《论文:ARP欺骗及ICMP攻击技术分析》由会员分享,可在线阅读,更多相关《论文:ARP欺骗及ICMP攻击技术分析(23页珍藏版)》请在金锄头文库上搜索。
1、i菏泽学院Heze University专科生毕业设计(论文)专科生毕业设计(论文)题 目 ARP 欺骗及 ICMP 攻击技术分析 姓 名 郑晓晓 学号 2007130095 系 别 计算机与信息工程系 专 业 计算机应用技术 指导教师 苏军 职称 2010 年 5 月 30 日菏泽学院教务处制ii摘要摘要ARP 欺骗及 ICMP 攻击是以太网中常用的攻击手段,两者都可对目的网络进行DOS(拒绝服务)带宽攻击。通过分析防范应对措施方面的异同得出实施 ARP 欺骗更容易达到带宽攻击的结论。拒绝服务(DenialofService,Dos)攻击,指利用 TCP/IP 协议的缺陷攻击目标主机或网络,
2、使之无法提供正常的服务或资源访问,其根本目的是使受害主机或网络无法及时接收并处理外界请求,或无法及回应外界请求。DOS 攻击主要分为网络的带宽攻击和连通性攻击。带宽攻击指以极大的通信量冲击网络,使得网络资源都被消耗殆尽,最后导致合法的用户请求无法通过。连通性攻击指用大量的连接请求冲计算机,使得可用的操作系统资源都被消耗殆尽,最终使计算机无法处理合法用户的请求。ARP欺骗和 ICMP 攻击的实施方法,由于路由器、防火墙等网络设备对接收到的 ICMP 数据包设置了严格的安全策略,而 ARP 欺骗又主要应用天安全性较差的局域网中,因此ARP 欺骗在带宽攻击方面实施起来比 ICMP 攻击更容易些。对于
3、 ICMP 的攻击,选择合适的防火墙有效防止 ICMP 攻击,防火墙具有状态检测、细致的数据完整性检查和很好的过滤规则控制功能。AbstractAbstractThe ARP deceit and the ICMP attack are in the ethernet the commonly used attack method, both all may carry on DOS to the goal network (to refuse to serve) the band width attack.Should obtain through the analysis guard to
4、 the measure aspect similarities and differences implements the ARP deceit to be easier to achieve the band width attack the conclusion. Refuses to serve (DenialofService, Dos) attack, refers uses the TCP/IP agreement the flaw attack goal main engine or the network, causes it to be unable to provide
5、 the normal service or the resources visit, its primary purpose is causes to suffer injury the main engine or the network is unable to receive promptly and processes the outside to request, or is unable and the response outside request.The DOS attack mainly divides into the network the band width at
6、tack and the connective attack.The band width attack refers by the enormous communication load impact network, causes the network resources all to consume the danger, finally causes the legitimate user to request is unable to pass. The connective attack refers with the iiimassive connection request
7、flushes the computer, causes the available operating system resources all to consume the danger, finally causes the computer to be unable to process the validated user the request.ARP deceit and ICMP attack implementation method, because network equipment docking and so on router, firewall receives
8、the ICMP data packet has established the strict security policy, but the ARP deceit mainly applies in the day security bad local area network, therefore the ARP deceit implements in the band width attack aspect is easier than the ICMP attack.Regarding the ICMP attack, chooses the appropriate firewal
9、l to prevent effectively ICMP attacks, the firewall has the condition examination, the careful data integrity inspection and the very good filtration rule control function.关键词:关键词:ARP 欺骗及 ICMP 攻击 分析 安全目录ii目录摘要.iiAbstract.ii1 ARP 欺骗概述.11.1 ARP 协议.11.2 解决 ARP 攻击的方法.11.3 故障现象.21.4 解决思路.32 路由器 ARP 表绑定设置.43 ICMP 协议的概述.73.1 什么是 ICMP 协议.73.2 ICMP 的消息格式和代码组合.83.3 使用 ICMP 协议搜集信息.93.4 ICMP 攻击及欺骗技术.104 配置系统带的默认防火墙以预防攻击.125 结论.186 参考文献.
