| 一种基于报文过滤防御ARP欺骗的系统架构 |
| |
| 引用本文: | 陈晨,韩宪忠,王克俭.一种基于报文过滤防御ARP欺骗的系统架构[J].河北农业大学学报,2009,32(3). |
| |
| 作者姓名: | 陈晨 韩宪忠 王克俭 |
| |
| 作者单位: | 河北农业大学信息科学与技术学院,河北保定,071001 |
| |
| 摘 要: | 本研究分析了ARP欺骗的基本原理及其常见的攻击方式;讨论了现有防御方法存在的局限性。在此基础上,提出了一种防御ARP欺骗的构想,并设计和开发了一套基于C/S模式的ARP防御系统软件。该系统以局域网内每台主机都有唯一的IP地址与MAC地址相对应为基础,通过在客户端对接收到的ARP报文进行ARP报文头信息检验和服务器端IP-MAC检验,过滤掉存在安全隐患的报文,来实现局域网内主机对ARP欺骗的防御,从而提高网络安全性。该系统适用于安全性较高的中小型局域网络。
|
| 关 键 词: | ARP欺骗 TCP/IP C/S模式 报文过滤 网络安全 |
A system architecture against ARP spoofing based on packet filtering |
| |
| CHEN Chen,HAN Xian-zhong,WANG Ke-jian.A system architecture against ARP spoofing based on packet filtering[J].Journal of Agricultural University of Hebei,2009,32(3). |
| |
| Authors: | CHEN Chen HAN Xian-zhong WANG Ke-jian |
| |
| Institution: | College of Information Science and Technology;Agricultural University of Hebei;Baoding 071001;China |
| |
| Abstract: | This paper analyses the basic theory of ARP spoofing and some common attacking methods of ARP spoofing.The paper also discusses three preventive methods against ARP spoofing and their limitations.According to the analyses,an approach to designing a client-server model software is put forward in order to resist ARP spoofing.The system is based on the relative that every host in LAN has a unique IP address to its MAC address.The client detects header of all ARP packets that host receives and abandons the ARP ... |
| |
| Keywords: | TCP/IP |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
