Research Of Intrusion Prevension System In IPv6Transition Environment

IPv4network brings out all kinds of problems and limitations with the development of technology and network, So it is certain that IPv6network will replace IPv4.At the same time, people come to realize the importance of the network security, the IPS(Intrusion Prevention System) as one of the most important security tool needs to adapt to IPv6network development as well. While IPv4and IPv6are compatible, it is not easy for us to accomplish the transition. At present the mature IPv6intrusion prevention products are in studying. Thus there is more realistic significance to speed up the pace of research IPv6intrusion prevention system.This paper has a deep research on famous open source intrusion detection system based on Snort in IPv4network, using the technology of the protocol analyzing, summarizes the IPv6network characters. Basing on the Snort platform, this paper also gives an overall design for IPS safety architecture named IFIS(IDS and Firewall and IDS System) according to the defects of current network safety models and realizes the key module of it. The major works are as follows:1, Research the advantage of IPv6protocols compared to IPv4protocols, research the theory, working manner, and the classification of IPS, and summarize the advantages and disadvantages. Based on the above research, this paper gives an overall design of IPS in the transition phase, it realizes the linkage among linkage console, Snort and firewall, and we propose a scheme that Snort can detect the IPSec packets in IPv6environment. The architecture has high efficiency in protecting the network.2, Research the realization and prevention mechanism of intrusion prevention, and realize its supporting to IPv6environment, design the transportation analyzing module to judge the packets version by setting IPv4and IPv6options. According to the accomplishment of the option model, it achieves the prevention function in transportation environment.3, Research the detail process of analyzing packets by Snort, adding DecodeAH function in Snort packets decoding model aimed at Snort can not detect those packets deal with IPSec, improve the capability of detecting packets for Snort.4, Research the IP_Queue mechanism, the implementation ways between user space and kernel space in Linux, and the hook of Netfilter, design a IPv6registered module of routing expansion header in PREROUTING hook named queue_iprt0.This model mainly realizes the rules of iptables function. In summary, this paper design and realize the IFIS system including intrusion prevention subsystem, firewall subsystem, linkage control subsystem and linkage console subsystem. In theory, the IFIS system has its own advantage compared to current IPS system. In the aspect of experiment, this paper accomplish the key modules of the system, including the different packets capture modes, the packets prevention in IPv6circumstance, analyzation of transporting packets, IPv4and IPv6option module, IPv6registered module of routing expansion header, etc. It is an improved system of IPS which expanding the application environment of IPS and providing a good foundation for the research of intrusion prevention in transition phase in the future.