ARP欺骗防御研究
Research on Defense Against ARP Spoofing
【中文摘要】 网络的迅速发展,在给人类生活带来方便的同时,也对网络安全提出了更高要求。网络协议安全是网络安全的重要环节,因此对网络协议的分析和利用越来越受到普遍关注。互联网的发展很大程度上归功于TCP/IP协议运行的高效性和开放性,然而TCP/IP协议在实现过程中忽略了对网络安全方面的考虑,致使其存在着较多安全隐患。ARP协议是TCP/IP协议中重要的一员,其功能主要是为局域网内网络设备提供IP地址向硬件地址的转化,其设计建立在局域网内网络设备之间相互信任的基础上,由此产生了许多ARP欺骗攻击方法。许多木马和病毒利用ARP协议这一设计上的漏洞在局域网内进行ARP欺骗攻击,给局域网的安全造成了严重威胁。为解决ARP欺骗给局域网带来的安全问题,目前已有许多学者在这方面做了有意义的探索与实践,尽管某些方案在实际项目的应用中已相对成熟,但在防御能力上仍存在着一定的局限性。本文针对ARP欺骗原理及其现有防御方式展开讨论与研究,以防御ARP欺骗攻击、提高网络安全性为目标,从理论基础、实验验证、系统设想与实现等几个方面对ARP欺骗防御展开研究,主要工作如下:首先,在对OSI参考模型、TCP/IP参考模型、以太网技.术、IP地址和MAC地址等相关理论基础学习和研究的基础上,重点分析了ARP协议的运行机制,包括ARP缓存、ARP帧格式和报文格式、ARP请求和应答的运行过程、代理ARP、免费ARP及其运行过程等。其次,分析了ARP欺骗原理及各种欺骗手段,并与传统攻击方式进行了对比;为研究Windows操作系统环境下ARP协议实现的特性,制作了用于查看ARP缓存内容的ARPTable测试程序。利用该工具对大量实验结果分析,得到了Windows XP SP2操作系统中能产生ARP欺骗的最少正确字段,从中总结出4条Windows操作系统中的ARP协议实现特性。然后,以此为理论基础,根据Windows系统在更新ARP缓存中IP地址和MAC地址映射信息时不检验更新内容可靠性的缺陷,提出了一种主体基于服务器客户端模式的ARP欺骗防御模型,以达到在使用现有低端交换机相连的局域网中实现各主机防御ARP欺骗的目的。通过对相关软件知识的学习与研究,对该模型进行了设计与实现。该系统可用于学校、企业、网吧等局域网内,提高局域网的网络安全性。

【英文摘要】 With the rapid development of Internet technology, people pay more attention to the security of internet transmission when they enjoy the conveniences brought by the technology. The security of the network protocol is necessary to Internet system, so it has been widely studied by more and more people. The development of Internet technology is due to the own characteristics of TCP/IP, such as opening and efficiency. However, without consideration about the network security, TCP/IP technology also leads to more security risks. ARP(Address resolution Protocal) is an important part of TCP/IP, and it may resolve IP address into MAC address in Local Area Networks, whereas the design is based on the trust among the network equipments. According to the loophole in design, many Trojan horses and viruses carry out ARP spoofing attacks to Local Area Networks, which bring about serious threat to the network security. Many scholars have studied in this area and made some significant achievements. E.ven though some strategies have been relatively mature in actual application projects, there are still certain limitations in defensive capability.In this paper, ARP spoofing theory and the existing defense methods are discussed. In order to defend against ARP spoofing attacks and improve network security, we studies on the defense methods for ARP spoofing from theoretical basis, experimental verification, system implementation and so on. The main work is as follows:Firstly, the related theory of ARP, such as OSI/RM, TCP/IP, Ethernet, IP address and MAC address, are introduced. Then this paper focuses on the operating mechanism of ARP, including ARP cache, ARP frame structure and packet structure, the process of ARP request and reply, Deputy ARP and Free ARP. Secondly, the principle of ARP attacks and the classification of ARP spoofing are analized, and we compare ARP spoofing with traditional attacking methods. In order to obtain the characteristics of ARP protocol in Windows OS, the application ARPTable is developed to browse ARP cache instead of ARP commands. Based on a lot of experimental results, the least number of correct content keywords has been obtained, which can lead to ARP spoofing in Windows XP sp2. As well, the four characteristics of ARP in Windows OS are summarized, so we can conclude that Windows OS has no test on the reliability of the cache content before updating ARP cache while it receives ARP Request and Reply packet. Thirdly, according to the above flaw, a client-server model defending against ARP spoofing is proposed, which suits those LANs with low-end switches and can improve their security. Finally, a defense system is designed. It could be used in medium-scale or small-scale LAN, such as computer rooms, enterprises and Internet cafes, which require an environment of higher network security. 

