共查询到19条相似文献,搜索用时 109 毫秒
1.
介绍了简单网络管理协议SN31P(SimpleNetworkManagementProtoc01)及地址解析ARP协议(AddressResolutionProtoc01)的工作原理。对高校校园网中的ARP欺骗攻击的攻击形式、技术特点进行了分析。结合国内高校在网络安全管理方面的实际,对如何基于SNMP协议来获取网络设备信息,检测ARP攻击,追溯攻击源进行了研究,并给出完整的ARP欺骗攻击解决方案以保障高校校园网络的安全。 相似文献
2.
本文针对ARP协议的工作原理作了简单的阐述,并且介绍了ARP病毒的欺骗攻击方法和攻击根源,以及为了防御此类病毒在交换机和路由器上所做的配置。 相似文献
3.
钱华峰 《信息安全与通信保密》2008,(10):60-62
随着网络数据通信的广泛应用,TCP/IP协议、IPv4协议被更多人所了解,同时各种网络利益也随之产生,因此网络欺骗、攻击日益增多,而ARP欺骗、攻击是其中最普遍的一种。文章介绍了ARP协议、ARP欺骗、ARP攻击的基本原理和类型,并且结合实际应用情况对不同类型的欺骗和攻击,提出了相应的解决方法。 相似文献
4.
介绍了ARP协议的功能及ARP欺骗攻击的产生和类型.认为在目前,ARP欺骗攻击在局域网中频频出现,如果病毒利用ARP协议修改网络设备的ARP缓存表,网络就会出现传输缓慢、中断等异常现象,危及通信信息的安全.因此,有效的防范ARP欺骗攻击已成为保证网络畅通的必要条件,必须实施综合防范的措施,这是解决ARP欺骗攻击的有效途径. 相似文献
5.
介绍了ARP协议的功能及ARP欺骗攻击的产生和类型.认为在目前,ARP欺骗攻击在局域网中频频出现,如果病毒利用ARP协议修改网络设备的ARP缓存表,网络就会出现传输缓慢、中断等异常现象,危及通信信息的安全.因此,有效的防范ARP欺骗攻击已成为保证网络畅通的必要条件,必须实施综合防范的措施,这是解决ARP欺骗攻击的有效途径. 相似文献
6.
利用TCP/IP协议安全漏洞进行欺骗攻击的事件经常发生,攻击者利用ARP欺骗进行于巨绝服务攻击(DoS)或中间人攻击,造成网络通信中断或数据被截取和窜改,严重影响网络的安全。本文通过ARP协议原理分析揭示ARP协议欺骗,并对ARP病毒攻击提出一套有效可行的防犯措施和解决办法。 相似文献
7.
8.
ARP协议安全漏洞分析及其防御方法 总被引:10,自引:0,他引:10
论文在对ARP协议简要介绍的基础上,主要分析了利用ARP协议漏洞进行网络攻击的原理和攻击的常见方式,讨论了防御ARP攻击的常见方法,并且针对ARP协议自身的特点,提出了一种利用“拒绝无请求型应答,采用ARP包认证”的规则防范ARP攻击的算法,适用于网络安全性要求较高的局域网。 相似文献
9.
首先分析了ARP协议和ARP欺骗的原理,然后介绍ARP防火墙软件。针对ARP防火墙的功能局限,提出了基于Cisco路由器探测ARP攻击的体系结构,由MAC-IP捕获程序、数据库服务器、攻击分析程序所组成,接下来对各个部分进行深入研究。 相似文献
10.
首先分析了ARP协议和ARP欺骗的原理,然后介绍ARP防火墙软件。针对ARP防火墙的功能局限,提出了基于Cisc0路由器探测ARP攻击的体系结构,由MAC—IP捕获程序、数据库服务器、攻击分析程序所组成,接下来对各个部分进行深入研究。 相似文献
11.
In recent years we have witnessed the emergence and establishment of research in sensor network security. The majority of the literature has focused on discovering numerous vulnerabilities and attacks against sensor networks, along with suggestions for corresponding countermeasures. However, there has been little guidance for understanding the holistic nature of sensor network security for practical deployments. In this paper, we discuss these concerns and propose a taxonomy composed of the security properties of the sensor network, the threat model, and the security design space. In particular, we try to understand the application-layer goals of a sensor network, and provide a guide to research challenges that need to be addressed in order to prioritize our defenses against threats to application-layer goals. 相似文献
12.
L. He 《BT Technology Journal》2006,24(4):180-196
Routing protocols distribute network topology information around the routers of a network. They are part of the critical network
infrastructure, but are vulnerable to both internal and external attacks. In this paper, different routing protocols are first
introduced, followed by reviews of routing protocol security publications in academia and industry. The general vulnerabilities
and threats of routing protocols are then analysed. The two major protection countermeasures for both link-state routing protocols
and distance-vector routing protocols are presented in detail. The popular hacking tools which can be used directly or customised
to launch attacks are described. The product vendors of routing protocol security and the best practice adopted by network
carriers and ISPs are investigated. The paper aims to provide an overview of Internet routing protocol security, and highlight
areas for further research. 相似文献
13.
