IPv6-over-IPv4隧道发现及利用技术研究与实现
|
摘要
IPv4向IPv6的过渡是一个较长的过程,在过渡的初期阶段IPv6-over-IPv4隧道技术被广泛应用。
本文研究IPv6-over-IPv4隧道发现及利用技术。在对IPv6-over-IPv4隧道技术进行深入研究的基础上,结合网络控守技术,利用基于被动方式的探测技术发现受控主机所在网络内的IPv6-over-IPv4隧道。本文对网络控守中的通信隐蔽性进行了研究,对IPv6-over-IPv4隧道封装的隐蔽性进行了分析,提出了利用IPv6-over-IPv4隧道封装的思想来解决目标地址的隐蔽性问题。
设计并实现了目标网络内IPv6-over-IPv4隧道发现工具TDT(IPv6-over-IPv4 TunnelDiscovery Tools),该工具有3个模块组成;①目标网络类型分析模块;②目标网络内IPv6-over-IPv4隧道通信劫持模块;③目标网络内IPv6-over-IPv4隧道发现模块。其中,模块①实现了集链路内IPv6主机发现、链路内IPv6路由器及路由器关键信息发现、子网内IPv4主机发现、目标网络内IPv6/IPv4双栈节点发现功能的综合扫描工具,该模块适合于目前Internet过渡时期的网络扫描,可以单独运行;模块②实现了在交换式以太网环境下的通信劫持,可以单独运行;模块③依赖于前两个模块,从劫持的目标网络内双栈主机之间或双栈主机与网关之间的通信流中发现IPv6-over-IPv4隧道。
本文利用隧道封装的思想,设计了基于IPv6-over-IPv4隧道封装技术的隐蔽通信系统。该系统能够较好的隐蔽通信双方的目标地址,是一种新的关于目标地址隐藏方法。
最后,简要阐述了目标网络内IPv6-over-IPv4隧道发现网络实验环境,在实验网中对TDT进行了测试,验证了方法的可行性和所实现工具的可用性。
The transition from IPv4 to IPv6 is a long process in the early days of which IPv6-over-IPv4 tunnel technology has been widely used.
This paper researches IPv6-over-IPv4 tunnel discovery and use technology. On the basis of analysing the IPv6-over-IPv4 tunnel technology, combining network charging and guarding technique,makes use of passive detection to discover the IPv6-over-IPv4 tunnel in the network where the controlled host is.This paper researches the communication concealment during the network controling and guarding, analyzes the concealment of the IPv6-over-IPv4 tunnel encapsulation and puts forward the thought of making use of the IPv6-over-IPv4 tunnel encapsulation to resolve the concealment problem of target address.
This paper designe and carry out TDT(TPv6-over-IPv4 Tunnel Discovery Tools) inside the target network, TDT have three modules:①the type analysis of the target network module,②hijack module of IPv6-over-IPv4 tunnel communication inside the target network and③IPv6-over-IPv4 tunnel discovery module of the target network.Thereinto, module①realize discovering of IPv6 hosts within the link, discovering of IPv6 routers and key information of routers in the link, discovering of active IPv4 hosts in the subnet and comprehensive csan tools with IPv6/IPv4 double stacks node discovery function. This module is suitable for networkscaning during the current Internet transition period and can circulate alone.Module②has carried out communication hijack under the switchable Ethernet environment and can also circulate alone.Module③depends on the former two moduls and has discovered IPv6-over-IPv4 tunnels from the communication streams between double stacks hosts or between double stacks host and the gateways in the hijacked target network.
In the thought of tunnel encapsulation, this paper has design a concealment communication system based on the EPv6-over-IPv4 tunnel encapsulation technology. This system can conceal the destination address of the communication nodes more effectively. It is a new method of concealing about destination addresses.
Finally, this paper simply expatiates on the IPv6-over-IPv4 tunnel discovery network environment, tests TDT in the experimental network and verifies the possibility of methods and the serviceability of tools carried out.
