A Defense Approach of DAD Attack in Stateless Auto Configuration
In stateless address auto configuration, node needs to carry out duplicate address detection before using a new IP address. In the detection process, once a malicious node claims that the resolve IP address is occupied, the node's address configuration will fail. For this case, WAY(who are you)...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Beijing Xintong Media Co., Ltd
2014-04-01
|
| Series: | Dianxin kexue |
| Subjects: | |
| Online Access: | http://www.telecomsci.com/zh/article/doi/10.3969/j.issn.1000-0801.2014.04.008/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | In stateless address auto configuration, node needs to carry out duplicate address detection before using a new IP address. In the detection process, once a malicious node claims that the resolve IP address is occupied, the node's address configuration will fail. For this case, WAY(who are you)mechanism as a defensive approach was proposed. WAY mechanism uses reverse address confirmation, self-declaration and WAY-table inspection to filter the spoofing packets, which make attackers' cost increase and cannot carry out secondary attack. The experiments show that WAY mechanism can effectively compensate the security flaws of neighbor discovery protocol, significantly increase the success rate of stateless address auto configuration. |
|---|---|
| ISSN: | 1000-0801 |