Security issues in all-optical networks 总被引:2,自引:0,他引:2
All-optical networks are emerging as a promising technology for terabit per second class communications. However, they are intrinsically different from electro-optical networks, particularly because they do not regenerate signals in the network. The characteristics of all-optical network components and architectures manifest new and still unstudied security vulnerabilities but also offer a new array of possible countermeasures. We focus on two types of attacks on the physical security of the network: service disruption, which prevents communication or degrades quality of service (QoS), and tapping, which compromises privacy by providing unauthorized users access to data which may be used for eavesdropping or traffic analysis 相似文献
14.
Secure Border Gateway Protocol (S-BGP) 总被引:9,自引:0,他引:9
The Border Gateway Protocol (BGP), which is used to distribute routing information between autonomous systems (ASes), is a critical component of the Internet's routing infrastructure. It is highly vulnerable to a variety of malicious attacks, due to the lack of a secure means of verifying the authenticity and legitimacy of BGP control traffic. This paper describes a secure, scalable, deployable architecture (S-BGP) for an authorization and authentication system that addresses most of the security problems associated with BGP. The paper discusses the vulnerabilities and security requirements associated with BGP, describes the S-BGP countermeasures, and explains how they address these vulnerabilities and requirements. In addition, this paper provides a comparison of this architecture to other approaches that have been proposed, analyzes the performance implications of the proposed countermeasures, and addresses operational issues 相似文献
15.
Enterprise network security management is a complex task of balancing security and usability, with trade-offs often necessary between the two. Past work has provided ways to identify intricate attack paths due to misconfiguration and vulnerabilities in an enterprise system, but little has been done to address how to correct the security problems within the context of various other requirements such as usability, ease of access, and cost of countermeasures. This paper presents an approach based on Boolean satisfiability solving (SAT solving) that can reason about attacks, usability requirements, cost of actions, etc. in a unified, logical framework. Preliminary results show that the approach is both effective and efficient. 相似文献
16.
意合巴古力.吴思满江 《电子测试》2016,(9):69-70
针对计算机网络安全的主要隐患进行分析,介绍了计算机网络的基本概念,并提出了计算机网络安全主要隐患包括网络黑客的攻击,网络存在的漏洞,网络病毒的入侵,网络诈骗行为,缺乏安全意识等.这些问题的存在导致用户的信息以及相关数据的安全性受到威胁.为了避免这些隐患带来的破坏,需要对计算机网络安全进行科学管理,高度重视计算既往网络安全防范技术. 相似文献
17.
MAPSec has recently been introduced as a security protocol for mobile telecommunication networks in the midst of numerous
threats and vulnerabilities. Our initial study reveals that MAPSec can only provide protection coverage to a minor portion
of the total network vulnerabilities. Motivated by this discovery, we have devised a toolkit—Cellular Network Vulnerability
Assessment Toolkit for Evaluation (eCAT) to identify: (1) Exact protection coverage of MAPSec, in terms of percentage of attacks
prevented; (2) Other kinds of security protocols required in addition to MAPSec; and (3) The most vulnerable network areas.
We use the results from eCAT in Coverage Measurement Formulas (CMF) to identify other vulnerabilities. Results from eCAT are
dually useful in that they not only reveal MAPSec’s limited effectiveness but also provide insights into overall network vulnerabilities. 相似文献
18.
计算机网络技术的广泛应用使网络成为信息传输的重要途径,然而系统漏洞的存在和黑客攻击都严重威胁着网络通信安全。文章主要对网络通信的加密技术进行探讨,以期能保障网络通信安全。 相似文献
19.
Address Resolution Protocol (ARP) is an essential protocol for the operation of local area networks. It is used for mapping the logical address to the physical address. However, ARP was designed without any security features. Therefore, ARP is vulnerable to many ARP spoofing attacks, such as the host impersonation, man‐in‐the‐middle (MITM), and denial of service (DoS) attacks. Many techniques were introduced in the literature for mitigating ARP spoofing attack. However, they could not provide protection against the host impersonation and DoS attacks. This work introduces a new technique to secure address resolution protocol called ARP Authentication (ARP‐A). The proposed technique provides authentication for ARP messages and entities. In addition, it converts ARP from a stateless to a stateful protocol. To evaluate the performance of ARP‐A, it was implemented on Linux. To investigate the scalability of ARP‐A, a new analytical model was designed for it using stochastic reward nets. The results show that, compared with other related schemes introduced in the literature, ARP‐A is more efficient in terms of security and performance. 相似文献