本文研究IPv6-over-IPv4隧道发现及利用技术。在对IPv6-over-IPv4隧道技术进行深入研究的基础上,结合网络控守技术,利用基于被动方式的探测技术发现受控主机所在网络内的IPv6-over-IPv4隧道。本文对网络控守中的通信隐蔽性进行了研究,对IPv6-over-IPv4隧道封装的隐蔽性进行了分析,提出了利用IPv6-over-IPv4隧道封装的思想来解决目标地址的隐蔽性问题。
设计并实现了目标网络内IPv6-over-IPv4隧道发现工具TDT(IPv6-over-IPv4 TunnelDiscovery Tools),该工具有3个模块组成;①目标网络类型分析模块;②目标网络内IPv6-over-IPv4隧道通信劫持模块;③目标网络内IPv6-over-IPv4隧道发现模块。其中,模块①实现了集链路内IPv6主机发现、链路内IPv6路由器及路由器关键信息发现、子网内IPv4主机发现、目标网络内IPv6/IPv4双栈节点发现功能的综合扫描工具,该模块适合于目前Internet过渡时期的网络扫描,可以单独运行;模块②实现了在交换式以太网环境下的通信劫持,可以单独运行;模块③依赖于前两个模块,从劫持的目标网络内双栈主机之间或双栈主机与网关之间的通信流中发现IPv6-over-IPv4隧道。
本文利用隧道封装的思想,设计了基于IPv6-over-IPv4隧道封装技术的隐蔽通信系统。该系统能够较好的隐蔽通信双方的目标地址,是一种新的关于目标地址隐藏方法。
最后,简要阐述了目标网络内IPv6-over-IPv4隧道发现网络实验环境,在实验网中对TDT进行了测试,验证了方法的可行性和所实现工具的可用性。
The transition from IPv4 to IPv6 is a long process in the early days of which IPv6-over-IPv4 tunnel technology has been widely used.
This paper researches IPv6-over-IPv4 tunnel discovery and use technology. On the basis of analysing the IPv6-over-IPv4 tunnel technology, combining network charging and guarding technique,makes use of passive detection to discover the IPv6-over-IPv4 tunnel in the network where the controlled host is.This paper researches the communication concealment during the network controling and guarding, analyzes the concealment of the IPv6-over-IPv4 tunnel encapsulation and puts forward the thought of making use of the IPv6-over-IPv4 tunnel encapsulation to resolve the concealment problem of target address.
This paper designe and carry out TDT(TPv6-over-IPv4 Tunnel Discovery Tools) inside the target network, TDT have three modules:①the type analysis of the target network module,②hijack module of IPv6-over-IPv4 tunnel communication inside the target network and③IPv6-over-IPv4 tunnel discovery module of the target network.Thereinto, module①realize discovering of IPv6 hosts within the link, discovering of IPv6 routers and key information of routers in the link, discovering of active IPv4 hosts in the subnet and comprehensive csan tools with IPv6/IPv4 double stacks node discovery function. This module is suitable for networkscaning during the current Internet transition period and can circulate alone.Module②has carried out communication hijack under the switchable Ethernet environment and can also circulate alone.Module③depends on the former two moduls and has discovered IPv6-over-IPv4 tunnels from the communication streams between double stacks hosts or between double stacks host and the gateways in the hijacked target network.
In the thought of tunnel encapsulation, this paper has design a concealment communication system based on the EPv6-over-IPv4 tunnel encapsulation technology. This system can conceal the destination address of the communication nodes more effectively. It is a new method of concealing about destination addresses.
Finally, this paper simply expatiates on the IPv6-over-IPv4 tunnel discovery network environment, tests TDT in the experimental network and verifies the possibility of methods and the serviceability of tools carried out.
引文
[1]J Postel.IETF RFC 791;Internet Protocl[S/OL].1981-9,http;//www.ietf.org/rfc/rfc791.txt.
[2]P Srisuresh and K Egevang.IETF RFC 3022;Traditional IP network address translator(traditional NAT)[S/OL].2001-1,http;//www.ietf.org/rfc/rfc3022.txt.
[3]S Deering,R.Hinden.RFC 2460,Internet Protocol,Version 6(IPv6)Specification[S/OL].1998-12,http;//www.ietf.org/rfc/rfc2460.txt.
[4]D Waddington and F Chang.Realizing the Transition to IPv6.IEEE Communication Mag-Azine[J],vol.40,no.6,pp.138-148.Jun.2002.
[5]王茜.IPv6网络拓扑发现方法研究;北京航天航空大学硕士论文[D].北京;北京航天航空大学.2004.
[6]A Durand,P Fasano,I Guardini,et al.IETF RFC 3053;IPv6 tunnel broker[S/OL].2001-1,http;//www.ietf.org/rfc/rfc3053.txt.
[7]R Gilligan and E Nordmark.IETF RFC 2893;Transition mechanisms for IPv6 hosts and routers[S/OL].2000-8,http;//www.ietf.org/rfc/rfc2893.txt.
[8]E Nordmark and R Gilligan.Basic transition mechanisms for IPv6 hosts and routers.IETF draft-ietf-v6ops-mech-v2-07[EB/OL].2005-1,http;//www.ietf.org/.
