IPv6在校园网中的应用-IP安全分析 第10页
From the graphic of router1’s and router3’s IPsec statistics, we know that IPsec has worked successful.
2. the second way to test IPsec
In order to display the successful of the lab, we will simulate attacks at the subnet3 that reconnaissance the communication between subnet1 and subnet2. We capture the packets at the subnet3 to detect the link’s communication with sniffer, which is a kind of tool for capture the data of network.
In this lab, Computer A will provide FTP service. Computer A gets IP address 103.3.3.1./24.Computer D gets IP address 104.4.4.2/24. Computer E gets IP address 102.2.2.5/24
In normal case, when we use computer E get computer A’s FTP service.
We can view the context of file that Computer E want to get from Computer A
图表 5 2
Computer D capture the data between subnet 103.3.3.0/24 and subnet 102.2.2.0/24.we can see the following figure.
When we use tracert command to trace the path which the data will trace.
After implemented IPsec on router1 and router3, we can the following results. When we capture the data between subnet 103.3.3.0/24 and subnet 102.2.2.0/24 with sniffer. We can view the result of capture. The data between the two subnets were encrypted and tunneled.
Using tracert command to trace the path which the data will trace, we can view it result in the following picture. Contract without implement IPsec, the interim address has been replaced by the destination address.
According to the following figure, I have captured some unexpected data that is IKE header.
5.4 Using IPSec between two site-local hosts
This configuration creates an IPSec security association (SA) between two hosts on the same subnet. The SA performs authentication by using the Authentication Header (AH) and the Message Digest 5 (MD5) hashing algorithm. In this example, the configuration secures all traffic between two neighboring hosts. Host 1 has the site-local address of 1::20d:87ff:fe2d::e6e5, and Host 2 has the site-local address of 1::2e0:4cff:fe95:792f.
1. On Host 1, create blank security association (.sad) and security policy (.spd) files by using the ipsec6 s command. In this example, the Ipsec6.exe command is ipsec6 s zzq. This creates two files with blank entries for manually configuring security associations (zzq.sad) and security policies (zzq.spd
图表 5 3
2. On Host 1, edit the .spd file, adding a security policy that secures all traffic between Host 1 and Host 2.
The following table shows the security policy entry that is added to zzq.spd before the first entry (the first entry in zzq.spd is not modified):
.spd file field name Example value
Policy 2
RemoteIPAddr 1::2e0:4cff:fe95:792f
LocalIPAddr - *
Protocol - *
RemotePort - *
LocalPort - *
IPSecProtocol AH
IPSecMode TRANSPORT
RemoteGWIPAddr *
SABundleIndex NONE
Direction BIDIRECT
上一页 [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] ... 下一页 >>