基于SNORT的IPv6入侵检测系统的研究与实现

本文探讨了实现IPv6入侵检测系统的关键技术——规则构造和解析、IPv6包结构解析、IPv6快速规则匹配、IPv6分段重组、对过渡技术的支持、兼容IPv4等，并以SNORT的最新版本V2.2为基础实现了一个支持IPv4、IPv6和过渡技术的入侵检测系统。通过测试，该入侵检测系统能够检测出各种常见的IPv6入侵行为，在最小包长情况下能达到百兆比特每秒线速。

Research and Development of IPv6 IDS Based on SNORT

Intrusion detection technology,the second protection barrier beyond firewall, is one of the most important network security technologies. After several years' development, IPv6 is becoming maturity. It is necessary and urgent to research and develop the intrusion detection system (IDS) under IPv6 environment. SNORT, written in C, is a well-known, open source, lightweight network intrusion detection system. SNORT supports various hardware and software platforms and has been a research paradigm of IDS for its clear structure, easy extensibility owed to the plug-in mechanism. This paper discusses the key technologies related to IPv6 IDS, including rules construction and parsing, IPv6 packet decoding and fast matching, IPv6 fragmentation and reassembly, transition technologies support and IPv4 compatible, etc.. An IPv6 IDS, based on SNORT2.2, the latest version, is accomplished, which supports IPv4, IPv6 and transition technologies. By testing, this IDS, on the one hand, can detect various IPv6 intrusions; on the other hand, as for the performance, this IDS can reach the line speed under the hybrid traffic of IPv4 and IPv6 of the minimum packets.