無線網路提供了便利的網路存取服務,但是惡意使用者卻可以透過偽造MAC位址的方式來非法使用網路。在這種網路威脅中,惡意使用者不但可以自由存取網路,竊取使用者的機密,甚至可以對遠端伺服器達成阻斷式攻擊,或是對使用者正在進行的網路連線進行綁架攻擊。在目前的存取控制協定中,雖然有方法可以對抗偽造MAC位址所產生的威脅,但是其佈建或更新的代價相當高昂。針對於此,本論文中提出了一個代理人機制來對抗MAC位址偽造的威脅。此機制的作法主要是利用合法下載之代理人將傳送出去的封包加密,經由存取控管伺服器之驗證與解密,才進行正常傳送流程。由於惡意使用者無法取得合法代理人,傳送出去的封包便會變成無效封包,進而對抗MAC位址偽造所產生的威脅。我們將此機制以JAVA實作在Linux與Windows上,並驗證此機制可對抗MAC位址偽造的威脅,未來可進一步推廣在無線網路中。
Wireless networks provide convenient Internet services. Unfortunately, malicious users can illegally access the network using MAC address spoofing. They may also initiate othter network attacks to violate the rights of legal users. Although many approaches exist to counter MAC address spoofing threats in current access control protocols, their deployment costs are very high. In this thesis, we propose an agent-based mechanism to counter MAC address spoofing threats. Because malicious users cannot get the agent, the illegal transmitted packets will be treated as invalid packets and filtered out. We have implemented this mechanism on Linux and Windows in JAVA. We also show that the mechanism can counter MAC address spoofing threats.