In IPv6 networks, Neighbor Discovery Protocol (NDP) is usually used to determine the relationship (e.g., the current accessibility or the link-layer address of a neighboring node) between nodes on the same link and to configure the network interface. This protocol is vulnerable to threats from spoofing packets due to the lack of a mutual trust mechanism among the communication nodes, especially in wireless environments. Therefore, the IETF has proposed the Secure Neighbor Discovery (SEND) protocol to safeguard Neighbor Discovery messages. Currently, common lightweight wireless network devices tend to reduce resource consumption, thereby conflicting with heavyweight SEND message computational requirements. In this research, a defensive system against Neighbor Discovery (ND) attacks on lightweight devices in IPv6 wireless networks is proposed. In an IPv6 network, as a node prepares to assume a new address for its own use, it must first verify that no other node on the link uses that particular address. This procedure is accomplished by the Duplicate Address Detection (DAD) process. By implementing this feature, through an analysis of DAD packets and tracing the user’s linking status, spoofing ND packets can be effectively blocked. In the proposed system, a HostAP was adopted to provide access-point functions. Thus, we modified the kernel of the HostAP for embedding the defense functions. The experimental results revealed that the proposed system is both applicable to and appropriate for the network security of lightweight wireless devices operating in IPv6 wireless networks.