Study On The Prevention Mechanism Of DDoS Based On Packet Marking Working On IPv6

With internet popularized quickly, more and more people attach importance to network security. Many kinds of hacker's tools and network attack measures are appearing, and make many networks and users be damaged, among which DDoS(Distributed Denial of Service) attacks become one of the common network attack techniques by characteristics, such as extensive area, strong concealment, simpleness and efficiency ,etc. DDoS attacks greatly affected the effective service of network and host systems.DDoS engage the power of a vast number of coordinated internet hosts to consume some critical resource at the target by send a lot of echo quest at same time, make the service which from legitimate clients be denied. As a side effect, they frequently create network congestion on the way from a source to the target ,this attack utilize the disadvantage of existing IP protocol. The existing Security mechanisms do not provide effective defend measure to against. The use of source IP address spoofing and change the packet information make the attacker can disguise itself more effectily, the existing network pursue mechanisms and protect technology is unefficient to this.To keep DDoS attacks away more effectively. Many scholars study other security mechanisms by using new IP protocol- IPv6. Compare with IPv4, IPv6 have more advantages, the ability of protect network security excelled IPv4. But many security mechanisms which used now can not compatible with IPv4, so how to make these security mechanisms run normally is an important research aspect.In this paper, we firstly introduce the principle of DDoS, common tools and manners of attacks. Based on the groundwork, we construe the IP traceback, especially packet marking echnology in detail. on the other hand ,we introduce the characteristic of IPv6 in detail, compare it with IPv4 in their function. And simulate the experiment of DDoS attacks under network simulator.Secondly, we introduce a traceback scheme which based on packet marking: FDPM. We analyze the advantage and limitation of FDPM. Based on the groundwork, we give arithmetic and program to improve it to make it adapt to IPv6. We use some field which has not been define in IPv6 to storage the marker. By this way, the FDPM can work on IPv6 normally.Finally we give a summarization of this paper and present the next work we will do.