Study And Implement On Distributed Multilayer Network Scanning System Using HTTP Tunnel

With the development of computer network technology, network security problems become more and more prominent. Network Scanning technology is one of important technologies of network security , but it is hindered by the deployment of the Firewall and Network Intrusion Detection System(NIDS). So whatever in network attack or in network management, it is significant to research Covert Network Scanning(CNS) technology. This thesis focuses on doing research on CNS technology, and it aims at making three major contributions:Firstly, Chunk Binary Algorithm(CBA) is presented, because IP packet header identification(IPID) CNS performs scanning through the spoof host, its scanning speed is slow down and cannot scan with multi-thread. The target ports are divided into several chunks, then binary scan ports in every chunk. In each chunk the binary scanning length is different, which is decided by the host ports open rules. So IPIDCNS can perform scanning many ports simultaneous, the scanning speed and correctness can be improved increasingly. The performance test results show that CBA is the most suitable algorithm of IPIDCNS.Secondly, the architecture of Distributed Multilayer Network Scanning System using HTTP Tunnel (HT-DMNScan) is presented. In this covert scanning architecture, scanning part is a layer, and real scanner is another layer, this two layers are connected by one middle layer or multilayer. The two layers communicate with HTTP Tunnel technology. So their communication can't be blocked by firewall, and it can hide the real scanner, the covert scanning can be performed successfully.Thirdly, HT-DMNScan is designed and implemented using object-oriented designed method, the sub-system of scanner, control, and configuration are designed and implement in detail. In the design of IPIDCNS sub-system CBA, stack data structure is applied which eliminates the recursion in the algorithm. HTTP tunnel server of control sub-system adopts Winsock asynchronous I/O WSAEventSelect model. All data of HTTP tunnel is encrypted with DES algorithm. The communication flow of HTTP tunnel is also designed and implemented in detail. The test of HT-DMNScan shows that: the system not only has the ability to scan but also has ability to perform convert scan successfully and it can scan the local network through firewall.In conclusion, designing the Network Scanning architecture and scanning algorithm has important meaning in Covert Network Scanning. The HT-DMNScan has been applied in a national project.