一种主动检测和防范ARP攻击的算法研究
Research on an Algorithm of Active Detecting and Resisting ARP Attack
作者:林宏刚(成都信息工程学院 网络工程系,四川 成都 610225);陈麟(成都信息工程学院 网络工程系,四川 成都 610225);王标(国际关系学院 信息科技系,北京 100091)
Author:(Dept.of Network Eng., Chengdu Univ. of Info. Technol., Chengdu 610225,China);(Dept.of Network Eng., Chengdu Univ. of Info. Technol., Chengdu 610225,China);(Dept. of Info. and Technol., Univ. of International Relations, Beijing 100091,China)
收稿日期:2007-09-24 年卷(期)页码:2008,40(3):143-149
期刊名称:工程科学与技术
Journal Name:Advanced Engineering Sciences
关键字:ARP攻击;一致性检测;发送方身份验证;主动检测
Key words:ARP attack; consistent detection; verifying the identity of the sender;active detecting
基金项目:四川省科技攻关资助项目(04GG007-009)
中文摘要
为了能有效对抗ARP攻击,提出一种采用主动检测技术的算法。在算法中,对主机发送和接收的ARP报文头信息进行一致性检测,丢弃ARP头信息不一致的ARP报文;根据接收的ARP报文信息构造特定数据包,采用主动检测方法对发送方实施身份认证,拒绝未通过认证的报文;依照先发送请求后接收应答规则验证ARP应答,拒绝无请求型应答。与其它ARP攻击解决方法相比较,该算法除了能更快速和准确检测出其它机器对本机的ARP攻击,还能阻止本机对其它机器进行ARP攻击,能更有效地防止ARP攻击。
英文摘要
To withstand the ARP attacks,an algorithm using an active technique to detect the ARP attacks was proposed. According to the algorithm,header of all ARP packets that the host receives and sends is detected ,and the ARP packets of Inconsistent Header are abandoned.Adopting the method of active detecting, the special packets are constructed using the address information in the receiving ARP packet and sent to the host whose authenticity is to be verified , and thus the ARP packet is rejected if the host can’t pass the authentication.In accordance with the rule of “receiving ARP reply after sending an ARP request”, the ARP reply without request is refused. The algorithm is faster and more reliable in detecting ARP attacks against the local host than other solutions against ARP attacks.Moreover, it can prevent local host from attacking other host and resists the ARP attacks more effectively.
【关闭】
