摘要
针对目前Windows平台上入侵防御系统对恶意数据在TCP/IP层上的过滤大都借助Windows内核或第三方防火墙的情况,提出利用Windows内嵌的IPSec筛选器和Snort入侵检测系统实现联动,在发现危险报警后,自动设置IPSec筛选器来对相应的数据进行过滤,并对改写后的Snort联动模块进行全面的测试,结果证明可以成功地实现对入侵数据包的阻塞.
There have been a few studies highlighting Network Intrusion Prevention System on Windows plat- form, while most implementations to filter the malicious data on TCP/IP recur to the third party firewalls or Win- dows kernel. The method to filter the relevant network traffic by configurating IPSec embedded in Windows auto- matically when finding dangerous alert by cooperation of Snort and IPSec is presented in this paper. The cooperation part of rewritten Snort was tested. The experimental results show that it can block invasive packets successfully.
出处
《哈尔滨理工大学学报》
CAS
2012年第3期96-99,共4页
Journal of Harbin University of Science and Technology
基金
黑龙江省科技攻关项目(GZ11A304)