| Summary: | 碩士 === 聖約翰科技大學 === 電腦與通訊工程系碩士班 === 102 === Internet Protocol version 6 (IPv6) provides large address space, quality of service, routing and network auto-configuration, etc. In IPv6 networks, nodes use the Neighbor Discovery (ND) protocol to discover neighbor nodes on the link, to determine link-layer addresses of nodes, to find routers, and to maintain node reachable information also to detect duplicate address. Therefore, ND protocol in IPv6 gains a whole new importance along with a new set of security concerns. DoS and Man-In-Middle attack are caused by malicious nodes due to the vulnerability of ND protocol because in NDP the integrity and validity of received ND Packets are not verified. Fake ND packets can attack the victim by modify the neighbor cache and router-related parameters. In this thesis we propose one detection and protection mechanism for NDP attack, the NDPDefender, which can ensure the validity and integrity of neighbor cache and router information for nodes on the local link without modifing the ND protocol or network topology.
|
|---|