【中文关键词】 网络安全; TCP/IP协议; ARP协议; ARP欺骗
【英文关键词】 Network Security; TCP/IP; ARP; ARP spoofing
【毕业论文目录】
摘要 4-5
Abstract 5-6
1 绪论 9-12
    1.1 研究背景与意义 9-10
    1.2 国内外研究现状 10-11
    1.3 论文组织结构 11-12
2 ARP 协议及相关理论基础 12-24
    2.1 ARP 协议的相关理论 12-17
        2.1.1 OSI 参考模型与TCP/IP 参考模型 12-14
        2.1.2 以太网技术 14-16
        2.1.3 IP 地址与MAC 地址 16-17
    2.2 ARP 协议概述 17-24
        2.2.1 ARP 缓存 17-19
        2.2.2 ARP 报文格式与帧格式 19
        2.2.3 ARP 协议举例 19-21
        2.2.4 ARP 代理 21
        2.2.5 免费ARP 21-24
3 ARP 欺骗分析与测试 24-39
    3.1 ARP 欺骗原理 24
    3.2 常见的ARP 欺骗 24-26
        3.2.1 中间人欺骗 24-25
        3.2.2 IP 地址冲突 25
        3.2.3 一般主机欺骗 25-26
    3.3 ARP 欺骗与传统攻击方式的区别 26
    3.4 ARP 测试程序—ARPTable 26-28
    3.5 Windows 环境下的ARP 欺骗测试与分析 28-38
        3.5.1 IP 地址冲突的ARP 请求和应答实验 29-30
        3.5.2 假冒网关欺骗的ARP 请求和应答实验 30-33
        3.5.3 ARP 请求过程实验 33-35
        3.5.4 ARP 应答过程实验 35-38
    3.6 实验结果 38-39
4 一种防御ARP 欺骗系统模型的设计 39-47
    4.1 现有防御ARP 欺骗方法分析 39
    4.2 系统的设计思想 39-40
    4.3 系统设计框架 40-41
        4.3.1 服务器端设计 40
        4.3.2 客户端设计 40-41
    4.4 系统采用的主要算法及流程图 41-46
        4.4.1 ARP 报文头信息检验 41-42
        4.4.2 ARP 报文过滤 42-45
        4.4.3 客户端报文过滤流程 45-46
    4.5 总结 46-47
5 防御系统的设计与实现 47-58
    5.1 ARPWeb 网站的设计与实现 47-53
        5.1.1 ARPWeb 网站整体结构设计 47-48
        5.1.2 数据库的设计 48-49
        5.1.3 数据访问层的设计与实现 49-50
        5.1.4 获取注册主机IP 地址和MAC 地址的设计与实现 50-51
        5.1.5 系统实现效果 51-53
    5.2 ARPServer 程序和ARPClient 程序的设计与实现 53-56
        5.2.1 ARPServer 程序设计 53-55
        5.2.2 ARPClient 程序设计 55-56
    5.3 系统信息获取程序的实现 56-58
6 总结与展望 58-60
    6.1 总结 58
    6.2 展望 58-60
参考文献 60-63
在读期间发表的学术论文 63-64
作者简介 64-65
致谢 65