| 基于ARP缓存超时的中间人攻击检测方法 |
| |
| 引用本文: | 郭卫兴,刘旭,吴灏.基于ARP缓存超时的中间人攻击检测方法[J].计算机工程,2008,34(13):133-135. |
| |
| 作者姓名: | 郭卫兴 刘旭 吴灏 |
| |
| 作者单位: | 解放军信息工程大学信息工程学院,郑州,450002 |
| |
| 基金项目: | 国家高技术研究发展计划(863计划) |
| |
| 摘 要: | 探讨ARP协议工作机理,通过对内部网络通信危害较大的ARP欺骗技术的分析,提出一种交换网络环境下基于ARP缓存超时机制的中间人攻击行为检测方法,研究Windows操作系统中ARP缓存超时机制的设置,并给出检测实现的方法。实验表明,当主机收到ARP数据包,并更新自己的缓存项后,在该缓存项超时之前,不会再发出请求包,也就不会收到该项的应答包。如果ARP数据包统计情况与上述事实不符,则必定发生了ARP欺骗。
|
| 关 键 词: | 内网通信安全 ARP欺骗 中间人攻击 缓存超时 |
| 修稿时间: | |
MITM Attack Detection Method Based on ARP Cache Overtime |
| |
| GUO Wei-xing,LIU Xu,WU Hao.MITM Attack Detection Method Based on ARP Cache Overtime[J].Computer Engineering,2008,34(13):133-135. |
| |
| Authors: | GUO Wei-xing LIU Xu WU Hao |
| |
| Affiliation: | (College of Information Engineering, PLA Information Engineering University, Zhengzhou 450002) |
| |
| Abstract: | Through studying the ARP-spoofing which is one of the most dangers in the Intranet, based on the ARP-cache-overtime mechanism, this paper proposes a method to detect Man-In-The-Middle(MITM) attack in the switch network, investigates ARP-cache-overtime mechanism based on Windows, presents a method to detect and calculates the overtime. Experimental results show that when host receives an ARP packet, the ARP cache item is updated. Before this item is overtime, the host can not send ARP request packet to the item. Therefore, in this period the host does not receive any ARP reply packet related to this item. If the ARP packet statistic is not agreed with the principle, ARP-spoofing happens. |
| |
| Keywords: | Intranet communication security ARP spoofing Man-In-The-Middle(MITM) attack cache overtime |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载全文 |
