| IKEv2协议对DoS攻击的防范 |
| |
| 引用本文: | 赵华峰.IKEv2协议对DoS攻击的防范[J].现代电子技术,2007,30(24):147-149,152. |
| |
| 作者姓名: | 赵华峰 |
| |
| 作者单位: | 渭南师范学院,陕西,渭南,714000 |
| |
| 基金项目: | 渭南师范学院校科研和教改项目 |
| |
| 摘 要: | 对IKEv2协议的交换过程和主要工作原理进行分析,得出其存在着内存耗尽型和基于分片的DoS攻击的安全缺陷,针对内存耗尽型DoS攻击通过改进初始交换过程,增加Cookie信息来认证发起方杜绝IP欺骗引起的耗尽型DoS攻击,针对基于分片的DoS攻击采用增加IP地址分片重组列表的方案来进行抵御,这些针对DoS攻击的防范进一步增强了IKEv2的安全性。
|
| 关 键 词: | DoS攻击 安全联盟 IP 欺骗 |
| 文章编号: | 1004-373X(2007)24-147-03 |
| 收稿时间: | 2007-05-31 |
| 修稿时间: | 2007年5月31日 |
Defending Denial of Service Attack in the IKEv2 Protocol |
| |
| ZHAO Huafeng.Defending Denial of Service Attack in the IKEv2 Protocol[J].Modern Electronic Technique,2007,30(24):147-149,152. |
| |
| Authors: | ZHAO Huafeng |
| |
| Abstract: | The principal of Internet Key Exchange protocol(IKEv2) is analyzed and its exchange process is introduced.The security defect,which is the memory resource exhaustion DoS attack and based data fragment DoS attack is found.Then the way of using Cookie information to authenticate the initiator is given to defend the memory resource exhaustion DoS attack with IP deceiving.And the way of using IP list of recombining data fragment is put forward to defend the DoS attack based data fragment.All these can enhance the security of IKEv2. |
| |
| Keywords: | IKEv2 |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
