摘要
IPv6作为下一代互联网协议将逐渐取代IPv4成为网络的核心技术,并得到越来越广泛的应用。邻居发现协议(NDP)协议是IPv6协议中1个较底层的协议,主要用于解决连接在同一链路上节点之间的互连问题。但随着IPv6的广泛使用,NDP由于缺乏安全机制成为多种攻击的主要对象。介绍了邻居发现协议(NDP)的工作原理,分析总结了由于协议自身缺陷而导致的安全威胁:重定向和拒绝服务攻击,阐述了IPv6下NS/NA欺骗的一般原理,利用Libnet设计实现了ICMPv6的NS/NA欺骗并验证其攻击效果,为将来开发安全的NDP奠定了基础。
IPv6 will gradually replace IPv4 as the next generation of the Internet protocol.It will gain widespread deployment as a significant evolution of IPv4.Neighbor discovery protocol(NDP) is a network layer protocol in IPv6 protocol stack,and it is mainly used for solving the interconnection problems among all nodes on the same link.However,with the widespread use of IPv6,NDP becomes a vulnerable target of most attacks because of the lack of security mechanisms.Based on the analysis of principle on IPv6 NDP,a summary of its security threats including redirect and denial of service attacks is given.The general principles of NS/NA Spoofing are discussed.The design and specific implementation approach for NS/NA Spoofing of ICMPv6 which uses the Libnet and the effect of attack is verified.This paper laid a foundation for the future development of the secure NDP.
出处
《电子测量技术》
2011年第8期122-125,共4页
Electronic Measurement Technology
