摘要:Duplicate address detection (DAD) is a necessary process before the host uses a new IP address to ensure its uniqueness. In the traditional DAD process, the detection target is public, thus making the detection process vulnerable to attacks, especially to denial-of-service attacks. A new detection method called Se-DAD is proposed in this paper to improve the security of DAD. In Se-DAD, the detected target is not disclosed to prevent the attacking node from forging a spoofing response. The hidden source MAC address also effectively prevents DoS attacks. Experiments show that Se-DAD is better than the previous detection methods considering address configuration failure rate, CPU, and memory overhead.
关键词:duplicate address detection;address resolution;neighbor discovery;SEND;denial of service
