《计算机应用研究》|Application Research of Computers

基于多类型数据包的IPv6防火墙防护能力评测方法

IPv6 firewall defensive capability testing method based on varied packets

免费全文下载 (已被下载 次)  
获取PDF全文
作者 辜苛峻,张连成,郭毅,孔亚洲,王振兴
机构 1.信息工程大学,郑州 450001;2.数学工程与先进计算国家重点实验室,郑州 450001
统计 摘要被查看 次,已被下载
文章编号 1001-3695(2019)07-050-2154-05
DOI 10.19734/j.issn.1001-3695.2018.01.0043
摘要 为测试IPv6防火墙对潜在IPv6网络威胁的防护能力,研究了IPv6防火墙防护能力评测方法。通过对IPv6协议的研究,构造了针对ICMPv6、单一扩展报头、多扩展报头、分片、地址范围的五类存在安全隐患的测试数据包,构建了C/S架构的防火墙测试框架;基于框架和测试数据包构建了用于各类测试的独立测试模块,搭建了可用于测试有状态防火墙的测试环境,并提供了相应的测试方法。利用所提出的方法,对思科ASA5505防火墙进行了测试,发现了它的一些优点与不足。
关键词 IPv6; 防火墙; 防护能力
基金项目 国家自然科学基金资助项目(61402526,61402525)
本文URL http://www.arocmag.com/article/01-2019-07-050.html
英文标题 IPv6 firewall defensive capability testing method based on varied packets
作者英文名 Gu Kejun, Zhang Liancheng, Guo Yi, Kong Yazhou, Wang Zhenxing
机构英文名 1.Information Engineering University,Zhengzhou 450001,China;2.State Key Laboratory of Mathematical Engineering & Advanced Computing,Zhengzhou 450001,China
英文摘要 In order to test the defensive capability of IPv6 firewall to against potential IPv6 network threats, this paper studied IPv6 firewall defensive capability testing technology. Through the research of IPv6 protocol, this paper constructed five kinds of test packets with security risks, such as ICMPv6, single extended header, multi-extension header, fragmentation and address scopes, and proposed a firewall testing framework with C/S architecture. It built independent test modules for every kind of testing based on the framework and test packets, set up test environments that could be used to test stateful firewalls, and provided appropriate test methods. Using the method, this paper tested a Cisco ASA5505 firewall and found its advantages and disadvantages.
英文关键词 IPv6; firewall; defensive capability
参考文献 查看稿件参考文献
 
收稿日期 2018/1/29
修回日期 2018/3/9
页码 2154-2158
中图分类号 TP393.08
文献标志码 A