共查询到20条相似文献,搜索用时 78 毫秒
1.
2.
3.
LIU Shaokai 《电脑编程技巧与维护》2008,(16)
本文在分析了Intel IXA架构及网络处理器IXP2400的基础上,构建了一套可用于IPv6网络环境下的硬件防火墙系统。基于IXP2400处理器的硬件防火墙不仅能进行2、3层过滤转发,也能对数据包内容进行更深层检查和处理。 相似文献
4.
刘绍凯 《电脑编程技巧与维护》2008,(15):117-118
本文在分析了Intel IXA架构及网络处理器IXP2400的基础上,构建了一套可用于IPv6网络环境下的硬件防火墙系统。基于IXP2400处理器的硬件防火墙不仅能进行2、3层过滤转发,也能对数据包内容进行更深层检查和处理。 相似文献
5.
为解决防火墙对IPv6协议的兼容及对内部网络之间安全的保障问题。本文设计实现了基于Intel Xscale IXP425处理器的嵌入式IPv6防火墙。该防火墙能通过WEB实现远程管理.对IPv6网络包和IPv4网络包均可进行良好的过滤。防火墙能够判断出网络包的协议类型,分别加以处理,实行动态包过滤,并可以解决IPv6分片攻击问题。通过实际设定过滤规则,对防火墙在IPv6和IPv4下的工作情况进行测试,验证了防火墙的准确性和高效性。 相似文献
6.
基于Intel XScale IXP425处理器的嵌入式IPv6防火墙设计与实现 总被引:1,自引:0,他引:1
为解决防火墙对IPv6协议的兼容及对内部网络之间安全的保障问题。本文设计实现了基于Intel Xscale IXP425处理器的嵌入式IPv6防火墙。该防火墙能通过WEB实现远程管理.对IPv6网络包和IPv4网络包均可进行良好的过滤。防火墙能够判断出网络包的协议类型,分别加以处理,实行动态包过滤,并可以解决IPv6分片攻击问题。通过实际设定过滤规则,对防火墙在IPv6和IPv4下的工作情况进行测试,验证了防火墙的准确性和高效性。 相似文献
7.
本文介绍了一种基于IXP2400网络处理器的防火墙设计方案。首先介绍了基于IXP2400网络处理器防火墙的工作原理;然后提出一种三层转发的安全转发模式防火墙的体系结构设计和具体的实现方案,设计中,引进多级处理设备和多线程的实现技术,保证整个系统的稳定性、各实现层次的独立性和安全性。 相似文献
8.
针对传统防火墙在性能和灵活性需求上难以兼顾的问题,设计并实现了一个基于Intel IXP 2400的防火墙系统,在给出系统整体设计方案的基础上,对该系统的路由转发、包过滤、网络地址转换、虚拟专用网等模块给出了详细设计方案,并对其中涉及的算法做了具体描述.经测试证明该防火墙系统具备线速处理能力. 相似文献
9.
10.
周华平 《计算机技术与发展》2007,17(11):135-138
iptables的Web配置系统,虽然使防火墙的规则输入变得非常容易操作,避免了输入规则的语法错误,而同时又保持了iptables的强大功能,但没有考虑规则之间的联系。在以往的防火墙规则输入过程中,规则都由用户判定其语义是否正确,规则之间是否矛盾,是否有无用的规则。但因规则的语义是与其在规则表中的位置相关的,因此,当规则较多时,很容易出错。因此文中针对基于Linux防火墙的包过滤系统,提出了如何对包过滤规则进行翻译和正确性检测。 相似文献
11.
基于内容的IP包过滤技术涉及到操作系统的内核态技术.通过对比用户态及内核态的特征,分析了Windows内核态的网络编程接口,采用了WDM的驱动程序模式体系及NDIS的层次架构.遵循IRP(I/O request packet)规范,实现了具有Miniport和Protocol层的中间驱动程序,并透明钩挂,截取、分析IP包.具体给出了Windows 200X系统中实现IP包过滤的鳊程技术方案. 相似文献
12.
This paper is concerned with the estimation problem for discrete-time stochastic linear systems with possible
single unit delay and multiple packet dropouts. Based on a proposed uncertain model in data transmission, an optimal
full-order filter for the state of the system is presented, which is shown to be of the form of employing the received outputs
at the current and last time instants. The solution to the optimal filter is given in terms of a Riccati difference equation
governed by two binary random variables. The optimal filter is reduced to the standard Kalman filter when there are no
random delays and packet dropouts. The steady-state filter is also investigated. A sufficient condition for the existence of
the steady-state filter is given. The asymptotic stability of the optimal filter is analyzed. 相似文献
13.
