摘要
Xprobe2通过模糊矩阵统计分析主动探测数据报对应的ICMP数据报特征,进而探测得到远端操作系统的类型。在分析Xprobe2实现机制的基础上,通过对探测数据报进行检测,并以指定的操作系统特征为模板,对输出ICMP数据报进行伪装,实现防御Xprobe2探测。基于ND IS给出了实现的体系机构,并对事件分离模块和伪装应答模块进行了详细的讨论。测试结果显示,该方案能有效的防御Xprobe2主动探测,实现了对操作系统指纹的伪装。
Xprobe2 combines various remote active operating system fingerprinting methods using the ICMP protocol, and it utilizes a matrix based fuzzy logic to analyzing the results produced by various remote active operating system fingerprinting tests. Based on analyzing the mechanism of Xprobe2, this paper describes the design of Anti - xprobe2 which defenses OS fingerprinting detection of Xprobe2 by camouflaging response packets. It also gives the architecture of Anti -xprobe2 and discusses the event separator module and packets camouflage module in detail based on NDIS. The test result displays that this intermediate driver defense the detection of Xprobe2 successfully.
出处
《航空计算技术》
2006年第2期67-69,73,共4页
Aeronautical Computing Technique
基金
国家自然基金"网络伪装协同安全模型研究"(60503008)