ARP攻擊之自動偵測與防禦流程設計

因應資訊科技應用迅速發展，網際網路入侵及攻擊事件也與日俱增，而網路管理的重要性即成為系統管理者必須面臨的課題。而在這複雜的網路環境中，中間人攻擊( MITM )、阻斷服務攻擊(如NETCUT )是最難預防的，並且會影響資訊系統的穏定性。　　本論文研究採用Apache+PHP+MySQL+SNMP等技術來開發Web化的操作介面，使本系統具有良好的可操作性、可攜性和可擴展性。透過Web 2.0的互動式設計，讓管理者可更有效率的偵測及解除ARP欺騙攻擊之網路行為，維謢上能夠更得心應手。本論文利用路由器所提供SNMP資訊來進分析網路的異常狀況，即時監測NETCUT的ARP欺騙行為；除了以SNMP訊息通知，並且自動阻斷攻擊者之行為。經由實作與測試，結果顯示本論文所提出之ARP攻擊偵測與防禦確實能夠解除NETCUT攻擊。

關鍵字

中間人攻擊；阻斷服務攻擊；簡易網路管理協定； ARP攻擊

並列摘要

With the rapid development of Information techniques, more and more Internet intrusion events were also increased drastically. System manager need to pay attention to this issue. Among the complicated infrastructure, it is hard to prevent the attacks with Man-in-the-Middle and Denial of Service, which would impact the system stability. For the sake of good handling, portability and extensity, this study tried to develop the web-based defense system by adopting the techniques of Apache, PHP, MySQL and SNMP. According to the interactive interface with Web 2.0, system manager can detect and eliminate the ARP attack effectively. The proposed system adopted SNMP protocol to monitor and analysis the abnormal status on Internet. Once the ARP attack events (NETCUT) were detected, the program would block the intrusion aorm the manager. Thend inf test result showed that the proposed mechanism could indeed detect and remove the NETCUT attack.

並列關鍵字

Man-in-the-middle attack ； DoS attack ； SNMP ； ARP Spoofing

參考文獻

[1] C.L. Abad, R.I. Bonilla, “An Analysis on the Schemes for Detecting and Preventing ARP Cache Poisoning Attacks,” 27th International Conference on Distributed Computing Systems Workshops (ICDCSW'07),p60,June. 2007.

Google Scholar

[2] David C. Plummer,RFC826,”Ethernet Address Resolution Protocol: Or converting network protocol addresses to 48.bit Ethernet address for transmission on Ethernet hardware,”List of Ethernet Frame Types,Nov. 1982.