共查询到20条相似文献,搜索用时 46 毫秒
1.
2.
胡拥兵 《数字社区&智能家居》2010,(9)
DoS攻击一直是Internet最主要的威胁。随着Internet的发展,IPv6毫无疑问将代替Internet现在的主要协议IPv4。该论文主要关注IPv6下使用IPSec配置或不使用IPSec的情况下的针对协议的DoS攻击,主要涉及与IPv6邻居发现协议(NDP)相关的DoS攻击。 相似文献
3.
张文慧 《数字社区&智能家居》2009,5(3):1585-1586
利用IPv6协议某些规程漏洞的攻击也越来越多。该文对IPv6局域网攻击的原理、网络检测技术的分类进行阐述,分析IPv6局域网攻击检测策略.设计了扫描攻击检测的实现方法。 相似文献
4.
张文慧 《数字社区&智能家居》2009,(7)
利用IPv6协议某些规程漏洞的攻击也越来越多。该文对IPv6局域网攻击的原理、网络检测技术的分类进行阐述,分析IPv6局域网攻击检测策略,设计了扫描攻击检测的实现方法。 相似文献
5.
基于IPv6的网络安全体系结构研究 总被引:2,自引:0,他引:2
比较了IPv4网络和IPv6网络面临的攻击,并分析了各种攻击所产生的安全威胁,详细阐述了IPv6网络在各层上为了应对安全威胁所需提供的安全服务.根据所需的安全服务,提出了基于IPv6的网络安全体系结构,并分析了其中用到的3种较新的安全技术.最后给出了安全体系结构在工程中的应用并构建了一套动态安全防护体系,同时给出了安全服务完备性的简单证明. 相似文献
6.
胡江涛 《电脑编程技巧与维护》2009,(20):111-112
IPv6无疑要比IPv4更加安全,但其本身就不是认证加密所能解决,而且就目前来看IPsec的大规模应用还有许多问题需要解决。本文详细分析了IPv6网络的DoS/DDoS攻击并针对IPV6可能面临的各种形式的拒绝服务攻击展开了讨论。 相似文献
7.
DDoS攻击是当今IPv4网络上最严重的威胁之一,IPv6网络在安全性方面的设计十分优越,但由IPv4过渡到IPv6网络还需要一些转换机制,本文对转换机制中存在的安全问题进行了介绍,并着重分析了TunnelBroker(隧道代理)机制下的DDoS攻击。 相似文献
8.
IPv6强大的寻址方案和对移动性的支持,使其在WLAN中的应用成为一种趋势。WLAN为用户提供了便捷接入的同时,也带来相较于有线网络更大的安全威胁,IPv6的邻居发现协议和自动配置功能等这些特点使得WLAN的接入安全变得更为复杂。设计一个IPv6 WLAN环境下的安全网关,能够检测到网络中潜在的漏洞和威胁,通过搭建实验环境,并对未授权接入、DAD DOS攻击和重定向攻击三种安全威胁进行了仿真,实验结果证明该安全网关的有效性。 相似文献
9.
10.
11.
源追踪技术提供对真实攻击来源的有效追踪,有利于实时阻断、隔离DDoS等网络攻击。目前的源追踪方法大多是使用IPv4包头中很少使用的16位标识域保存经过的路由器信息,不适用于IPv6环境。本文提出一种IPv6下基于改进的SPIE源追踪方案。该方法利用路由器,使用Bloom filters数据结构保存转发的数据包的摘要,减少了耗费的存储空间,同时时保护了数据包的机密性;它不但适合DDoS攻击的源追踪,还能进行单个数据包的源追踪。 相似文献
12.
13.
14.
IPv6安全脆弱性研究 总被引:8,自引:0,他引:8
IPv6作为可控、可信、可扩展的下一代网络核心协议已经从试验阶段走向实际应用。普遍认为IPv6因有IPSec而比IPv4更安全,但IPv6网络在实际部署中往往没有实施IPSec。IPv6协议在没有IPSec时的安全性,特别是过渡时期和IPv6协议自身的安全性问题值得深入研究。主要研究了IPv6在没有IPSec时的安全性。首先对IPv6网络中的攻击和安全问题进行了分类和概述,然后分两部分重点讨论了过渡时期的安全性和IPv6特有的安全性,并给出了一些攻击和漏洞的防护建议。 相似文献
15.
