The Research And Design Of Interactive Protection System Based On IPv4/IPv6 Dual Stack

Nowadays,the IPv4 network is suffering more and more problems,especially the lack of address space as well as the network security flaws,so the next generation IPv6 network has become people's focus of the research.But the transition from IPv4 to IPv6 will not be completed in one night,and two protocols will coexist in a very long period. The hackers can intrude internal network easily in the enviroment of IPv4/IPv6 coexisting.This thesis focuses on solving the defending problems of network security during the transition from IPv4 to IPv6.The main goal is to design and implement an Interactive Protection System supporting both IPv6 and IPv4 network environment,and the main work made by this thesis includes the followings:(1) Research and analyze the security mechanism and the impact to the traditional network in the environment of ipv6;analyze and summarize the unique features of the IPv6 invasion;analyze and point out the drawbacks of Firewall and IDS in separate application and illustrates the necessity,complementarity and security for developing Interactive Protection System.(2) Study the features of IPv6/IPv4 in detail;design and complete the rapid packets capture module and the dual-stack analysis module;On this basis,design the IPv4/IPv6 intrusion detection rule syntax and design the rule resolving and matching modules.(3) Research the mechanism of packets fragmentation and the technique of TCP flow reassembly,as well as the principles of port scanning under IPv6.On this basis, design the fragmentation and flow reassembly pre-processing module and the port scanning pre-processor under IPv6.(4) Analyzing and compare the current common methods of interactive technique; employ the long-range interactive technique,and make the XML as the markup language for the interactive control information which is used by the Interactive Protection System and Firewall to communicate with each other.Meanwhile,realize the modules of query alarm and log,the generating module for interactive control information,the sending module for interactive control information on the Interactive Protection System side;and the linkage processing module for the filter rule on the Firewall side.(5) Test and analyze the functional modules of the system.The test results show that the system is feasible,and has some certain advantages in the aspects of extensity and stability.