Subjects: Computer Science >> Integration Theory of Computer Science submitted time 2018-04-17 Cooperative journals: 《计算机应用研究》
Abstract: The existing technologies for protecting IPv6 nodes by address hopping rely on time synchronization or event synchronization, utilizing the good mobility feature of IPv6 and multiple care-of address registration mechanisms, this paper proposed a proactive defense scheme of IPv6 based on virtual mobile. By assigning a dynamically changing care-of address to an IPv6 node, the IPv6 node presented the continuously moving feature in the network, reduced the attack probability of an attacker, and ensured the continuity of communications. Theoretical analysis and experimental tests show that the scheme has good anti-attack ability and less system overhead.
Subjects: Computer Science >> Integration Theory of Computer Science submitted time 2018-04-17 Cooperative journals: 《计算机应用研究》
Abstract: In order to test the defensive capability of IPv6 firewall to against potential IPv6 network threats, this paper studied IPv6 firewall defensive capability testing technology. Through the research of IPv6 protocol, this paper constructed five kinds of test packets with security risks, such as ICMPv6, single extended header, multi-extension header, fragmentation and address scopes, proposed a firewall testing framework with C/S architecture, built independent test modules for every kind of testing based the framework and test packets, set up test environments that can be used to test stateful firewalls, and provided appropriate test methods. Using the method, this paper tested a Cisco ASA5505 firewall and found its advantages and disadvantages.