基于目标生成的IPv6网络地址扫描综述
Survey on Target-Generated IPv6 Network Address Scanning
侯冰楠 1刘宁 1李雄略 1周桐庆 1陈颖文 1蔡志平 1卢凯1
作者信息
- 1. 国防科技大学计算机学院 长沙 410073
- 折叠
摘要
随着近年IPv6网络的迅猛发展,针对IPv6的网络测量和安全分析逐步成为热门的研究课题,这其中一项最基础、最关键的工作是通过网络扫描获取大量的IPv6活跃地址.然而IPv6庞大的地址空间和稀疏的活跃主机分布使得传统的暴力扫描工具(如ZMap和MASSCAN等)无法直接使用.例如在万兆带宽条件下,可5 min内扫描IPv4全网的ZMap扫描器若对IPv6进行全网扫描,仍需要花费上亿年的时间.针对大规模IPv6网络扫描所面临的效率低下问题,研究人员提出了一系列针对IPv6网络的扫描方法,提升了当前IPv6网络资产发现、识别和风控的能力.对这些基于目标生成的IPv6网络扫描方法进行了分类、梳理和总结,分析了各扫描方法的优缺点及适用场景.通过实网扫描实验,对比了多种扫描策略的命中率、边际效益和时间花销等性能情况.最后给出了对IPv6网络扫描研究的思考并对未来的研究方向进行了展望.
Abstract
With the rapid evolution of IPv6 in recent years,the significance of IPv6 network measurement and security analysis has grown substantially.Obtaining a substantial number of active IPv6 addresses has become a fundamental and critical task in this domain.However,the sheer size of the IPv6 address space and the sparsely distributed nature of active hosts present challenges that render brute-force scanning tools,such as ZMap and MASSCAN.While ZMap can scan the entire IPv4 network in just 5 minutes with a 10-gigabit bandwidth,it would take hundreds of millions of years to scan the entire IPv6 network using similar methods.In response to this challenge and in a bid to enhance the efficiency of IPv6-wide scans,researchers have introduced a series of innovative search strategies tailored to IPv6 scans.These strategies aim to enhance the ability to discover assets and mitigate risks within the IPv6 network.We undertake the task of categorizing,organizing,and summarizing the target generation-based scanning approaches proposed by researchers in this field.We conduct a comprehensive analysis,comparing the hit rate,marginal benefit,and time costs of state-of-the-art solutions through real-network scan experiments.Furthermore,we provide valuable insights into the current landscape and emerging trends in IPv6 target generation scanning techniques.By doing so,we contribute to a deeper understanding of IPv6 network analysis and security,ultimately fostering advancements in this critical area of networking research.
关键词
IPv6网络/网络测量/网络扫描/目标生成算法/别名前缀检测Key words
IPv6 network/network measurement/network scan/target generation algorithm/alias prefix detection引用本文复制引用
基金项目
中国博士后科学基金(2023TQ0089)
湖南省科技创新项目(2022RC3061)
湖南省科技创新项目(2021RC2071)
出版年
2024
NETL
NSTL
万方数据