| The TCP/IP-based Internet has great development in the last decade. It has becomean important infrastructure for production and living of human being. But the routingsystem in today’s Internet only forward packet according to its destination address,regardless of the source address. Due to the lack of source address verification, theaddress spoofing attack is easy to launch and hard to prevent in this situation. It hasbecome a crucial security problem of today’s Internet. Many researchers have proposeda lot of methods try to solve address spoofing problem but do not have satisfyingsolution. Domestic researchers have proposed architecture of anti-spoofing. They divideInternet to three levels: Inter-domain, Intra-domain and Access network, and solveanti-spoofing in these three levels independently.Based on previous works of members in laboratory, this paper proposed a novelInter-domain source address verification method, which is called State Machine basedAnti-spoofing, based on IPv6. The main idea of SMA is set up an alliance forautonomous system that has already deployed this method. The packets travel betweenalliance members would be tagged and checked. No alliance member can fake anaddress and no packet which does not come from a member of alliance can fake anaddress in the alliance. The major contributions of this paper are:1) Design thearchitecture of SMA. Design registration center server (REG), autonomous systemcontrol server (ACS) and edge router (AER) in SMA method, including thecommunication protocol and the failure recovery mechanism.2) Implement REG andACS which on work on Linux, Implement AER in the cooperation with devicemanufacturer. Fix problems hidden in design.3) Set up test bed for SMA, finishexperiments of both function and performance in the test bed and deploy SMA onCNGI-6IX, CERNET2backbone, to verify the function of this method.4) Analyze thefiltering performance of SMA in theory and improve it. |
PDF Full Text Request