| The source address of the existing network addressing architecture for receiving and forwarding IP packets packet does not check it.what’s more, the packet source IP address is easy to modify, which leads to more attacks Attackers forge message source IP address, not only weakened the capacity of existing network defense mechanisms to detect and filter attack packets, but also provides a method for attackers to evade legal responsibility.In the IPv6architecture, Tsinghua University Network Center proposed inter-domain source address validation (SMA State Machine based Anti-spoofing) program, which builds trust an Alliance.It can guarantee IP packet source address prefix,which comes from the members of the alliance is correct. By deploying the program, AS border router (AER) can filter out forged source IP address packets to protect hosts and servers within the local AS.This paper firstly elaborates on the source address validation scheme, analyze their application in AS domains and focuses on the SMA scheme; secondly, it describes the requirement analysis and design of AER function. after that, by using C language for software development under the environment of Linux, we achieve in the function of AER, including the communication with AS control server, receiving and storage of the address prefix and tag information, timely response to query the survival of ACS; Finally, the compiled module testing are made to ensure normal function. |
PDF Full Text Request