摘要
通过IP伪装来迷惑攻击者,从而防止针对特定IP的数据流分析与嗅探。文章分析了Linux系统中IP伪装技术的不足,设计并实现了一种基于改进DHCP针对网络会话的IP动态伪装。改进DHCP通过伪装IP使用频率、客户机和IP描述及IP状态变化来管理分配伪装IP,通过主动探测来确保分配IP的安全性。客户机发起新的网络会话时,通过动态申请伪装IP并跟踪网络会话来实现IP动态伪装。
The discipline of IP masquerading can help to puzzle the attacker's attention and prevent the attacker from getting the valuable information from the IP packets which are identified by IP address by sniffer.This paper presents an implementation of IP dynamic masquerading that is based on improved DHCP and is applied to every network session by analyzing the weakness of IP masquerading in Linux.The improved DHCP manages and distributes masquerading IP dynamically by the frequency of using IP,the description of client and IP,and the state changing of IP.It also makes sure the safety of masquerading IP by active probing.The client masquerades IP of every network session dynamically by applying IP and tracking the network session.
出处
《计算机工程与应用》
CSCD
北大核心
2004年第7期35-37,共3页
Computer Engineering and Applications
基金
国家863高科技研究发展计划项目(编号:2003AA142060)
陕西师范大学校级重点项目
