| 基于NDIS中间层驱动程序的隐蔽通道 |
| |
| 引用本文: | 李频,包涵卿,陈丹伟. 基于NDIS中间层驱动程序的隐蔽通道[J]. 计算机工程, 2009, 35(16): 151-153 |
| |
| 作者姓名: | 李频 包涵卿 陈丹伟 |
| |
| 作者单位: | 南京邮电大学计算机学院,南京,210003;久之游信息技术(上海)有限公司,上海,200001 |
| |
| 基金项目: | "十五"科技攻关计划基金资助项目 |
| |
| 摘 要: | 通过一个基于网络驱动程序接口规范中间层的驱动,在Windows网络协议栈下建立一个隐蔽通道,使应用程序可利用其直接与外界通信。该通道的作用位置相比防火墙对于协议栈的控制更为底层,可直接从网卡读写数据进行网络通信。分析防火墙由于未对网络进行完整防护而被穿透的原因,探讨抵御该类攻击的方法。
|
| 关 键 词: | Rootkit工具 防火墙穿透 隐蔽通道 网络驱动程序接口规范 中间层驱动程序 |
| 修稿时间: | |
Covert Channel Based on NDIS Intermediate Driver |
| |
| LI Pin,BAO Han-qing,CHEN Dan-wei. Covert Channel Based on NDIS Intermediate Driver[J]. Computer Engineering, 2009, 35(16): 151-153 |
| |
| Authors: | LI Pin BAO Han-qing CHEN Dan-wei |
| |
| Affiliation: | (1. College of Computer, Nanjing University of Posts and Telecommunications, Nanjing 210003;2. Nineyou Information Technology(Shanghai) Co., Ltd., Shanghai 200001) |
| |
| Abstract: | This paper builds up a covert channel under Windows network protocol stack based on Network Driver Interface Specification(NDIS) Intermediate Driver(IMD) technology.Application program can communicate with outward by this channel whose position is lower than control of firewall,and it can read and write data directly from NIC.It analyzes the reason the firewall may be bypassed,which is caused by lack of protection for the network,and discusses how to prevent this kind of attacks. |
| |
| Keywords: | Rootkit tool firewall penetrating covert channel Network Driver Interface Specification(NDIS) Intermediate Driver(IMD) |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载免费的PDF全文 |
