作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2010, Vol. 36 ›› Issue (8): 144-146. doi: 10.3969/j.issn.1000-3428.2010.08.050

• 安全技术 • 上一篇    下一篇

基于Snort的IPv6入侵检测技术

王相林,李蓓蕾   

  1. (杭州电子科技大学计算机学院,杭州 310018)
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2010-04-20 发布日期:2010-04-20

Intrusion Detection Technology in IPv6 Based on Snort

WANG Xiang-lin, LI Bei-lei   

  1. (Computer School, Hangzhou Dianzi University, Hangzhou 310018)
  • Received:1900-01-01 Revised:1900-01-01 Online:2010-04-20 Published:2010-04-20

摘要: 针对开源入侵检测系统Snort没有提供对IPv6协议的AH和ESP扩展首部支持的问题,提出利用Snort检测ESP加密报文的解决方案。构造ESP检测规则,在Snort协议分析模块加入DecodeESP()函数并添加密钥管理模块,实现Snort对IPv6报文中ESP扩展报头的解析,管理其产生的密钥。给出一种面向ESP的入侵检测系统模型,以验证IPv6加密通信入侵检测的可行性,并给出实验验证过程。

关键词: 入侵检测系统, IPv6协议, 封装安全有效负载

Abstract: Because the free NIDS Snort does not support the analysis of AH and ESP extension header in IPv6 protocol, this paper gives a solution to detect the ESP encrypted IP packets. By constructing ESP testing rules, adding DecodeESP() in Snort protocol analysis module, adding key management module, it solves the problem of anglicizing ESP extension header and the management of key. It builds a model of Intrusion Detection System(IDS) oriented ESP to solve the intrusion detection of encrypted communication in IPv6, and gives the process of the experiment.

Key words: (Intrusion Detection System(IDS), IPv6, Encapsulating Security Payload(ESP

中图分类号: