防御局域网ARP攻击的系统设计与实现

发布时间：2018-03-02 06:33

  本文关键词： 防御 包过滤 Windows Firewall Hook Driver ARP　出处：《电子科技大学》2014年硕士论文　论文类型：学位论文

【摘要】：自计算机网络技术出现开始,网络安全就是一个不容忽视的问题。而随着计算机网络技术的发展,及互联网的大范围普及,网络安全问题越来越严峻,这方面的研究工作越来越重要。而网络防御局域网ARP攻击的系统防火墙技术是当今网络安全的核心技术,是抵御外界网络攻击和威胁的第一线。本次论文设计并实现了一个简单的防御局域网ARP攻击的系统。可以对进出计算机的所有网络数据包进行监视,根据用户设定的规则,比如IP、网络数据包流入流出方向、端口、协议、处理方法等,进行筛选,合法的放行,非法的丢弃。由于自Windows Vista系统以来,Windows网络协议栈架构发生了变化,因此开发技术也发生了变化。原先的诸如Filter Hook Driver、TDI Driver等都不适用于Windows Vista及其以上版本的系统了。因而分别使用了两套技术以适应需求。针对Windows 2000、Windows XP系统,使用Firewall Hook Driver技术,进行驱动开发。在内核模式下,设计了IP过滤钩子,实现了一个钩子过滤回调函数(在Firewall Hook Driver提供的过滤函数cbFilterFunction中注册),在此回调函数中,遍历规则链表,决定对此数据包是放行还是拦截。针对Windows vista、Windows 7系统,采用WFP(Windows Filtering Platform)技术,通过BFE(Base Filtering Engine)在用户态进行规则设定。具体的对数据包的访问及处理,是在此引擎内部实现的,开发人员不需要了解其内部实现。本防御局域网ARP攻击的系统防火墙由以下几个模块组成:增加过滤规则模块、删除过滤规则模块、持久化过滤规则模块、反持久化过滤规则模块、启动引擎模块、关闭引擎模块、添加规则到引擎模块、删除引擎中的规则模块、过滤网络数据模块、记录日志模块。本防御局域网ARP攻击的系统防火墙系统还具有良好的用户界面,操作及其简便,轻松地就可以保护个人计算机的安全。
[Abstract]:Since the emergence of computer network technology, network security has become a problem that can not be ignored. With the development of computer network technology and the wide spread of the Internet, the network security problem is becoming more and more serious. The research work in this field is becoming more and more important, and the system firewall technology of network defense against LAN ARP attack is the core technology of network security nowadays. This paper designs and implements a simple defense system against LAN ARP attacks. It can monitor all network packets in and out of computers, according to the rules set by users. For example, IPs, network packets flowing in and out direction, ports, protocols, processing methods, etc., filtering, legal release, illegal discards, etc., because the architecture of Windows network protocol stack has changed since the Windows Vista system. Therefore, the development technology has also changed. The original systems such as Filter Hook driver and TDI Driver are not suitable for Windows Vista or more. Therefore, two sets of technologies are used to meet the requirements. For the Windows 2000 Windows XP system, Firewall Hook Driver technology is used. In kernel mode, the IP filter hook is designed, and a hook filter callback function is implemented (registered in the filter function cbFilterFunction provided by Firewall Hook Driver. In this callback function, the rule list is traversed. It is decided whether to release or intercept the data packet. For the Windows Vistag windows 7 system, the WFP(Windows Filtering platform technology is used to set the rules in the user state through the BFE(Base Filtering engineer. The specific access and processing of the data packet is realized in this engine. Developers do not need to understand its internal implementation. The system firewall against LAN ARP attacks is composed of the following modules: adding filtering rules module, deleting filtering rules module, persisting filtering rule module, Anti-persistence filtering rule module, starting engine module, closing engine module, adding rules to engine module, deleting rule module in engine, filtering network data module, This system firewall system against LAN ARP attack also has a good user interface, easy to operate and easy to protect the security of personal computers.
【学位授予单位】：电子科技大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08
，

本文编号：1555431