本文關(guān)鍵詞： 防御 包過(guò)濾 Windows Firewall Hook Driver ARP　出處：《電子科技大學(xué)》2014年碩士論文　論文類型：學(xué)位論文

【摘要】：自計(jì)算機(jī)網(wǎng)絡(luò)技術(shù)出現(xiàn)開始,網(wǎng)絡(luò)安全就是一個(gè)不容忽視的問(wèn)題。而隨著計(jì)算機(jī)網(wǎng)絡(luò)技術(shù)的發(fā)展,及互聯(lián)網(wǎng)的大范圍普及,網(wǎng)絡(luò)安全問(wèn)題越來(lái)越嚴(yán)峻,這方面的研究工作越來(lái)越重要。而網(wǎng)絡(luò)防御局域網(wǎng)ARP攻擊的系統(tǒng)防火墻技術(shù)是當(dāng)今網(wǎng)絡(luò)安全的核心技術(shù),是抵御外界網(wǎng)絡(luò)攻擊和威脅的第一線。本次論文設(shè)計(jì)并實(shí)現(xiàn)了一個(gè)簡(jiǎn)單的防御局域網(wǎng)ARP攻擊的系統(tǒng)。可以對(duì)進(jìn)出計(jì)算機(jī)的所有網(wǎng)絡(luò)數(shù)據(jù)包進(jìn)行監(jiān)視,根據(jù)用戶設(shè)定的規(guī)則,比如IP、網(wǎng)絡(luò)數(shù)據(jù)包流入流出方向、端口、協(xié)議、處理方法等,進(jìn)行篩選,合法的放行,非法的丟棄。由于自Windows Vista系統(tǒng)以來(lái),Windows網(wǎng)絡(luò)協(xié)議棧架構(gòu)發(fā)生了變化,因此開發(fā)技術(shù)也發(fā)生了變化。原先的諸如Filter Hook Driver、TDI Driver等都不適用于Windows Vista及其以上版本的系統(tǒng)了。因而分別使用了兩套技術(shù)以適應(yīng)需求。針對(duì)Windows 2000、Windows XP系統(tǒng),使用Firewall Hook Driver技術(shù),進(jìn)行驅(qū)動(dòng)開發(fā)。在內(nèi)核模式下,設(shè)計(jì)了IP過(guò)濾鉤子,實(shí)現(xiàn)了一個(gè)鉤子過(guò)濾回調(diào)函數(shù)(在Firewall Hook Driver提供的過(guò)濾函數(shù)cbFilterFunction中注冊(cè)),在此回調(diào)函數(shù)中,遍歷規(guī)則鏈表,決定對(duì)此數(shù)據(jù)包是放行還是攔截。針對(duì)Windows vista、Windows 7系統(tǒng),采用WFP(Windows Filtering Platform)技術(shù),通過(guò)BFE(Base Filtering Engine)在用戶態(tài)進(jìn)行規(guī)則設(shè)定。具體的對(duì)數(shù)據(jù)包的訪問(wèn)及處理,是在此引擎內(nèi)部實(shí)現(xiàn)的,開發(fā)人員不需要了解其內(nèi)部實(shí)現(xiàn)。本防御局域網(wǎng)ARP攻擊的系統(tǒng)防火墻由以下幾個(gè)模塊組成:增加過(guò)濾規(guī)則模塊、刪除過(guò)濾規(guī)則模塊、持久化過(guò)濾規(guī)則模塊、反持久化過(guò)濾規(guī)則模塊、啟動(dòng)引擎模塊、關(guān)閉引擎模塊、添加規(guī)則到引擎模塊、刪除引擎中的規(guī)則模塊、過(guò)濾網(wǎng)絡(luò)數(shù)據(jù)模塊、記錄日志模塊。本防御局域網(wǎng)ARP攻擊的系統(tǒng)防火墻系統(tǒng)還具有良好的用戶界面,操作及其簡(jiǎn)便,輕松地就可以保護(hù)個(gè)人計(jì)算機(jī)的安全。
[Abstract]:Since the emergence of computer network technology, network security has become a problem that can not be ignored. With the development of computer network technology and the wide spread of the Internet, the network security problem is becoming more and more serious. The research work in this field is becoming more and more important, and the system firewall technology of network defense against LAN ARP attack is the core technology of network security nowadays. This paper designs and implements a simple defense system against LAN ARP attacks. It can monitor all network packets in and out of computers, according to the rules set by users. For example, IPs, network packets flowing in and out direction, ports, protocols, processing methods, etc., filtering, legal release, illegal discards, etc., because the architecture of Windows network protocol stack has changed since the Windows Vista system. Therefore, the development technology has also changed. The original systems such as Filter Hook driver and TDI Driver are not suitable for Windows Vista or more. Therefore, two sets of technologies are used to meet the requirements. For the Windows 2000 Windows XP system, Firewall Hook Driver technology is used. In kernel mode, the IP filter hook is designed, and a hook filter callback function is implemented (registered in the filter function cbFilterFunction provided by Firewall Hook Driver. In this callback function, the rule list is traversed. It is decided whether to release or intercept the data packet. For the Windows Vistag windows 7 system, the WFP(Windows Filtering platform technology is used to set the rules in the user state through the BFE(Base Filtering engineer. The specific access and processing of the data packet is realized in this engine. Developers do not need to understand its internal implementation. The system firewall against LAN ARP attacks is composed of the following modules: adding filtering rules module, deleting filtering rules module, persisting filtering rule module, Anti-persistence filtering rule module, starting engine module, closing engine module, adding rules to engine module, deleting rule module in engine, filtering network data module, This system firewall system against LAN ARP attack also has a good user interface, easy to operate and easy to protect the security of personal computers.
【學(xué)位授予單位】：電子科技大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TP393.08
，

本文編號(hào)：1555431