摘要
目前的网络是基于IPv4的,但是IPv4的种种局限性限制了网络的持续高速发展。这时候IPv6被开发出来作为IPv4的替换品I。Pv6有很多的优势,例如巨大的地址空间、自动配置机制、简化的报头结构、内置IPSec、扩展报头以及对流标签的支持等。但是,IPv6中的安全漏洞也陆续被发现。路由报头是一种扩展报头,可以让一个IPv6源地址经过若干中间节点之后到达目的地址。路由报头可以使攻击者绕过安全系统的访问控制检查,访问到受保护的内部主机。介绍了一种解决IPv6路由报头安全漏洞的方案。
Current intemet is based on IPv4 protocol, but the limitation of IPv4 put obstacle to the development of intemet. IPv6 is carried out as an alternative of IPv4, IPv6 has many features such as: 128 bit address, auto-configuration mechanism, simple header format, using IPSec, extend header, support of flow label. Meanwhile security holes of IPv6 are fined. Routing header is a kind of extend header, to let the source list one or more intermediate nodes to be visited on the way to the destination. Routing header make it possible for attackers to detour the security system, and visit the internal hosts, this causes new security problems. The scheme introduced in this article solves the security holes caused by using routing header.
出处
《计算机工程与设计》
CSCD
北大核心
2008年第12期3055-3057,共3页
Computer Engineering and Design
