Abstract:
Neighbor discovery protocol assumption of a fully trustworthy network contributes to its various security threats, this article analyzes ND protocol’s security threats and various methods of spoofing on-link nodes, which can lead to man-in-the-middle attack. It is proved that the design is available and feasible. It reduces the influence of attack.
Key words:
IPv6,
Neighbor discovery,
Man-in-the-middle attack,
Network security
摘要: 在分析邻居发现协议运行机制的基础上,指出了链路可信这个默认前提是导致ND(Neighbor Discovery)存在安全缺陷的根本原因,分析了利用ND安全缺陷对链路内的节点进行中间人攻击的方法,并对ND的安全防护进行阐述。测试结果表明,提出的方法是可行的、有效的,大大降低了攻击的影响。
关键词:
IPv6,
邻居发现,
中间人攻击,
网络安全
CLC Number:
GUO Run;WANG Zhenxing;DUN Yanan. Man-in-the-middle Attack of ND and Its Countermeasures[J]. Computer Engineering, 2006, 32(11): 186-188.
郭润;王振兴;敦亚南. 基于ND的中间人攻击及其对策[J]. 计算机工程, 2006, 32(11): 186-188.