摘要
防范地址解析协议ARP(Address Resolution Protocol)欺骗攻击的难点是:攻击源可以隐藏在网段内任何一个主机中,即使发现了攻击的存在,也难以迅速定位攻击源。结合校园网络的特点,提出了一种新的ARP攻击检测方案:检测服务器通过SNMP协议定期读取核心交换机的ARP、VLAN等信息和接入交换机的MAC-PORT信息,利用综合检测算法,及时发现攻击现象,迅速定位攻击源,并根据网络实际情况采用不同的技术措施进行处理。实践证明,该方法能够有效保障校园网络安全。
The big difficulty in defending ARP spoofing attacks is that the attacking source can be hidden among any host inside a network section.Even if an attack is discovered,it is hard to quickly locate the attacking host.Combined with the characters of the campus network,this paper proposes a new ARP spoofing detection scheme which allows the detection server to periodically reads such information as ARP,VLAN,etc.from core switches and the MAC-PORT information from access switches under SNMP protocol,then uses comprehensive detection algorithm to timely find the attacks and rapidly locate the attacking host,and then deals with the attacks using different technical means according to actual situation of the networks.Practice demonstrates that the scheme can effectually safeguard the security of campus network.
出处
《计算机应用与软件》
CSCD
2011年第5期120-122,共3页
Computer Applications and Software
基金
新疆自治区高校科研计划项目(XJEDU2009S08)
新疆大学校院联合基金项目(XY080156)
关键词
ARP协议
ARP攻击
SNMP协议
校园网
Address resolution protocol(ARP) ARP attack Simple network management protocol(SNMP) Campus network