[9]6bone.ngtrans Home Page[EB/OL].2003-2-11,http;//www.6bone.net.
[10]Mallik Tatipamula,Patrick Grossetete.IPv6 Integration and Coexistence Strategies for Next Generation Networks.IEEE Communications Magazine[J],2004-1,31(3);7-12.
[11]L Colitti,G D Battista and M Patrignani.IEEE Trans.on Network and Service Managemen;IPv6-in-IPv4 tunnel discovery;methods and experimental results"[J].2004-4,42(1);1-4.
[12]北京航天航空大学.Dolphin[EB/OL].2006-2-5,http;//ipv6.nlsde.huaa.edu.cn/default.php.
[13]Alex Conta,E Stephen.Deering.IETF RFC 2473;Generic Packet Tunneling in IPv6 Spec-ification[S/OL],1998-12,http;//www.ietf.org/rfc/rfc2473.txt.
[14]W Townsley,A Valencia,G Rubens.IETF RFC 2661;Layer two tunneling protocol L2TP[S/OL].1999-7,http;//www.ietf.org/rfc/rfc2661.txt.
[15]W Simpson.IETF RFC 1853;IP in IP tunneling[S/OL].1995-10,http;//www.ietf.org/rfc/rfc1853.txt.
[16]D Farinacci,Li T.IETF RFC2784;Generic Routing Encapsulation(GRE)[S/OL],2000-3,http;//www.ietf.org/rfc/rfc2784.txt.
[17]E Nordmark,R Gilligan.IETF RFC 4213;Basic Transition Mechanisms for IPv6 Hosts and Routers[S/OL].2005-10,http;//www.ietf.org/rfc/rfc4213.txt.
[18]B Carpenter,K Moore.IETF RFC 3056;Connection of IPv6 Domains via IPv4 Clouds[S/OL].2001-2,http;//www.ietf.org/rfc/rfc3056.txt.
[19]F Templin,T Gleeson,M Talwar,D Thaler.IETF RFC 4214;Intra-Site Automatic Tunnel Addressing Protocol(ISATAP)[S/OL].2005-10,http;//www.ietf.org/rfc/rfc4214.txt.
[20]B Carpenter,C Jung.IETF RFC 2529;Transmission of IPv6 over IPv4 Domains without Explicit Tunnels[S/OL].1999-3,http;//www.ietf.org/rfc/rfc2529.txt.
[21]C Huitema.IETF RFC 4380;Teredo;Tunneling IPv6 over UDP through Network Address Translations(NATs)[S/OL].2006-2,http;//www.ietf.org/rfc/rfc4380.txt.
[22]J Mogul and S Deering.IETF RFC 1191;Path MTU discovery[S/OL].1990-11,http;//www.ietf.org/rfc/rfc1191.txt.
[23]J Mann,S Deering,J Mogul.IETF RFC 1981;Path MTU discovery for IP version6[S/OL].1996-8,http;//www.ietf.org/rfc/rfc1981.txt
[24]A Conta.IETF RFC 2463;Internet Control Message Protocol(ICMPv6)for the Internet Protocol Version 6(IPv6)Specification[S/OL].1998-12,http;//www.ietf.org/rfc/rfc24-63.txt.
[25]M Crawford,C Huitema.IETF RFC 2874;DNS Extensions to Support IPv6 Address Aggre gation and Renumbering[S/OL].2000-7,http;//www.ietf.org/rfc/rfc2874.txt.
[26]C David.IETF RFC 826;An Ethernet Address Resolution Protocol[S/OL].1982-11,http;//www.ietf.org/rfc/rfc826.txt.
[27]R Hinden,S Deering.IETF RFC2373;IP Version 6 Addressing Architecture[S/OL].1998-7,http;//www.ietf.org/rfc/rfc2373.txt.
[28]S Thomson,T Narten.IETF RFC2462;IPv6 Stateless Address Autoconfiguration[S/OL].1998-10,http;//www.ietf.org/rfc/rfc2462.txt.
[29]Joseph Davies.理解IPv6[M].北京;清华大学出版社.2004.
[30]刘胜利,阮文波,张长河,熊燨.局域网基于SMB的共享文件和打印信息获取[J].微计算机信息,2006,22(2-3);107-109.
[31]T Narten,E Nordmark,W Simpson.IETF RFC 2461;Neighbor Discovery for IP(Version 6)[S/OL].1998-12,http;//www.ietf.org/rfc/rfc2461.txt.
