1. Field of the Invention
The present invention relates to network security, and more particularly, to a method of blocking network attacks using information included in a packet, and an apparatus thereof.
2. Description of the Related Art
A firewall, which is used to prevent illegal access through a network, determines whether to block or allow packets, based on the source and destination addresses of a packet Internet Protocol (IP) header transmitted through a network. In the conventional Internet Protocol version 4 (IPv4) environment, this method is generally used.
However, Internet Protocol version 6 (IPv6) networks in the new IPv6 environment have a variety of features. Among these features, a weakness against a bypass attack using a routing header is a problem that necessarily needs to be solved.
That is, in the IPv6 network environment, preventing illegal access using the conventional method may not be possible, because a routing header may be used to enable access to a system protected by a firewall in the IPv6 network environment.
The routing header is a type of extension header that is a new structure of IPv6 networks, and provides a function allowing an IP packet to pass a desired system, by a user specifying an arbitrary system through which the IP packet is desired to pass, in the routing header. However, this function has a security weakness point allowing a packet to access a system to which access is restricted, by bypassing a blocking function of a firewall that is an access control function.
The routing header is a feature unique to IPv6 networks, used by a packet to specify one or more intermediate nodes through which the packet is desired to be transmitted, so that the packet can be transmitted through the nodes. If this feature is used, an ordinary security device that blocks a harmful packet, by using a source address and a destination address, can be bypassed. Since IPv6 networks and security devices therefor have not been generally used yet, the known security weakness problem as described above has not yet been overcome.