校园网arp病毒的检测定位与防范研究.pdf

摘 要
伴随着计算机网络的普及和通讯技术的迅猛发展，网络信息已逐步成为当今社
会发展的重要资源。网络互连一般采用 TCP/IP 协议，由于网络及其协议的设计者，
在设计之初只考虑了效率问题没有考虑网络安全的问题，所以几乎所有的网络协议
都有漏洞，ARP 协议同样也存在着安全漏洞。ARP 攻击在现今的网络中频频出现，
轻者造成网络性能下降，重者造成网络不通或信息被盗。因此有效的防范 ARP 形式
的网络攻击己成为确保网络畅通安全的必要条件。
本文分析了 ARP 协议及其存在的漏洞，ARP 病毒的攻击原理和方式方法，对比了
现有的检测、定位和防范方法的优缺点。设计实现了一个检测、定位和防范 ARP 病
毒的系统。能够有效的检测到交换的 ARP 缓存表，通过对缓存中 ARP 映射信息的分
析，找出可能发生的欺骗或者谁是攻击者，通过远程设置交换机的 ACL 等操作对检
测到的危险进行处理，可以有效地对 ARP 攻击进行防范和检测。
关键词：校园网，ARP 病毒，检测，定位，防范
Abstract
Along with the popularization of computer networks and communication technologies, the
rapid development of network information has gradually become an important resource for
the development of today's society. Network interconnection generally use the TCP / IP
protocol, due to network designers and network protocol designers, beginning in the design of
the problem is not only considered the efficiency of network security issues to consider, so
almost all the network protocols is flawed, ARP protocols Similarly, there are also security
vulnerabilities.
This paper analyzes the ARP protocol and protocol vulnerabilities; ARP virus attacks
principles and ways and means to compare the existing detection, positioning and prevention
methods advantages and disadvantages. A detection, location and specific model to prevent
ARP virus is built. Can effectively detect the exchange of ARP cache table, ARP cache
mapping by analysis of the information to identify the risk of fraud, or who is the attacker,
through the remote setting of the ACL and other operations on the switch to detect the risk of
processing, you can effectively to prevent and detect ARP attacks.
Zhou Yu (Computer Applied Technology)