Sangwook Bae, Shimin Sun, Li Han, Sunyoung Han, B. Paillassa
{"title":"研究网络中IPv6地址管理系统的设计与部署","authors":"Sangwook Bae, Shimin Sun, Li Han, Sunyoung Han, B. Paillassa","doi":"10.1109/TENCON.2014.7022480","DOIUrl":null,"url":null,"abstract":"Recently, research for Future Internet has been proposed and carried out in order to address two kinds of issues. First, the existing Internet protocol does not use new identifiers, and secondly the Internet protocol should be improved to meet usage requirements. Internet Protocol version 6 (IPv6) has been applied to fix the second issue. IPv6 has almost infinite address space. In addition, it has a significant feature in that it allows the host to generate and configure its own IPv6 addresses. We call that feature the Stateless Address Auto Configuration (SLAAC). However, this feature has drawbacks with respect to security for the network management system. Illegal hosts or unauthorized hosts could access the network and attack critical equipment, such as financial or industrial IT infrastructure. Users are exposed to such attacks as identity theft. In order to solve this issue, a host management method is needed to control and protect from illegal or unauthorized hosts. In this paper, we developed and implemented a mechanism for collecting host information and blocking specific hosts using features of ICMPv6. This proposal is tested and implemented in Korea Advance Research Network (KOREN). Through this, our solution covers the mechanisms to control host which is illegal or unauthorized in local network. Therefore, it can be protection from any Virus, DDOS and etc.","PeriodicalId":292057,"journal":{"name":"TENCON 2014 - 2014 IEEE Region 10 Conference","volume":"160 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Design and deployment of IPv6 address management system on research networks\",\"authors\":\"Sangwook Bae, Shimin Sun, Li Han, Sunyoung Han, B. Paillassa\",\"doi\":\"10.1109/TENCON.2014.7022480\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Recently, research for Future Internet has been proposed and carried out in order to address two kinds of issues. First, the existing Internet protocol does not use new identifiers, and secondly the Internet protocol should be improved to meet usage requirements. Internet Protocol version 6 (IPv6) has been applied to fix the second issue. IPv6 has almost infinite address space. In addition, it has a significant feature in that it allows the host to generate and configure its own IPv6 addresses. We call that feature the Stateless Address Auto Configuration (SLAAC). However, this feature has drawbacks with respect to security for the network management system. Illegal hosts or unauthorized hosts could access the network and attack critical equipment, such as financial or industrial IT infrastructure. Users are exposed to such attacks as identity theft. In order to solve this issue, a host management method is needed to control and protect from illegal or unauthorized hosts. In this paper, we developed and implemented a mechanism for collecting host information and blocking specific hosts using features of ICMPv6. This proposal is tested and implemented in Korea Advance Research Network (KOREN). Through this, our solution covers the mechanisms to control host which is illegal or unauthorized in local network. Therefore, it can be protection from any Virus, DDOS and etc.\",\"PeriodicalId\":292057,\"journal\":{\"name\":\"TENCON 2014 - 2014 IEEE Region 10 Conference\",\"volume\":\"160 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"TENCON 2014 - 2014 IEEE Region 10 Conference\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/TENCON.2014.7022480\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"TENCON 2014 - 2014 IEEE Region 10 Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/TENCON.2014.7022480","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2
摘要
最近,为了解决两类问题,提出并开展了对未来互联网的研究。首先,现有的互联网协议没有使用新的标识符,其次,互联网协议应该改进以满足使用需求。Internet Protocol version 6 (IPv6)已被应用于解决第二个问题。IPv6几乎有无限的地址空间。此外,它还有一个重要的特性,即允许主机生成和配置自己的IPv6地址。我们称该特性为无状态地址自动配置(SLAAC)。然而,这个特性在网络管理系统的安全性方面有缺点。非法主机或未经授权的主机可以访问网络并攻击关键设备,例如金融或工业IT基础设施。用户容易受到身份盗窃等攻击。为了解决这个问题,需要一种主机管理方法来控制和保护非法或未经授权的主机。在本文中,我们开发并实现了一种利用ICMPv6的特性来收集主机信息和阻止特定主机的机制。该建议在韩国先进研究网络(KOREN)中进行了测试和实施。通过这种方式,我们的解决方案涵盖了控制本地网络中非法或未经授权的主机的机制。因此,它可以防止任何病毒,DDOS等。
Design and deployment of IPv6 address management system on research networks
Recently, research for Future Internet has been proposed and carried out in order to address two kinds of issues. First, the existing Internet protocol does not use new identifiers, and secondly the Internet protocol should be improved to meet usage requirements. Internet Protocol version 6 (IPv6) has been applied to fix the second issue. IPv6 has almost infinite address space. In addition, it has a significant feature in that it allows the host to generate and configure its own IPv6 addresses. We call that feature the Stateless Address Auto Configuration (SLAAC). However, this feature has drawbacks with respect to security for the network management system. Illegal hosts or unauthorized hosts could access the network and attack critical equipment, such as financial or industrial IT infrastructure. Users are exposed to such attacks as identity theft. In order to solve this issue, a host management method is needed to control and protect from illegal or unauthorized hosts. In this paper, we developed and implemented a mechanism for collecting host information and blocking specific hosts using features of ICMPv6. This proposal is tested and implemented in Korea Advance Research Network (KOREN). Through this, our solution covers the mechanisms to control host which is illegal or unauthorized in local network. Therefore, it can be protection from any Virus, DDOS and etc.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
