摘要
当前,局域网中频繁发生的ARP攻击活动令网络管理者防不胜防。文中探讨了ARP协议和ARP攻击原理,针对ARP攻击数据包的特征,提出了一种基于交换机镜像端口的检测和定位方法。该方法包括抓包、包结构分析和确定映射对比、伪造包判断和定位等几个步骤。利用WinPcap开发包实现了该方法,并在2种不同的局域网环境中对进行了测试,结果表明该方法能够检测到大多数ARP攻击并对攻击主机进行定位,具有一定的实用价值。
Currently, the frequent ARP attack in the LAN is hard to guard against to the network managers. This paper discusses the ARP protocol and attack principles. According to the characteristics of ARP attacking packets, a detecting and locating method which included packet capturing, packet structure analyzing, fixed mapping comparing, fake packet judging and locating based on the switch mirror port is presented. By using the WinPcap developer package, the method is achieved. The tested result in two different network environments Showed that the method which can detected most of ARP attacks and located the attacking host had a certain practical value.
出处
《电子测试》
2010年第1期77-79,85,共4页
Electronic Test
