regard. Absence of IPSec makes ICMP less potent against any external threat and makes it no more effective than IPV4 network. In case of IPV6, built in ICMP can prevent the challenges that are faced otherwise. Ping of Death, ping flood are two vulnerabilities of same kind (Javvin, 2007, 236)
The challenge of ICMP vulnerability can be overcome via usage of SeND (Rooney & Dooley, 2013,33), which provides an alternate to using IPSec and thereby secure NDP and neighbor location process. Although SeND is not compatible with all hardware devices at present. Secure Neighbor Discovery function is another backup action that allows preventing any loophole that may be caused by the ICMP and IPSec compatibility factor.
The incompatibility of the two in turn impacts the presence and proper working of SLAAC. As a result of this, spam, unauthorized and impersonated entry attempts are made with little protection of the network. Router advertisement messages can be faked for original messages.
ICMP vulnerability can result in barring of the host from acquiring a correct address that is directed towards the destination. Hence if the ICMP security concern is handled properly Neighbor determination and fragmentation are two functions that can be effectively implemented through ICMP. Inserting of cryptographic generated address allows for more secure operations and reduced ICMP security vulnerability concerns. Sorting out the manual configuration is another factor that can strengthen the ICMP usage case in IPV6 network.
Graziani, R. (2012). IPv6 Fundamentals: A Straightforward Approach to Understanding IPv6. Cisco Press.
Javvin. (2007). Network Dictionary. Javvin Technologies Inc.
Rooney, T., & Dooley, M. (2013). IPv6 Deployment and Management. John Wiley & Sons.