| While the 128-bit address space in the next-generation Internet protocol IPv6 effectively solves the problem of insufficient IPv4 addresses,it also brings huge challenge s to the management and allocation of IPv6 network addresses.There are a huge number of IPv6 network addresses that can be used in the default 64-bit IPv6 address sp-ace,but there are very few active IPv6 addresses at the same time.In addition,IPv6 also designs multiple address configuration methods for different purposes.Traditional address scanning tools cannot effectively scan and detect the target IPv6 address space within an acceptable time.Current research directions mainly include persistent and publicly obtainable IPv6 network addresses,inferring IPv6 address allocation patterns,and designing algorithms to generate IPv6 to be detected Addresses and etc.,rely heavily on the feature string in the IPv6 address to reduce the space to be scanned for the target IPv6 address,and lack a heuristic method to reduce the target IPv6 address space.In response to the above problems,this thesis integrates heuristic methods and stat eless scanning methods,and proposes a heuristic method to reduce the target IPv6 address space,which mainly includes the following three research contents:1.Aiming at the configuration details of IPv6 addresses in the operating system,a method combining static analysis and dynamic operation is proposed.In order to clarify the configuration details of IPv6 addresses under several operating systems on the desktop and mobile terminals,first,static analysis methods are used to study the characteristic strings in various types of IPv6 addresses and the configuration process and details of IPv6 addresses in Linux.Secondly,build a real IPv6 network topology and use dynamic operation methods to connect IPv6 nodes with different operating sys tems to the network to study the changes in IPv6 addresses.2.Aiming at the problem that the current reduction method is extremely dependent on the feature string in IPv6 address,a heuristic method for reducing the target IPv6 address space is proposed.This method draws on the research work of computer virus scanning,ignores the influence of IPv6 network address feature strings and heuristically reduces the detection space of target IPv6 addresses to be scanned based on the reciprocity of set elements.The usage of the target IPv6 address space is clarified by counting the number of different set cardinals,and the address dense area algorithm is proposed to clarify the address dense area of the target IPv6 address space in order to carry out targeted indepth scanning and detection work.In addition,this thesis also proposes an address scanning detection strategy that combines active scanning and passive monitoring to carry out scanning and detection of the target IPv6 address space.3.Aiming at the problem that traditional address scanning tools cannot effectively scan and detect the target IPv6 address space,a IPv6 address scanning tool is designed and implemented based on the principle of stateless address scanning.The tool bypasses the TCP/IP protocol stack in the Linux network module,and sends the constructed Ethernet frame in the user mode directly through the network card driver via the system call.While ensuring the efficiency of sending Ethernet frames,an IPv6 network packet sniffer is also set up to process the response packets of the target IPv6 addresses,so that the sending logic does not need to wait for the response of the target IPv6 addresses,and processes the response packet target IPv6 addresses in a stateless manner. |
PDF Full Text Request