| With the increasing popularity of Internet, every network technology develops quickly. There are many problems on security while network applications such like Electronic Commerce and banks based on the network make people' life pleasing, so Firewall and Intrusion Detection are being the focus of all researchers. Intrusion Traceback is the crucial active response technology of Intrusion Detection, people expect to gain the real address of one attacker with Intrusion Traceback in order to make the attacker answering for his attacking and deter other spiteful people.This thesis brings forward new right technology in order to solve the Ethernet attack tracing problem based on windows system, while summarizing all technologies of Intrusion Traceback and analyzing merits and flaws of every technology on the basis of current network. This thesis constructs a network model for Ethernet attack tracing problem based on windows system, and implements packet capturing technology based on NDIS Intermediate Driver, accomplishes protocol analyzing and signature matching after packets are captured, and builds tracing information. According to whether the addresses in IP headers are tampered, all attacking are classed into cheat attacking and non-cheat attacking;and according to whether there are computers controlled by attacker, all attacking are classed into landing-stone attacking and non-landing attacking. This thesis builds right method in order to solve three attacking above. All which depend on network addresses gained from the IP header of packets on attacked targets, and accomplish connections of attacking paths, and find the real address of attacker. The tracing methods are effective by a series of experiments. At last, this thesis transfers network addresses which are gained from tracings into real address information with whois-query technology and programs-detecting.So this thesis accomplishes Ethernet attacking tracback based on windows system in the basis of other traceback technologies. |
PDF Full Text Request