协议欺骗的防御研究

Study on ARP Protocol Spoofing

本文提出了基于协议欺骗的主动监听框架，扩展了网络监听的适用范围。分析了网络访问的具体过程，将其中存在的映射关系分为四种：服务器域名到IP地址、IP到MAC地址、远程服务器的IP地址到本地路由器IP地址、以及客户端界面显示到应用服务器的处理。依据破坏的映射关系不同，本文介绍两种协议欺骗方式：ARP欺骗、路由欺骗，并详细分析了这两类协议欺骗攻击原理、实现方式及其防范策略。

We present a protocol spoofing based active sniffing framework, which extends the application area of network sniffing. Four kinds of mapping relationship in network communication are discussed： server domain name to IP address, IP address to MAC address, remote server IP address to local router IP address, and client interface to server process. Protocol spoofing which can be applied in active sniffing is classified into two kinds respectively： ARP spoofing and route spoofing. The elements and implementation of them are analyzed in details.