隨著時代的演化目前正進入物聯網及行動上的年代,將會有行動商務、無線網路感測器、智慧型家電…等需要大量IP位址,而IPv4早就已經不敷使用。新的網際網路協定IPv6有能力解決位址不足的問題,因此我認為IPv6會是未來的主流,那麼針對IPv6安全性將不可忽視。
根據Caicedo, Joshi, and Tuladhar (2009)研究將IPv6的安全性問題依照通訊協定做出一個歸納。本論文將常見的IPv6攻擊手法整合成便於使用者如網路管理人員使用的滲透測試系統,其滲透測試系統將原本攻擊程式碼進行改良,且分析攻擊手法在網路活動中會有那些行為特徵,使網管人員能夠不傷害原本環境下進行IPv6的安全性漏洞測試。假使受到IPv6攻擊,本系統會自動判斷並且呈現其相對應的防護措施知識庫網站,給予該IPv6攻擊手法防禦措施。
依據不同的攻擊手法從文獻、專家的知識及經驗進行建立知識庫,網管人員能夠瞭解其所處的網路環境安全狀況外,也可以了解該如何進行做防禦。
As Internet has become more and more popular, there are already about 2.3 billion people use Internet. However, IPv4 could only provide about 250 million IP addresses. Moreover, new applications like mobile computing, cloud computing or Internet of Things need a large number of IP addresses thus IP shortage is a serious problem. Some solutions like NAT or CIDR were proposed to solve IP shortage problem, but the fun-damental solution for IP shortage problem is IPv6.
Because IPv6 is not compatible with IPv4, most IPv6 enabled machines use dual stack solution to keep compatibility. Dual stack solution means that both IPv6 and IPv4 protocol are supported at the same machine. However, supporting IPv4 and IPv6 at the same machine means that this machine faces the threats from both IPv4 and IPv6. Security issues of IPv6 now is a new challenge for network administrators. Network administrators need to know (1) if their network environment is vulnerable for IPv6 attack or not, and (2) How to configure their security or network devices correctly.
In this paper, we propose a knowledge-based penetration test tool for IPv6 threats to detect vulnerability in organization’s environment. The proposed system has three characteristics (1) The proposed system is easy to use; (2) the proposed system could not damage test machine and (3) the proposed will provide informative report of how to configure security or network devices correctly based on test result.
