入侵检测课程设计.docVIP

PAGE 甘肃政法学院 安全扫描课程设计 题 目 局域网ARP欺骗攻击及安全防范策略 计算机科学学院计算机科学与技术专业2010级本科班 学 号：201081010124 姓 名： 柳文会 指导教师： 师晶晶 成 绩：____________ 完成时间：2012 年12月 局域网ARP欺骗攻击及安全防范策略 摘 要：ARP攻击是针对以太网地址解析协议（ARP）的一种攻击技术。此种攻击可让攻击者取得局域网上的数据封包甚至可篡改封包，且可让网络上特定计算机或所有计算机无法正常连接。目前，ARP欺骗是黑客常用的攻击手段之一，且ARP欺骗攻击的后果一般都是比较非常严重的，大多数情况下会造成大面积掉线。有些网管员对此不甚了解，出现故障时，认为PC没有问题，交换机没掉线的“本事”，电信也不承认宽带故障。而且如果第一种ARP欺骗发生时，只要重启路由器，网络就能全面恢复，那问题一定是在路由器了。为此，宽带路由器被认为是“罪魁祸首”，而事实并非如此。鉴于此，本文将论述ARP地址解析协议的含义和工作原理，分析了ARP协议所存在的安全漏洞，分析网段内和跨网段ARP欺骗的实现过程。最后，结合网络管理的实际工作，介绍IP地址和MAC地址绑定、交换机端口和MAC地址绑定、VLAN隔离等技术等几种能够有效防御ARP欺骗攻击的安全防范策略。最后通过使用文中介绍安全防范策略成功阻止P2P终结者、Arpkiller等ARP攻击软件的攻击验证了该安全策略的有效性。 关键词：ARP协议?;IP地址;局域网;MAC地址;网络安全 LAN ARP Deceive Attack and Security Strategy Abstract: the ARP attack, which is based on the Ethernet address resolution protocol (ARP) is a kind of attack technology. This attack can make the attacker has a local area network data packet even tamper with the packet, and can make the network specific computer or all the computer cant normal connection. At present, the ARP cheating is hacker attack one of the commonly used method, and the ARP deception against consequences are generally is very serious, in most cases can cause large area got disconnected. Some network administrator are not well understood, malfunction, think PC no problem, switch didnt dropped skill, telecommunications also dont admit that broadband fault. And if the first kind of ARP cheating happens, as long as to restart the router, the network can fully recover, the problem must be in the router. Therefore, broadband router is considered to be culprits, but this is not the case. In view of this, this article discusses the ARP address resolution protocol meaning and the principle of work, this paper analyzes the existing ARP security vulnerabilities, network segment analysis within and across segment the realization process of ARP deception. Finally, combined with the practical work of network management, this paper