本文關(guān)鍵詞： 防御 包過濾 Windows Firewall Hook Driver ARP　出處：《電子科技大學(xué)》2014年碩士論文　論文類型：學(xué)位論文

【摘要】：自計算機(jī)網(wǎng)絡(luò)技術(shù)出現(xiàn)開始,網(wǎng)絡(luò)安全就是一個不容忽視的問題。而隨著計算機(jī)網(wǎng)絡(luò)技術(shù)的發(fā)展,及互聯(lián)網(wǎng)的大范圍普及,網(wǎng)絡(luò)安全問題越來越嚴(yán)峻,這方面的研究工作越來越重要。而網(wǎng)絡(luò)防御局域網(wǎng)ARP攻擊的系統(tǒng)防火墻技術(shù)是當(dāng)今網(wǎng)絡(luò)安全的核心技術(shù),是抵御外界網(wǎng)絡(luò)攻擊和威脅的第一線。本次論文設(shè)計并實現(xiàn)了一個簡單的防御局域網(wǎng)ARP攻擊的系統(tǒng)�？梢詫︖M(jìn)出計算機(jī)的所有網(wǎng)絡(luò)數(shù)據(jù)包進(jìn)行監(jiān)視,根據(jù)用戶設(shè)定的規(guī)則,比如IP、網(wǎng)絡(luò)數(shù)據(jù)包流入流出方向、端口、協(xié)議、處理方法等,進(jìn)行篩選,合法的放行,非法的丟棄。由于自Windows Vista系統(tǒng)以來,Windows網(wǎng)絡(luò)協(xié)議棧架構(gòu)發(fā)生了變化,因此開發(fā)技術(shù)也發(fā)生了變化。原先的諸如Filter Hook Driver、TDI Driver等都不適用于Windows Vista及其以上版本的系統(tǒng)了。因而分別使用了兩套技術(shù)以適應(yīng)需求。針對Windows 2000、Windows XP系統(tǒng),使用Firewall Hook Driver技術(shù),進(jìn)行驅(qū)動開發(fā)。在內(nèi)核模式下,設(shè)計了IP過濾鉤子,實現(xiàn)了一個鉤子過濾回調(diào)函數(shù)(在Firewall Hook Driver提供的過濾函數(shù)cbFilterFunction中注冊),在此回調(diào)函數(shù)中,遍歷規(guī)則鏈表,決定對此數(shù)據(jù)包是放行還是攔截。針對Windows vista、Windows 7系統(tǒng),采用WFP(Windows Filtering Platform)技術(shù),通過BFE(Base Filtering Engine)在用戶態(tài)進(jìn)行規(guī)則設(shè)定。具體的對數(shù)據(jù)包的訪問及處理,是在此引擎內(nèi)部實現(xiàn)的,開發(fā)人員不需要了解其內(nèi)部實現(xiàn)。本防御局域網(wǎng)ARP攻擊的系統(tǒng)防火墻由以下幾個模塊組成:增加過濾規(guī)則模塊、刪除過濾規(guī)則模塊、持久化過濾規(guī)則模塊、反持久化過濾規(guī)則模塊、啟動引擎模塊、關(guān)閉引擎模塊、添加規(guī)則到引擎模塊、刪除引擎中的規(guī)則模塊、過濾網(wǎng)絡(luò)數(shù)據(jù)模塊、記錄日志模塊。本防御局域網(wǎng)ARP攻擊的系統(tǒng)防火墻系統(tǒng)還具有良好的用戶界面,操作及其簡便,輕松地就可以保護(hù)個人計算機(jī)的安全。
[Abstract]:Since the emergence of computer network technology, network security has become a problem that can not be ignored. With the development of computer network technology and the wide spread of the Internet, the network security problem is becoming more and more serious. The research work in this field is becoming more and more important, and the system firewall technology of network defense against LAN ARP attack is the core technology of network security nowadays. This paper designs and implements a simple defense system against LAN ARP attacks. It can monitor all network packets in and out of computers, according to the rules set by users. For example, IPs, network packets flowing in and out direction, ports, protocols, processing methods, etc., filtering, legal release, illegal discards, etc., because the architecture of Windows network protocol stack has changed since the Windows Vista system. Therefore, the development technology has also changed. The original systems such as Filter Hook driver and TDI Driver are not suitable for Windows Vista or more. Therefore, two sets of technologies are used to meet the requirements. For the Windows 2000 Windows XP system, Firewall Hook Driver technology is used. In kernel mode, the IP filter hook is designed, and a hook filter callback function is implemented (registered in the filter function cbFilterFunction provided by Firewall Hook Driver. In this callback function, the rule list is traversed. It is decided whether to release or intercept the data packet. For the Windows Vistag windows 7 system, the WFP(Windows Filtering platform technology is used to set the rules in the user state through the BFE(Base Filtering engineer. The specific access and processing of the data packet is realized in this engine. Developers do not need to understand its internal implementation. The system firewall against LAN ARP attacks is composed of the following modules: adding filtering rules module, deleting filtering rules module, persisting filtering rule module, Anti-persistence filtering rule module, starting engine module, closing engine module, adding rules to engine module, deleting rule module in engine, filtering network data module, This system firewall system against LAN ARP attack also has a good user interface, easy to operate and easy to protect the security of personal computers.
【學(xué)位授予單位】：電子科技大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TP393.08
，

本文編號：1555431