| Hacker must collect information about target to find out tacking methods and ways before tacking, port state and OS type are the most important information for hacker, because they give hacker tacking access to target. So, detection against port scanning and OS scanning is a deservable research subject in IDS(intrusion detection sysytem) and intrusion pre-caution system.The paper analyzes all port scanning techniques and port scanning principles fundamental, summarizes limitation of today's detection tools, presents many improving measures: multi-pthread, capturing packets by all interfaces, finishing capturing packets on benchmark, assembling IP-fragments to detect fragments scanning. Bases on these methods, the author designs and writes a on-line detection program against port scanning, and carries out many experiments, results of experiments indicate that, the program excels scanlogd, which is today's best detection tools against port scanning.The paper also analyzes Os scanning techniques, introduces sending packets and analyzing responding packets of nmap, and TCP/IP fingerprinting. The author points out the difficulties in detection against Os scanning, presents many resolving measures, such as, cleaning up false logging packets by time benchmark, distinguishing OS scanning packets from port scanning packets by TCP choosable items, logging once OS scanning, logging one for repeating information, multi-pthread, capturing scanning packets using libpcap etc. bases on these methods and measures, The author designs and writes a on-line detection program against OS scanning, the outcomes of experiments indicate that, the program can detect many computer's OS scanning at one time.Bases on these research works and other IDS, intrusion pre-caution system, the author presents and designs a on-line intrusion pre-caution system BSIPS, which can detect port scanning, OS scanning, often-seen attacks.Finally, The author sums up her research works, and points out the further research work.
|
PDF Full Text Request