摘要
通过分析ARP攻击的原理,提出在网络设备配置具备的情况下,结合动态主机分配协议(DHCP),在交换机上部署动态ARP检察(DAI)技术,使非法的ARP数据包无法进入网络;在网络设备配置不具备的情况下,通过编程,借助于计算机实现对ARP数据包的监控、对ARP攻击的预警、ARP攻击后的自动恢复,并对ARP攻击者实施隔离,进而保护内部网络.
Having analyzed the principles of ARP attack, the thesis introduces : when the network equipments are available, DAI technology is employed in the router with DHCP to prevent illegal ARP data package from entering into the network; and when network equipments are not available, to monitor the ARP data package, to warn against ARP attack in advance and the automatic recovery from ARP attack will be realized by computer through programming and the ARP attacker will be isolated to protect the inner network.
出处
《南京工业大学学报(自然科学版)》
CAS
2007年第5期78-81,共4页
Journal of Nanjing Tech University(Natural Science Edition)