This application claims the benefit of Korean Patent Application No. 10-2004-0107223, filed on Dec. 16, 2004, in the Korean Intellectual Property Office, the disclosure of which is incorporated herein in its entirety by reference.
1. Field of the Invention
The present invention relates to network security, and more particularly, to a system and method for detecting and coping with attacks in hybrid IPv4/IPv6 networks using end-to-end tunneling.
2. Description of the Related Art
In general, if contents of a packet header and a payload are identical to an attack pattern at a lead-in network point, harmful traffic in a network is blocked.
However, since it is impossible to examine contents of an encrypted packet without decrypting the encrypted packet, and compare the contents of the packet with the attack pattern, a firewall system generally bypasses the harmful traffic.
With the introduction of the IPv6 network layer standard, such a characteristic of the firewall system increases a likelihood of attack patterns using encrypted traffic. A typical attack pattern uses adverse tunneling, in which the tunneling is used for communication between IPv6 networks in hybrid IPv4/IPv6 networks. In adverse tunneling, an attacker in an IPv4 network disguised as a user of the IPv6 network attacks with harmful traffic that is encrypted using end-to-end tunneling.
Although a firewall system embedded with an IPv4/IPv6 dual stack has been released based on the introduction of the IPv6 network layer standard, technology for detecting harmful traffic that is encrypted using end-to-end tunneling has not yet been developed. Therefore, a mechanism for detecting and blocking harmful traffic is required to prevent encrypted harmful traffic in hybrid IPv4/IPv6 networks from intruding the networks