基于数据包过滤和透明代理相结合的防网络攻击 总被引:3,自引:1,他引:2
提出基于Linux平台用数据包过滤与透明代理相结合防网络攻击的解决方案,对其中的关键技术进行了探讨,提出了一种完整的技术路线。给出一个三级防御模型,在网络层通过数据包过滤模块对IP欺骗进行过滤,在电路网关一级内网主机与外网主机通过透明连接,在应用网关级一级控制和监测外网提供的服务。包过滤模块通过Linux内核的Netfilter模块实现,电路级网关模块通过透明代理实现,应用级网关模块通过面向对象、事件驱动和模块化的代理应用程序实现,通过脚本语言易于制定代理策略,全面分析复杂的协议。 相似文献
14.
15.
16.
基于Linux系统的数据包截获技术研究 总被引:1,自引:1,他引:0
网络数据包截获技术是指利用计算机技术截获网络上的数据包,然后根据数据包头部的源主机地址、目标主机地址、服务协议端口等字段特性过滤掉不关心的数据,再将用户感兴趣的数据发送给更高层的应用程序进行分析.文章探讨了基于Linux系统下数据包截获技术. 相似文献
17.
针对传统包过滤防火墙解决不了的基于内容的网络攻击,而可以完成内容过滤的应用层代理型的防火墙又效率低下的问题,文章提出了一种基于嵌入式协议栈的内容过滤防火墙方案,通过在包过滤防火墙结构中增加嵌入式协议栈模块完成内容过滤,提高了内容过滤的效率。 相似文献
18.
The Source Path Isolation Engine (SPIE) is based on a bloom filter. The SPIE is designed to improve the memory efficiency by storing in a bloom filter the information on packets that are passing through routers, but the bloom filter must be initialized periodically because of its limited memory. Thus, there is a problem that the SPIE cannot trace back the attack packets that passed through the routers earlier. To address this problem, this paper proposes an IP Traceback Protocol (ITP) that uses a Compressed Hash Table, a Sinkhole Router and Data Mining based on network forensics against network attacks. The ITP embeds in routers the Compressed Hash Table Module (CHTM), which compresses the contents of a Hash Table and also stores the result in a database. This protocol can trace an attack back not only in real time using a hash table but also periodically using a Compressed Hash Table (CHT). Moreover, the ITP detects a replay attack by attaching time-stamps to the messages and verifies its integrity by hashing it. This protocol also strengthens the attack packet filtering function of routers for the System Manager to update the attack list in the routers periodically and improves the Attack Detection Rate using the association rule among the attack packets with an Apriori algorithm. 相似文献
19.
Robust nonlinear filter for nonlinear systems with multiplicative noise uncertainties,unknown external disturbances,and packet dropouts 下载免费PDF全文
This study is concerned with the robust nonlinear filtering problem for nonlinear discrete‐time stochastic system with multiplicative noise uncertainties, unknown external disturbances, and packet dropouts. The focus of this paper is to design a filter with predictor–corrector structure such that the upper bound on the state estimation error variance is minimized in the presence of multiplicative noise, unknown external disturbances, and packet dropouts. Thus, a robust nonlinear filter based on the method to obtain the upper bound on variances of multiplicative noises, unknown disturbances, and packet dropouts is designed. Further stability analysis shows that the proposed filter has robustness against multiplicative noises, unknown external disturbances, and packet dropouts. Simulation results show that the proposed filter is more effective than extended Kalman filter and other robust extended Kalman filter. Copyright © 2017 John Wiley & Sons, Ltd. 相似文献
20.
This paper is concerned with the optimal linear estimation problem for linear discrete-time stochastic systems with multiple packet dropouts. Based on a packet dropout model, the optimal linear estimators including filter, predictor and smoother are developed via an innovation analysis approach. The estimators are computed recursively in terms of the solution of a Riccati difference equation of dimension equal to the order of the system state plus that of the measurement output. The steady-state estimators are also investigated. A sufficient condition for the convergence of the optimal linear estimators is given. Simulation results show the effectiveness of the proposed optimal linear estimators. 相似文献