摘要
NetFlow是Cisco公司在其交换、路由体系中采用的一种三层交换技术。NetFlow服务能够提供包括地址、协议、端口和服务类型等详细的数据流统计信息。由于蠕虫病毒传播过程中会发起大量的扫描连接,使用Flow-tools等工具统计分析NetFlow数据流,可以很容易地找出染毒计算机IP地址,再利用SNMP准确地定位该IP的位置并关闭其所连交换机端口,就可以将染毒计算机与网络隔离。同时对染毒计算机相关信息的详细记录,为网络管理员对染毒计算机的处理提供了准确的信息。
NetFlow is one kind of layer 3 switch technologies which is used in switch and route system of Cisco. The NetFlow service can provide the detailed data stream statistics information about the address, the protocol, the port and the service type and so on. Using the tools such as Flow - tools to analyze the data stream of NetFlow, it is easy to discover the IP addresses of virus - infected computers, since the worm virus can initiate massive scanning connection during their spreading process. Using SNMP, the switch ports linked with the computers which use these IP addresses can be located and the virus- infected computers can be isolated from the network by closing the corresponding switch ports. At the same time the recorded detailed information of the contamination computers may help administrator to deeply analyze and process.
出处
《计算机技术与发展》
2007年第5期117-120,共4页
Computer Technology and Development
基金
安徽省2006年教育厅自然科学基金项目(2006kJ017C)
