摘要
防火墙渗透是网络攻防研究的一项重要内容。在有防火墙保护的情况下,目前许多渗透软件已经很难获取到主机的有用信息。本文通过分析现有国内外防火墙渗透工具存在的问题,在深入研究TCP报文结构的基础上提出了基于TCP报文的防火墙渗透探测方法,并利用该方法实现了基于TCP报文的防火墙渗透测试系统。该系统能够直接对目标主机进行探测,发现防火墙保护下主机是否在线,同时分析防火墙保护下主机的端口、服务开放情况和操作系统类型等基本信息。这些信息既可以为安全检测服务,也可以为网络攻击提供基础。
Firewall penetration is an important research aspect in network security, but now under the protection of firewall, much penetration software cannot get any useful information from a host. According to the shortcomings of the existing firewall penetration tools, based on the deep research on the structure of TCP packets, a method through TCP packet alteration is put forward, and a penetration system based on this method is implemented. The system can detect the host directly, discover whether the host under the protection of firewall is on line. And also it can analyze the basic information such as OS type, ports and services on the host is open or not. This information is useful for security analysis, and can also be used for the attacks as the basic information.
出处
《计算机工程与科学》
CSCD
2007年第5期4-7,共4页
Computer Engineering & Science
基金
国防预研基金资助项目(51419020105KG0110)
国家自然科学基金资助项目(60573136)
