| IPv6 is the kernel protocol of the next generation. Current research concentrates on organizing the IPv6 network and testing protocols, while studying on the network threat and security defence about it is still absent. So based on the need of the task, the thesis studies the security threats and netwok attack under the environment of IPv6 and introduces the corresponding resolutions to them. Totally, the thesis finished the following work:1. Analyzes the IPv6 theory, protocol architecture, and the characteristics it introduce, compares between IPv6 and IPv4, gives out the advantages of IPv6.2. Based on the network architecture, this paper analyzes and totalizes the security threats and network attacks which easily happened in the environment of IPv6, including the traditional security threats and the peculiar network attacks of IPv6 such as network sniffering based on EUI-64 address, IPv6 multicast address and fabricated router advertisement, the attacks aiming at ICMPv6 protocol, neighbor disvovery protocol (NDP)and address autoconfiguraiton3. Studies the main security problem of NDP-fabricated IP address attack caused by the default precondition that nodes in thd same link are authentic each other. Gives out the resolution to it that using CGA technology, enhances the CGA address's encryption level by changing the CGA parameter data structure.4. Studies and designs an intrusion detection system in the environment of IPv6 which is compatible of IPv4, it posess the ability of decoding, checking and matching packets supporting both IPv6 and IPv4. Besides, the traditional rule matching algorithms are studied and improved, at the same time, several matching algorithms are tested and the results are given out.Finally, the thesis concludes the finished work and the existing drawbacks, and puts forward with some suggestions to future development. |
PDF Full Text Request