ARP欺骗攻击与硬件防御研究

Research on ARP Spoofing Attack and Hardware Defense

针对现有ARP欺骗攻击防御手段配置繁琐、成本高昂等问题,文章设计了基于FPGA的硬件防御设备并在真实网络环境中进行了测试。首先搭建真实的局域网环境,利用arpspoof工具对局域网中的目标主机实施ARP欺骗攻击;然后设计了基于FPGA平台的网络安全防御设备,通过对上下行链路中的网络报文进行解析,并与设置的安全防御策略相应报文的字段进行比对过滤,实现对ARP欺骗报文的识别与过滤;最后将网络安全防御设备接入局域网,并通过VIVADO的ILA抓取ARP欺骗攻击报文的相关字段波形。波形数据表明,网络安全防御设备可有效识别ARP欺骗攻击报文的MAC地址和IP地址等内容并实施有效拦截,同时可对接入系统的网络链路带宽、攻击拦截率和被攻击主机系统资源使用率进行统计。

In view of the cumbersome configuration and high cost of the existing ARP spoofing attack defense methods,a hardware defense device based on FPGA was designed and tested in the real network environment.First,the real LAN environment was built,and the arpspoof tool was used to implement ARP spoofing attack on the target host in the LAN,and the target host couldn’t access the external network after being attacked.A network security protection device based on FPGA platform was designed to identify and filter ARP spoofing packets by analyzing the network packets in the upstream and downstream links and comparing them with the corresponding packet fields of the security protection policy.Finally,the network security protection device was connected to the LAN,and the ILA of VIVADO captured the related field waveforms of ARP spoofing attack packets.The waveform data shows that the network security device can effectively identify the MAC address and IP address of ARP spoofing attack packets and effectively intercept them.The changes of network link bandwidth,attack interception rate,and system resource usage of the attacked host are also collected.