电信科学 ›› 2013, Vol. 29 ›› Issue (10): 108-113.doi: 10.3969/j.issn.1000-0801.2013.10.019

• 研究与开发 • 上一篇    下一篇

IPv6网络协议中分段机制安全问题的研究

王相林,朱晨,孙冬梅,李明月,沈清姿   

  1. 杭州电子科技大学计算机学院 杭州310018
  • 出版日期:2013-10-15 发布日期:2017-06-19
  • 基金资助:
    国家自然科学基金资助项目;国家自然科学基金资助项目;浙江省大学生新苗人才计划科技成果推广基金资助项目;杭州电子科技大学优秀学位论文培育基金资助项目

Research of Fragment Mechanism Security in IPv6 Network Protocol

Xianglin Wang,Chen Zhu,Dongmei Sun,Mingyue Li,Qingzi Shen   

  1. School of Computer Science and Technology,Hangzhou Dianzi University,Hangzhou 310018,China
  • Online:2013-10-15 Published:2017-06-19

摘要:

以开源Snort 平台为基础,探讨IPv6网络的分组分段机制,对利用IPv6分组分段来攻击网络的行为进行了研究。针对其中IPv6过小分组分段、重叠分段等问题提出了相应的应对措施,设计并实现了针对分段漏洞进行检测的入侵检测机制。通过实验表明,所设计的入侵检测机制能够检测相关异常的IPv6分段分组,对Snort支持IPv6功能进行了改进和优化。

关键词: IPv6网络安全, 入侵检测系统, 扩展首部, 分段机制

Abstract:

Based on open source Snort platform,the packet block mechanism in IPv6 network was discussed.The behavior using IPv6 packet fragment to attack network was studied.Against to the problems,such as too little for IPv6 packet segment,overlapping section and so on,it put forward the corresponding countermeasures.The intrusion detection system were designed and implemented for piecewise leak testing.The experiments show that the design of intrusion detection system can detect the abnormal IPv6 packet,and Snort to support for IPv6 function was improved and optimized.

Key words: IPv6 network security, intrusion detection system, extension header, segmented mechanism

No Suggested Reading articles found!