| 一种基于DNAT技术的DNS重定向改进方案 |
| |
| 引用本文: | 宋平凡,刘嘉勇,华伟. 一种基于DNAT技术的DNS重定向改进方案[J]. 通信技术, 2015, 48(2): 223-27. DOI: 10.3969/j.issn.1002-0802.2015.02.022 |
| |
| 作者姓名: | 宋平凡 刘嘉勇 华伟 |
| |
| 作者单位: | 四川大学 电子信息学院,四川 成都 610064 |
| |
| 摘 要: | DNS重定向是基于DNS欺骗实现的一种数据流重定向技术。文中首先总结了几种不同形式的DNS欺骗技术,重点分析了现有DNS重定向技术的实现方式及其所存在的缺陷:一是会直接暴露监测主机的IP地址;二是不能同时监测多个域名。然后介绍了NAT和DNAT的技术原理,并基于DNAT技术给出了一种针对现有DNS重定向技术实现缺陷的改进方案。最后给出了改进方案在Linux上的实现方法,对方案改进前后进行了对比,证明了改进方案的优越性。
|
| 关 键 词: | DNS重定向 目的地址转换 监控 Linux防火墙 |
A Modified Scheme for DNS Redirection based on DNAT Technology |
| |
| SONG Ping-fan;LIU Jia-yong;HUA Wei. A Modified Scheme for DNS Redirection based on DNAT Technology[J]. Communications Technology, 2015, 48(2): 223-27. DOI: 10.3969/j.issn.1002-0802.2015.02.022 |
| |
| Authors: | SONG Ping-fan LIU Jia-yong HUA Wei |
| |
| Affiliation: | (College of Electronic and Information Engineering,Sichuan University,Chengdu Sichuan 610064,China); |
| |
| Abstract: | DNS redirection is a network redirection technology based on DNS spoofing. Firstly, this paper summarizes several forms of DNS spoofing, analyzes the current implementation of DNS redirection, including its disadvantages:one is that the current implementation would directly expose the IP address of monitoring computer to the monitored computer, and another is that the current implementation could not monitor multiple domain names at the same time. Then, this paper describes the technical principles of NAT and DNAT,and based on DNAT technology,provides a modified scheme for DNS redirection. Finally, this paper proposes the implementation of this modifeid scheme on Linux system, and the superiority of this scheme is verified via comparison of between the original scheme and the proposed one. |
| |
| Keywords: | DNS redirection DNAT monitoring Linux firewall |
| 本文献已被 CNKI 等数据库收录! |
| 点击此处可从《通信技术》浏览原始摘要信息 |
|
点击此处可从《通信技术》下载免费的PDF全文 |
|
