| ARP欺骗的自动探测、定位和隔离 |
| |
| 引用本文: | 张云高,吉杰. ARP欺骗的自动探测、定位和隔离[J]. 计算机与现代化, 2009, 0(6) |
| |
| 作者姓名: | 张云高 吉杰 |
| |
| 作者单位: | 汕头航空有限公司信息工程部,广东,汕头515041;汕头大学网络中心,广东,汕头515063 |
| |
| 摘 要: | ARP欺骗可以分为假冒网关和假冒计算机两种.本文实现了一种对抗ARP欺骗的架构,通过分析网关的Syslog事件,能够发现第一种ARP欺骗;通过分析路由器的ARP表,能够发现第二种ARP欺骗.在确定攻击者的MAC地址后,定位其接入交换机端口,然后关闭端口就能够隔离ARP攻击.并借助于数据库技术和SNMP协议,自动完成这些过程.
|
| 关 键 词: | ARP欺骗 SNMP 路由器 交换机 |
Automatically Detect,Locate and Isolate ARP Spoofing |
| |
| ZHANG Yun-gao,JI Jie. Automatically Detect,Locate and Isolate ARP Spoofing[J]. Computer and Modernization, 2009, 0(6) |
| |
| Authors: | ZHANG Yun-gao JI Jie |
| |
| Affiliation: | 1.Information Center of China Southern Airlines Shantou Corp;Shantou 515041;China;2.Network Center of Shantou University;Shantou 515063;China |
| |
| Abstract: | ARP spoofing can be classified as pretending to be gateways and pretending to be other computers.This paper implements an infrastructure to deal with ARP spoofing.The first type can be found by analysing gateways's Syslog messages.The second type can be found by analysing routers' ARP table.After finding the MAC address of ARP attacker,we can locate its access layer switch port,and then shut down the port so as to isolate ARP spoofing.By means of database and SNMP,all this processes can be done automaticall... |
| |
| Keywords: | SNMP |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