Dynamic Host Configuration Protocol (DHCP) is used to automatically configure clients with IP address and other network configuration parameters. Due to absence of any in-built authentication, the protocol is vulnerable to a class of Denial-of-Service (DoS) attacks, popularly known as DHCP starvation attacks. However, known DHCP starvation attacks are either ineffective in wireless networks or not stealthy in some of the network topologies. In this paper, we first propose a stealth DHCP starvation attack which is effective in both wired and wireless networks and can not be detected by known detection mechanisms. We test the effectiveness of proposed attack in both IPv4 and IPv6 networks and show that it can successfully prevent other clients from obtaining IP address, thereby, causing DoS scenario. In order to detect the proposed attack, we also propose a Machine Learning (ML) based anomaly detection framework. In particular, we use some popular one-class classifiers for the detection purpose. We capture IPv4 and IPv6 traffic from a real network with thousands of devices and evaluate the detection capability of different machine learning algorithms. Our experiments show that the machine learning algorithms can detect the attack with high accuracy in both IPv4 and IPv6 networks. 相似文献
16.
17.
《Information Security Journal: A Global Perspective》2013,22(3):100-106
ABSTRACTThis paper discusses the decision-making process for rolling out IPv6 in an organization today. The author walks the reader through a pragmatic operational approach to implementing IPv6 and securing it against common attacks. There is a brief technical overview explaining the various IPv6 mechanisms, but the overall intent is to highlight the various key decision points architects will face while implementing IPv6. The intent is not to take the reader down into the technical bowels of any given process, but rather to shine a light on the many topics of concern that management must consider when deploying IPv6. 相似文献
18.
《Information Security Journal: A Global Perspective》2013,22(1-3):136-150
ABSTRACTLink local communication is one of the predominant components and intrinsic features of Internet Protocol Version 6 (IPv6) networks. IPv6 nodes utilize link local communication for ascertaining the presence of other nodes on the link, for resolving their link local addresses, and for determining the reachability information of the other nodes. To achieve link local communication, IPv6 nodes employ the services of Neighbor Discovery Protocol (NDP). The protocol also suffices and forms the fundamental core in IPv6 mobile communication, enabling multihop communication. The NDP presumes that the network consists of trusted nodes; however, with the genesis of public unsecured wireless networks, any random node with minimum authentication can affix itself to the link and launch various attacks. As in the case of NDP Stateless Address Auto Configuration (SLAAC), there is no inclusion of central address configuration servers, thereby making the process vulnerable to denial-of-service (DoS) attacks on duplicate address detection (DAD). Also, in the case of the NDP address resolution process, man-in-the-middle attacks (MITM) can be launched, whereby the attackers impersonate the legitimate nodes address. Thus access to the link can be obstructed and network traffic can be redirected without the knowledge of users. To vanquish these problems, the Internet Engineering Task Force (IETF) proposed the use of cryptographically generated addresses (CGAs), which are an intrinsic element of the Secure Neighbor Discovery (SEND) protocol. The use of CGAs ensures message integrity, authentication, and address impersonation mitigation, but at the cost of higher computation and resource utilization. This article proposes some novel approaches for securing IPv6 link layer communication operations. These techniques are implemented programmatically for securing DoS on IPv6 DAD and MITM attacks and used as an alternate approach for CGAs and the SEND protocol. 相似文献
19.
20.
随着IPv6技术的稳步发展以及移动IPv4面临移动性、安全性差等越来越多的问题,移动IPv6由于取优良的性能而日益引起人们的关注。如何防止绑定更新消息遭受攻击是移动IPv6在开放式环境中面临的难题。本文针对CAM协议的不足提出了一个扩展的CAM协议。该协议实现了协议双方的相互认证并能抗DOS攻击。最后对该协议的安全性和功能进行了分析与论证。 相似文献