摘要
IKEv2协议广泛应用于IPSec的密钥交换、虚拟专用网认证授权和网络安全设备中。作为IKEv1协议的更新版,IKEv2协议在安全性、移动性和终端支持方面具备良好的特性。通过分析IKEv2协议在不同安全设备上的实现方式,对一个未明确界定的处理方式进行研究,分析出该协议实现可能具备反射型拒绝服务的风险。最后,通过在真实互联网环境下的试验,验证了目前由于策略原因可能造成反射式拒绝服务的效能。
The IKEv2 protocol is widely used in IPSec key exchange, virtual private network authentication,and network security equipment. As an updated version of the IKEv1 protocol, the IKEv2 protocol has good features in terms of security, mobility, and terminal support. By analyzing the implementation of IKEv2 protocol on different security devices, an undefined process is explored, and the analysis indicates that the implementation of this protocol may have the risk of reflective denial-of-service. Finally, experiments in the real Internet environment indicate that the reflective denial-of-service performance may be caused by policy reasons.
作者
赵尔凡
熊刚
ZHAO Er-fan;XIONG Gang(No.30 Institute of GETC,Chengdu Sichuan 610041,China)
出处
《通信技术》
2019年第2期444-448,共5页
Communications Technology
关键词
IKEV2
反射放大
拒绝服务
脆弱性
IKEv2
reflective amplification
denial-of-service
vulnerability
