| Now, IPv6 has been deploying in many countries. People are used to believethat IPv6 is more secure than IPv4, and experts are likely to share their opinionabout how IPv6 is more secure. But does IPv6 do bring so much security aspeople generally believe? No, I don't think so. Somebody may argue that IPsec assome mandatory part of IPv6, it will certainly bring much more security. Myanswer to this is: Yes, IPsec do bring some security, but not enough yet.In this paper, many IPv6 security problems will be discussed and analyzed indetails. Including how current network attack methods will perform under IPv6enviroment and what potential attack means will rise with IPv6's newcharacteristics. Specially, IPv6 couldn't restore DoS/DDoS attacks well, so wewill discuss these problems a little more.Then we design three DoS/DDoS detection methods with considering to IPv6source address forge, SYN flood and data flood respectively. This paper alsointroduces a new improved network security model based on current one andargues its advantages over generall model.Finally we design and realize an IPv6 protocol analyzing module. This moduleis designed for NIDS, using as part of NIDS. But here we also realize theDoS/DDoS detection methods upon it. Because it's believed that realizingDoS/DDoS detection while analyzing the protocol is more convenient thanimplementing it in up-layer module independently. |
PDF Full Text Request