[32]郭润,王振兴,敦亚南.基于ND的中间人攻击及其对策[J].计算机工程,2006,32(11);186-191.
[33]罗红,幕德,戴冠中,袁源.端口反弹木马的通信技术研究[J].微电子学与计算机,2006-2,24(6);6-9.
[34]宋柳松,吴少华,周安民.木马穿透个人防火墙技术研究[J].网络安全与通信保密,2007-1,19(3);31-34.
[35]陈显.计算机远程控制技术与方法研究[D].成都;四川大学,2005.
[36]单长虹.计算机远程控制技术研究[D].武汉;武汉大学,2004.
[37]贺红艳,陶李.新型特洛伊木马技术的研究[J].网络安全技术与应用,2006(11);29-31.
[38]张新宇,卿斯汉等.特洛伊木马隐藏技术研究[J].通信学报,2004,21(3);16-19.
[39]张友生,米安然编著.计算机病毒与木马程序剖析[M].北京科海电子出版社,2003;10.
[40]岳兵,霍宝锋,谢冰.网络入侵行为模式研究[J].天津大学学报.2003,32(2);36-40.
[41]R Gilligan,S Thomson.IETF RFC 3493;Basic Socket Interface Extensions for IPv6[S/OL].2003-2,http;//www.ietf.org/rfc/rfc3493.txt.
[42]W Stevens,M Thomas,E Nordmark,T Jinmei.IETF RFC 3542;Advanced Sockets Appli-cation Program Interface(API)for IPv6[S/OL].2003-5,http;//www.ietf.org/rfc/rfc3542.txt.
[43]Winpcap Home Page[EB/OL].2005-12,http;//www.wpcap.org/.
[2]P Srisuresh and K Egevang.IETF RFC 3022;Traditional IP network address translator(traditional NAT)[S/OL].2001-1,http;//www.ietf.org/rfc/rfc3022.txt.
[3]S Deering,R.Hinden.RFC 2460,Internet Protocol,Version 6(IPv6)Specification[S/OL].1998-12,http;//www.ietf.org/rfc/rfc2460.txt.
[4]D Waddington and F Chang.Realizing the Transition to IPv6.IEEE Communication Mag-Azine[J],vol.40,no.6,pp.138-148.Jun.2002.
[5]王茜.IPv6网络拓扑发现方法研究;北京航天航空大学硕士论文[D].北京;北京航天航空大学.2004.
[6]A Durand,P Fasano,I Guardini,et al.IETF RFC 3053;IPv6 tunnel broker[S/OL].2001-1,http;//www.ietf.org/rfc/rfc3053.txt.
[7]R Gilligan and E Nordmark.IETF RFC 2893;Transition mechanisms for IPv6 hosts and routers[S/OL].2000-8,http;//www.ietf.org/rfc/rfc2893.txt.
[8]E Nordmark and R Gilligan.Basic transition mechanisms for IPv6 hosts and routers.IETF draft-ietf-v6ops-mech-v2-07[EB/OL].2005-1,http;//www.ietf.org/.
[9]6bone.ngtrans Home Page[EB/OL].2003-2-11,http;//www.6bone.net.
[10]Mallik Tatipamula,Patrick Grossetete.IPv6 Integration and Coexistence Strategies for Next Generation Networks.IEEE Communications Magazine[J],2004-1,31(3);7-12.
[11]L Colitti,G D Battista and M Patrignani.IEEE Trans.on Network and Service Managemen;IPv6-in-IPv4 tunnel discovery;methods and experimental results"[J].2004-4,42(1);1-4.
[12]北京航天航空大学.Dolphin[EB/OL].2006-2-5,http;//ipv6.nlsde.huaa.edu.cn/default.php.
[13]Alex Conta,E Stephen.Deering.IETF RFC 2473;Generic Packet Tunneling in IPv6 Spec-ification[S/OL],1998-12,http;//www.ietf.org/rfc/rfc2473.txt.
[14]W Townsley,A Valencia,G Rubens.IETF RFC 2661;Layer two tunneling protocol L2TP[S/OL].1999-7,http;//www.ietf.org/rfc/rfc2661.txt.
[15]W Simpson.IETF RFC 1853;IP in IP tunneling[S/OL].1995-10,http;//www.ietf.org/rfc/rfc1853.txt.
[16]D Farinacci,Li T.IETF RFC2784;Generic Routing Encapsulation(GRE)[S/OL],2000-3,http;//www.ietf.org/rfc/rfc2784.txt.
[17]E Nordmark,R Gilligan.IETF RFC 4213;Basic Transition Mechanisms for IPv6 Hosts and Routers[S/OL].2005-10,http;//www.ietf.org/rfc/rfc4213.txt.
