内容发布更新时间 : 2024/7/2 7:04:12星期一 下面是文章的全部内容请认真阅读。
摘 要
网络的迅速发展,给人类生活带来方便,但也对网络安全提出了更高要求。需对网络协议进一步分析,才能够更加有效的安全的应用网络协议。ARP协议是TCP/IP协议中重要的一员,其功能主要是为局域网内网络设备提供IP地址向硬件地址(MAC地址)的转化,其设计建立在局域网内网络设备之间相互信任的基础上,对于不可信任的设备未加考虑,由此产生了许多ARP欺骗攻击方法。
本文以ARP协议为基本原理,以防御ARP欺骗、提高网络安全为目的。首先,在对TCP/IP参考模型、ARP协议等相关理论学习的基础上,重点分析了ARP协议的运行机制,包括ARP缓存、ARP帧格式、ARP请求和应答的运行过程等。其次,分析了ARP欺骗原理,ARP欺骗就是通过向目标主机发送一个伪造的包含IP-MAC映射信息的ARP应答报文实现的。最后,根据Windows系统在更新ARP缓存中IP地址和MAC地址映射信息时不检验更新内容可靠性的特点,提出了一种基于服务器客户端的ARP欺骗防御模型,以达到局域网中实现各主机防御ARP欺骗的目的。本软件使用Visual C++6.0作为开发工具,采用Winpcap(Windows Packet Capture)进行网络监视,来实现各种功能要求。 关键词:ARP欺骗攻击 ;Visual C++ 6.0 ;监控 ;Protect;服务器 ;客户端
Abstract
The rapid development of the network, to human life, but also bring convenience to network security raised taller requirement. The need for further analysis of network protocols, it can be more effective application of security protocols. ARP protocol is TCP / IP protocol an important one, and its main function is to provide network equipment for the LAN IP address to hardware address (MAC address) of the conversion, its design based on the local area network equipment based on mutual trust between the For non-trusted device is not considered, so lots of ARP spoofing attack method.
In this paper, the basic principle of ARP protocol to guard against ARP cheating, improve network security purposes. First of all, in the TCP / IP reference model, ARP protocol and other related theoretical study, based on ARP protocol analyzed the operation of mechanisms, including ARP cache, ARP frame format, ARP request and response operation processes. Secondly, the analysis of the principle of ARP deception, ARP deception is through to the target host to send a fake IP-MAC mapping contains information on ARP response packet to achieve. Finally, under Windows system ARP cache updating the IP address and MAC address mapping information when the update does not test the reliability of the characteristics of Neirong, a server-based client ARP deception defense model in order to achieve LAN ARP cheating achievement of the host defense purposes. The software uses the Visual C + +6.0 as development tools, using Winpcap (Windows Packet Capture) for network monitoring, to achieve a variety of functional requirements.
Keywords: ARP attack ;Visual C++ 6.0 ;Monitor ;Protect ;Server ;Client
目录
第一章 概 述 ........................................................... 1
1.1课题来源 .......................................................... 1 1.2国内外研究现状 .................................................... 2 1.3课题分析 .......................................................... 2 第二章 TCP/IP协议及ARP地址解析协议概述 .................................. 4
2.1 TCP/IP协议分析 ................................................... 4
2.1.1TCP/IP简介 ....................................................................................................... 4 2.1.2TCP/IP协议结构 ............................................................................................... 4 2.1.3数据包的封装 ................................................................................................... 5 2.2 ARP工作原理 ...................................................... 6 2.2.1ARP协议 ......................................................... 6
2.2.2ARP缓冲区 ....................................................................................................... 8 2.2.3ARP报文格式 ................................................................................................... 9
第三章 ARP欺骗分析及测试 ................................................ 15
3.1ARP欺骗模型 ...................................................... 15 3.2常见的ARP攻击手段 ............................................... 16 3.3ARP网关欺骗代码实现 .............................................. 16
3.3.1伪造ARP包结构 ........................................................................................... 16 3.3.2遍历整个网络的实现方法 ............................................................................. 18
第四章 防御ARP欺骗系统总体的设计 ....................................... 19
4.1 系统设计思想 .................................................... 19