论文：ARP欺骗及ICMP攻击技术分析.doc

菏泽学院 Heze University 专科生毕业设计（论文） 题　　目 ARP欺骗及ICMP攻击技术分析 姓　　名 郑晓晓 学号 2007130095 系 别 计算机与信息工程系 专　　业 计算机应用技术 指导教师 苏军 职称 2010 年 5 月 30 日 菏泽学院教务处制 摘要 ARP欺骗及ICMP攻击是以太网中常用的攻击手段，两者都可对目的网络进行DOS（拒绝服务）带宽攻击。通过分析防范应对措施方面的异同得出实施ARP欺骗更容易达到带宽攻击的结论。 拒绝服务（DenialofService,Dos）攻击，指利用TCP/IP协议的缺陷攻击目标主机或网络，使之无法提供正常的服务或资源访问，其根本目的是使受害主机或网络无法及时接收并处理外界请求，或无法及回应外界请求。DOS攻击主要分为网络的带宽攻击和连通性攻击。带宽攻击指以极大的通信量冲击网络，使得网络资源都被消耗殆尽，最后导致合法的用户请求无法通过。连通性攻击指用大量的连接请求冲计算机，使得可用的操作系统资源都被消耗殆尽，最终使计算机无法处理合法用户的请求。ARP欺骗和ICMP攻击的实施方法，由于路由器、防火墙等网络设备对接收到的ICMP数据包设置了严格的安全策略，而ARP欺骗又主要应用天安全性较差的局域网中，因此ARP欺骗在带宽攻击方面实施起来比ICMP攻击更容易些。对于ICMP的攻击，选择合适的防火墙有效防止ICMP攻击，防火墙具有状态检测、细致的数据完整性检查和很好的过滤规则控制功能。 Abstract The ARP deceit and the ICMP attack are in the ethernet the commonly used attack method, both all may carry on DOS to the goal network (to refuse to serve) the band width attack.Should obtain through the analysis guard to the measure aspect similarities and differences implements the ARP deceit to be easier to achieve the band width attack the conclusion. Refuses to serve (DenialofService, Dos) attack, refers uses the TCP/IP agreement the flaw attack goal main engine or the network, causes it to be unable to provide the normal service or the resources visit, its primary purpose is causes to suffer injury the main engine or the network is unable to receive promptly and processes the outside to request, or is unable and the response outside request.The DOS attack mainly divides into the network the band width attack and the connective attack.The band width attack refers by the enormous communication load impact network, causes the network resources all to consume the danger, finally causes the legitimate user to request is unable to pass. The connective attack refers with the massive connection request flushes the computer, causes the available operating syste