| 园区网ARP欺骗攻击防御模式设计与实现 |
| |
| 引用本文: | 赵晓峰 汪精明 王平水. 园区网ARP欺骗攻击防御模式设计与实现[J]. 微机发展, 2007, 17(7): 152-155 |
| |
| 作者姓名: | 赵晓峰 汪精明 王平水 |
| |
| 作者单位: | 安徽财经大学网络中心 安徽蚌埠233041 |
| |
| 基金项目: | 安徽省2006年教育厅自然科学基金项目(2006kJ017C) |
| |
| 摘 要: | 地址解析协议(ARP)工作于OSI参考模型第二层,在园区网VLAN中实现IP地址到网络接口硬件地址(MAC)的映射功能,攻击者利用ARP协议安全缺陷,在网关与主机(整个网段)之间实施ARP欺骗攻击,将会对VALN内主机产生巨大安全威胁。针对此类攻击设计与实现的网络防御模式,通过IP地址与接入层交换机端口绑定、定期在VLAN广播网关MAC地址等方法,可有效阻止该类攻击发生。
|
| 关 键 词: | 交换网络 ARP欺骗 网络攻击 网络防御 |
| 文章编号: | 1673-629X(2007)07-0152-04 |
| 修稿时间: | 2006-09-03 |
Design and Implementation of Defense System for ARP Spoofing in Campus Network |
| |
| ZHAO Xiao-feng,WANG Jing-ming,WANG Ping-shui. Design and Implementation of Defense System for ARP Spoofing in Campus Network[J]. Microcomputer Development, 2007, 17(7): 152-155 |
| |
| Authors: | ZHAO Xiao-feng WANG Jing-ming WANG Ping-shui |
| |
| Abstract: | Address Resolution Protocol(ARP)works in Layer 2 of the OSI reference model.It implements the mapping between IP and MAC in VLAN of campus network.The attacker uses the ARP shortage of security,implements the ARP spoofing attack between the gateway and the host computer,will be serious threat to the security of host computer in VLAN.Design and implementation of defense system for this kind of attack,through IP address and switch port binding,broadcast gateway MAC address and so on methods,can prevent this kind of attack to occur effectively. |
| |
| Keywords: | switch network ARP spoofing network attack network defense |
| 本文献已被 CNKI 等数据库收录! |
