基于Snort的校园网ARP欺骗检测应用研究

The Research and Application of ARP Spoofing Detection based on Snort in Campus Network Environment

首先分析了Snort网络入侵检测系统,然后剖析了ARP协议工作原理及ARP欺骗攻击的过程。根据校园网的网络结构特点,在网关上安装Snort,通过修改Snort配置文件,添加输出ARP头部信息的Snort输出插件,实现对校园网ARP欺骗的检测预防。

This paper first analyzes the network intrusion detection system Snort,then analyzes the ARP agreement working principle and process of ARP spoofing attack.According to the characteristics of campus network structure,installed in the gateway Snort,by modifying Snort configuration files,add output of ARP header information Snort output plug-in ARP deception of campus network,realize the detection prevention.