摘要
概述了地址解析协议(ARP)原理和功能,介绍了ARP欺骗的攻击方式及防御方法并对防御效果进行了比较。网络系统分布层交换机采用DHCP SNOOPING和DAI技术,可以在客户端主机和核心层设备之间、接入层交换机与接入层交换机之间建立一道逻辑性ARP防火墙,通过对非法ARP数据包的过滤丢弃从而有效地防御了ARP欺骗的攻击,提高了局域网运行的稳定性和安全性。
The principle and function of Address Resolution deception, defense to the deception and the effect Protocol (ARP) are summarized,the attacking from ARP introduced. Because the Dynamic Host Configuration Protocol (DHCP) Snooping and Dynamic ARP Inspection (DAI) are applied in switch of distribution layer, a logic ARP firewall is built between client computer and core layer equipment. The attacking is defended effectively by filter and discard of illegal ARP data packet, the stability of the local area network operation and security improved.
出处
《石化技术》
CAS
2009年第2期38-40,共3页
Petrochemical Industry Technology
关键词
局域网
地址解析协议欺骗
防御
local area network, address resolution protocol deception, defense
