高级检索

    基于目标生成的IPv6网络地址扫描综述

    Survey on Target-Generated IPv6 Network Address Scanning

    • 摘要: 随着近年IPv6网络的迅猛发展,针对IPv6的网络测量和安全分析逐步成为热门的研究课题,这其中一项最基础、最关键的工作是通过网络扫描获取大量的IPv6活跃地址. 然而IPv6庞大的地址空间和稀疏的活跃主机分布使得传统的暴力扫描工具(如ZMap和MASSCAN等)无法直接使用. 例如在万兆带宽条件下,可5 min内扫描IPv4全网的ZMap扫描器若对IPv6进行全网扫描,仍需要花费上亿年的时间. 针对大规模IPv6网络扫描所面临的效率低下问题,研究人员提出了一系列针对IPv6网络的扫描方法,提升了当前IPv6网络资产发现、识别和风控的能力. 对这些基于目标生成的IPv6网络扫描方法进行了分类、梳理和总结,分析了各扫描方法的优缺点及适用场景. 通过实网扫描实验,对比了多种扫描策略的命中率、边际效益和时间花销等性能情况. 最后给出了对IPv6网络扫描研究的思考并对未来的研究方向进行了展望.

       

      Abstract: With the rapid evolution of IPv6 in recent years, the significance of IPv6 network measurement and security analysis has grown substantially. Obtaining a substantial number of active IPv6 addresses has become a fundamental and critical task in this domain. However, the sheer size of the IPv6 address space and the sparsely distributed nature of active hosts present challenges that render brute-force scanning tools, such as ZMap and MASSCAN. While ZMap can scan the entire IPv4 network in just 5 minutes with a 10-gigabit bandwidth, it would take hundreds of millions of years to scan the entire IPv6 network using similar methods. In response to this challenge and in a bid to enhance the efficiency of IPv6-wide scans, researchers have introduced a series of innovative search strategies tailored to IPv6 scans. These strategies aim to enhance the ability to discover assets and mitigate risks within the IPv6 network. We undertake the task of categorizing, organizing, and summarizing the target generation-based scanning approaches proposed by researchers in this field. We conduct a comprehensive analysis, comparing the hit rate, marginal benefit, and time costs of state-of-the-art solutions through real-network scan experiments. Furthermore, we provide valuable insights into the current landscape and emerging trends in IPv6 target generation scanning techniques. By doing so, we contribute to a deeper understanding of IPv6 network analysis and security, ultimately fostering advancements in this critical area of networking research.

       

    /

    返回文章
    返回