绿盟 IPv6环境下的网络安全观察报告在线下载,免费下载

IPv6 环境下的网络安全观察 i g u th 5 b m o .c 关于绿盟科技北京神州绿盟信息安全科技股份有限公司（简称绿盟科技）成立于 2000 年 4 月，总部位于北京。在国内外设有 40 多个分支机构，为政府、运营商、金融、能源、互联网以及教育、医疗等行业用户，提供具有核心竞争力的安全产品及解决方案，帮助客户实现业务的安全顺畅运行。基于多年的安全攻防研究，绿盟科技在网络及终端安全、互联网基础安全、合规及安全管理等领域，为客户提供入侵检测 / 防护、抗拒绝服务攻击、远程安全评估以及 Web 安全防护等产品以及专业安全服务。北京神州绿盟信息安全科技股份有限公司于 2014 年 1 月 29 日起在深圳证券交易所创业板上市。股票简称：绿盟科技　股票代码：300369 u th i g 5 b 特别声明为避免合作伙伴及客户数据泄露，所有数据在进行分析前都已经过匿名化处理，不会在中间环节出现泄露，任何与客户有关的具体信息，均不会出现在本报告中。特别致谢谨向战略支援部队信息工程大学网络空间安全学院张连成教授团队，对我司发布的《IPv6 环境下的网络安全观察》报告，给予的指正和帮助表示由衷的感谢。 m o .c IPv6 环境下的网络安全观察目录 1. 执行摘要 ······························································································································································2 2. IPv6 攻击态势概览 ··············································································································································5 2.1 热点态势······················································································································································································· 6 2.2 重要观点······················································································································································································· 8 3. IPv6 攻击中的热点类型 ·······································································································································9 m o .c 4. IPv6 攻击中的行业分布 ·····································································································································11 5. IPv6 攻击中的地域分布 ·····································································································································13 5.1 国内分析····················································································································································································· 15 5 b 5.2 国外分析····················································································································································································· 20 6. “惯犯”跟踪 ·····················································································································································24 u th 7. 总结 ····································································································································································28 i g A IPv6 环境下的网络安全观察执行摘要 1. 执行摘要 1 u th 执行摘要 i g 2 5 b m o .c IPv6 环境下的网络安全观察执行摘要未来的时代里，数字化和全球化将深入到世界各地每一个角落，人人受惠。基于 IPv6 的下一代互联网，将成为支撑前沿技术和产业快速发展的基石。 2017 年 11 月，中共中央办公厅和国务院办公厅联合印发了《推进互联网协议第六版（IPv6）规模部署行动计划》 ①，为互联网技术的普及和应用，以及未来产业奠定了良好的基础。该文指出到 2020 年末国内 IPv6 活跃用户要达到 5 亿，2025 年末中国 IPv6 规模要达到世界第一。图 1.1 《推进互联网协议第六版（IPv6）规模部署行动计划》 u th i g 5 b m o .c 根据第 43 次《中国互联网络发展状况统计报告》 ②，截至 2018 年 12 月，我国 IPv6 地址数量为 41079 块 /32，年增长率为 75.3%。与此同时，我国网民使用手机上网的比例达 98.6%，较 2017 年底提升 1.1 个百分点；网民使用电视上网的比例达 31.1%，较 2017 年底提升 2.9 个百分点；使用台式电脑上网的比例为 48.0%，较 2017 年底下降 5 个百分点。可以看出，传统计算机与互联网的应用比例有 ①　http://www.gov.cn/zhengce/2017-11/26/content_5242389.htm ②　http://www.cac.gov.cn/2019-02/28/c_1124175677.htm 3 IPv6 环境下的网络安全观察执行摘要所下降，移动生活的普及、物联网的发展和工业 4.0 的推进，都将对地址空间、服务质量以及安全性等提出更高的要求，而未来 IPv6 的大范围部署可以一定程度满足上述需求。 IPv6 的设计对安全性有一定的提升，例如，取消了广播机制、集成了虚拟专网（VPN）的功能和 IPsec，然而许多在 IPv4 中存在的网络安全问题在 IPv6 中同样存在，例如应用层协议或服务导致的漏洞无法消除，未实施双向认证的情况下中间人攻击仍然存在，同时网络嗅探、设备仿冒和洪泛攻击等也无法避免。因此，本团队对 IPv6 环境中的攻击告警进行抽样分析，下文将从安全态势、热点攻击、行业 / 地域分布，以及“惯犯”等角度对 IPv6 用户面临的威胁进行刻画。 u th i g 4 5 b m o .c 2 IPv6 环境下的网络安全观察 IPv6 攻击态势概览 2. IPv6 攻击态势概览 u th 5 b IPv6攻击态势概览 i g m o .c 5 IPv6 环境下的网络安全观察 IPv6 攻击态势概览 2.1 热点态势当前随着 IPv6 的普及，IPv6 相关的攻击也呈现上升态势。第一起有记录的 IPv6 DDoS 攻击事件发生在 2018 年 3 月，此次攻击涉及了 1900 个 IPv6 地址 ①。此后在 IPv6 环境下利用漏洞的攻击行为也被陆续捕获到。通过对捕获到的相关数据分析得知，目前大部分 IPv6 环境下的攻击所使用的漏洞都是应用层漏洞，与 IPv4 攻击的目标相同，暂时还未发现针对 IPv6 自身协议漏洞的攻击。我们通过对 IPv4 环境下的远 m o .c 程漏洞研究发现，大多数漏洞都存在于传输层和应用层，与网络层协议无关。因此攻击者几乎没有付出代价就可以轻易地转换战场，直接使用 IPv4 环境下的攻击载荷在 IPv6 环境下进行漏洞利用。通过对 CVE 漏洞库中的漏洞进行研究发现，按 CVE 标号计算截至 2019 年 IPv6 相关协议族的漏洞 5 b 共 389 个，整体占比很低。这些漏洞主要分布在 Linux 内核、 Linux 发行版本系统、Windows 等系统， tcpdump、Wireshark 等应用程序和 Juniper、Cisco、Huawei 路由器等硬件产品。Linux 中出现的漏洞 u th 主要集中在 IPv6 的实现上，出现频次比较高的模块是 IPv6 的分片模块；Cisco 上的漏洞主要在 Cisco IOS 上。从漏洞涉及模块来看，IPv6 snooping 模块上出现的问题比较多，Tcpdump 在 4.9.2 前版本中 i g 的 IPv6 routing header parser 模块以及 IPv6 mobility parser 模块中也连续爆出了一系列漏洞。 ①　 https://www.scmagazineuk.com/first-t