[18]B Carpenter,K Moore.IETF RFC 3056;Connection of IPv6 Domains via IPv4 Clouds[S/OL].2001-2,http;//www.ietf.org/rfc/rfc3056.txt.
[19]F Templin,T Gleeson,M Talwar,D Thaler.IETF RFC 4214;Intra-Site Automatic Tunnel Addressing Protocol(ISATAP)[S/OL].2005-10,http;//www.ietf.org/rfc/rfc4214.txt.
[20]B Carpenter,C Jung.IETF RFC 2529;Transmission of IPv6 over IPv4 Domains without Explicit Tunnels[S/OL].1999-3,http;//www.ietf.org/rfc/rfc2529.txt.
[21]C Huitema.IETF RFC 4380;Teredo;Tunneling IPv6 over UDP through Network Address Translations(NATs)[S/OL].2006-2,http;//www.ietf.org/rfc/rfc4380.txt.
[22]J Mogul and S Deering.IETF RFC 1191;Path MTU discovery[S/OL].1990-11,http;//www.ietf.org/rfc/rfc1191.txt.
[23]J Mann,S Deering,J Mogul.IETF RFC 1981;Path MTU discovery for IP version6[S/OL].1996-8,http;//www.ietf.org/rfc/rfc1981.txt
[24]A Conta.IETF RFC 2463;Internet Control Message Protocol(ICMPv6)for the Internet Protocol Version 6(IPv6)Specification[S/OL].1998-12,http;//www.ietf.org/rfc/rfc24-63.txt.
[25]M Crawford,C Huitema.IETF RFC 2874;DNS Extensions to Support IPv6 Address Aggre gation and Renumbering[S/OL].2000-7,http;//www.ietf.org/rfc/rfc2874.txt.
[26]C David.IETF RFC 826;An Ethernet Address Resolution Protocol[S/OL].1982-11,http;//www.ietf.org/rfc/rfc826.txt.
[27]R Hinden,S Deering.IETF RFC2373;IP Version 6 Addressing Architecture[S/OL].1998-7,http;//www.ietf.org/rfc/rfc2373.txt.
[28]S Thomson,T Narten.IETF RFC2462;IPv6 Stateless Address Autoconfiguration[S/OL].1998-10,http;//www.ietf.org/rfc/rfc2462.txt.
[29]Joseph Davies.理解IPv6[M].北京;清华大学出版社.2004.
[30]刘胜利,阮文波,张长河,熊燨.局域网基于SMB的共享文件和打印信息获取[J].微计算机信息,2006,22(2-3);107-109.
[31]T Narten,E Nordmark,W Simpson.IETF RFC 2461;Neighbor Discovery for IP(Version 6)[S/OL].1998-12,http;//www.ietf.org/rfc/rfc2461.txt.
[32]郭润,王振兴,敦亚南.基于ND的中间人攻击及其对策[J].计算机工程,2006,32(11);186-191.
[33]罗红,幕德,戴冠中,袁源.端口反弹木马的通信技术研究[J].微电子学与计算机,2006-2,24(6);6-9.
[34]宋柳松,吴少华,周安民.木马穿透个人防火墙技术研究[J].网络安全与通信保密,2007-1,19(3);31-34.
[35]陈显.计算机远程控制技术与方法研究[D].成都;四川大学,2005.
[36]单长虹.计算机远程控制技术研究[D].武汉;武汉大学,2004.
[37]贺红艳,陶李.新型特洛伊木马技术的研究[J].网络安全技术与应用,2006(11);29-31.
[38]张新宇,卿斯汉等.特洛伊木马隐藏技术研究[J].通信学报,2004,21(3);16-19.
[39]张友生,米安然编著.计算机病毒与木马程序剖析[M].北京科海电子出版社,2003;10.
[40]岳兵,霍宝锋,谢冰.网络入侵行为模式研究[J].天津大学学报.2003,32(2);36-40.
[41]R Gilligan,S Thomson.IETF RFC 3493;Basic Socket Interface Extensions for IPv6[S/OL].2003-2,http;//www.ietf.org/rfc/rfc3493.txt.
[42]W Stevens,M Thomas,E Nordmark,T Jinmei.IETF RFC 3542;Advanced Sockets Appli-cation Program Interface(API)for IPv6[S/OL].2003-5,http;//www.ietf.org/rfc/rfc3542.txt.
[43]Winpcap Home Page[EB/OL].2005-12,http;//www.wpcap.org/.