| The research on network attacks is one of many important research areas in IPv6.This paper analyses and implements various forms of IPv6 network attacks, including but not limited to attacks on neighbor discovery protocol(NDP), attacks on mobile IPv6 and attacks on IPv4/IPv6 transition technologies.The main work of this paper is as follows:A detailed analysis of network attacks on NDP, mobile IPv6 and IPv4/IPv6 transition technologies is given. In regard to NDP, the paper analyses attacks such as address spoofing, router advertisement spoofing, route redirect and etc. In regard to mobile IPv6, the paper analyses forged binding update attacks during home registration and correspondent registration. In regard to transition technologies, the paper analyses attacks by abusing IPv4 compatible address and 6to4 address.An analysis of several security mechanisms is given. As to NDP, the paper analyses the drawbacks of the secure neighbor discovery protocol (SEND) and points out the attack method aiming at it. As to mobile IPv6, the paper analyses some problems in the application of IPSec and return routability procedure (RRP) and also points out the attack method of RRP.As proof-of-concept, an implementation of various network attacks mentioned above is given. In the implementation, a linux network device driver is written in order to send and capture native packets.Finally, a new countermeasure to mobile IPv6 network attacks is proposed. A partial implementation is given based on 802.1x and AAA technologies. |
PDF Full Text Request