【作者】 任杰；

【导师】 王清贤；

【作者基本信息】 解放军信息工程大学 ， 计算机软件与理论， 2007， 硕士

【摘要】 IPv4向IPv6的过渡是一个较长的过程,在过渡的初期阶段IPv6-over-IPv4隧道技术被广泛应用。本文研究IPv6-over-IPv4隧道发现及利用技术。在对IPv6-over-IPv4隧道技术进行深入研究的基础上,结合网络控守技术,利用基于被动方式的探测技术发现受控主机所在网络内的IPv6-over-IPv4隧道。本文对网络控守中的通信隐蔽性进行了研究,对IPv6-over-IPv4隧道封装的隐蔽性进行了分析,提出了利用IPv6-over-IPv4隧道封装的思想来解决目标地址的隐蔽性问题。设计并实现了目标网络内IPv6-over-IPv4隧道发现工具TDT(IPv6-over-IPv4 TunnelDiscovery Tools),该工具有3个模块组成;①目标网络类型分析模块;②目标网络内IPv6-over-IPv4隧道通信劫持模块;③目标网络内IPv6-over-IPv4隧道发现模块。其中,模块①实现了集链路内IPv6主机发现、链路内IPv6路由器及路由器关键信息发现、子网内IPv4主机发现、目标网络内IPv6/IPv4双栈节点发现功能的综合扫描工具,该模块适合于目前Internet过渡时期的网络扫描,可以单独运行;模块②实现了在交换式以太网环境下的通信劫持,可以单独运行;模块③依赖于前两个模块,从劫持的目标网络内双栈主机之间或双栈主机与网关之间的通信流中发现IPv6-over-IPv4隧道。本文利用隧道封装的思想,设计了基于IPv6-over-IPv4隧道封装技术的隐蔽通信系统。该系统能够较好的隐蔽通信双方的目标地址,是一种新的关于目标地址隐藏方法。最后,简要阐述了目标网络内IPv6-over-IPv4隧道发现网络实验环境,在实验网中对TDT进行了测试,验证了方法的可行性和所实现工具的可用性。更多还原

【Abstract】 The transition from IPv4 to IPv6 is a long process in the early days of which IPv6-over-IPv4 tunnel technology has been widely used.This paper researches IPv6-over-IPv4 tunnel discovery and use technology. On the basis of analysing the IPv6-over-IPv4 tunnel technology, combining network charging and guarding technique,makes use of passive detection to discover the IPv6-over-IPv4 tunnel in the network where the controlled host is.This paper researches the communication concealment during the network controling and guarding, analyzes the concealment of the IPv6-over-IPv4 tunnel encapsulation and puts forward the thought of making use of the IPv6-over-IPv4 tunnel encapsulation to resolve the concealment problem of target address.This paper designe and carry out TDT(TPv6-over-IPv4 Tunnel Discovery Tools) inside the target network, TDT have three modules:①the type analysis of the target network module,②hijack module of IPv6-over-IPv4 tunnel communication inside the target network and③IPv6-over-IPv4 tunnel discovery module of the target network.Thereinto, module①realize discovering of IPv6 hosts within the link, discovering of IPv6 routers and key information of routers in the link, discovering of active IPv4 hosts in the subnet and comprehensive csan tools with IPv6/IPv4 double stacks node discovery function. This module is suitable for networkscaning during the current Internet transition period and can circulate alone.Module②has carried out communication hijack under the switchable Ethernet environment and can also circulate alone.Module③depends on the former two moduls and has discovered IPv6-over-IPv4 tunnels from the communication streams between double stacks hosts or between double stacks host and the gateways in the hijacked target network.In the thought of tunnel encapsulation, this paper has design a concealment communication system based on the EPv6-over-IPv4 tunnel encapsulation technology. This system can conceal the destination address of the communication nodes more effectively. It is a new method of concealing about destination addresses.Finally, this paper simply expatiates on the IPv6-over-IPv4 tunnel discovery network environment, tests TDT in the experimental network and verifies the possibility of methods and the serviceability of tools carried out.更多还原