An inevitable and faster adoption of IPv6 can be expected. With the rise of the Internet of Things, 5G, and cloud computing, it is predicted that more than 75 billion devices will be connected to the Internet by 2025, while there are only 4 billion IPv4 addresses in total. As of March 2020, about 25% information resources (websites, emails, etc.), 60% DNS servers, and 30% Internet clients support IPv6. The main improvement is the 128-bit address over the 32-bit IPv4 address, together with other goals like end-to-end feature and better security. IPv6 was proposed in 1995 to solve this problem. We implement a prototype and experiments show that our model can prevent the main server from being scanned at a slight performance cost.Įxhaustion of IPv4 addresses has long been recognized and is now a reality. The model is simple and does not require any modification to the client or the network. Moreover it provides a novel framework that supports flexible load balancing, high-availability, and other desirable features. In this way, the model provides isolation to the main server, prevents network scanning, and minimizes exposure. The entrance module generates a legitimate IPv6 address under this prefix by encrypting the client address, so that the client can access the main server on a destination address that is different in each connection. In this paper, we propose a new model named addressless server, which separates the server into an entrance module and a main service module, and assigns an IPv6 prefix instead of an IPv6 address to the main service module. The huge IPv6 address space enhances security by making scanning infeasible, however, with recent advances of IPv6 scanning technologies, network scanning is again threatening server security. Eliminating unnecessary exposure is a principle of server security.
0 kommentar(er)
