Design And Implementation Of IPV6Campus Access Anti-Attack System

In the current Internet network, IPv4protocol has already been used for nearly20years successfully. The applications and devices based on the IPv4are already mature and a large scale. But keeping with the rapid development of Internet technology and the growing scale, the IPv4protocol exposed many problems. The most important issue is the IPv4limited address space. Especially, in China there are vast population, but were assigned relatively small number of IPv4addresses. That will affect the Internet further development and new business expansion inevitably. From1995IETF has been already began to study and develop the next generation IP protocol-the IPv6protocol. IPv6address was designed of128bit address, thus can almost offer unlimited IPv6address. So this can solve the problem of shortage of IPv4addresses. In additional, IPv6protocol also has host address autoconfiguration, hierarchical addressing mode, efficient IP packet header, quality of service, mobility, authentication and encryption. These features can support Internet services and new business preferably.ND protocol insteads of IPv4ARP protocol in the IPv6network, IPv6security technologies must be updated in the IPv6network access layer for meeting the requirements IPv6network. And IPv6access layer security technology should be able to coexist with IPv4access layer security technology for meeting the requirements of IPv6/IPv4dual stack network. Relative to the ARP protocol, ND protocol only expands the function and still does not provide the authentication mechanism, so the ND protocol still let the hosts on the network to be unsafe. There are still the risk of being attacked similar with ARP protocol and the attack against ND protocol is very easy. In addition, the new type packet of the ND protocol, RA and RS packets can simplify network management, but bring new security risks. Not only spoofing attacks and DAD attacks, but also attacks against the RA message need be focused in the IPv6network access layer.In this thesis, we firstly introduce the address format of the IPv6protocol, packet characteristics, IPv6ND protocol and its main functions. Then presentation the security threat in the IPv6campus network access layer and analysis the characteristics of these attacks. Next display a design overview of the ND attack defense system and the system for detailed design. Last part is the analysis of functional tests for the system.