| With the developing of Internet, secure proplem of Internet gets more and more attention today. Lots of network attack methods are discovered. In these methods, route attacks which make use of the vulnerability of route protocol affect the Internet more seriously: the impact is caused by the larger range of route attack, more consuming to recover from damage, and little protect method to deal with the route attack. So it has more important theoretics value and practical meaning to study the method of route attack and its protection technology.The paper introduces IP protocol, related standard and secrure characteristic of RIP, OSPF and BGP. Method and principle of attack to these route protocols is summarized.Vulnerability of three route protocol—RIP, OSPF and BGP, is analysed according to RFC criterion and some known methods of route attack. A method of circle path attack in RIP is proposed and the vulnerability of the virtual link of OSPF is analysed.According to the vulnerability of RIP, OSPF and BGP, a route packet check and filter system is designed. Technology of secure examining of route packet content, access control and hashing algorithm for protocol state is deeply studied. The system can check the content of RIP, OSPF, BGP packets, and defend source route attack, buffer overflows attack by use of security policy of route rule access control. The session state of route protocols is maintained, and the searching efficiency of session state is improved. The operation information of the system is logged to be audited.The route packet check and filter system is implemented . Through the packet check model of BGP protocol, paper gives the flow of checking packet program and policy matching.In a real application environment, the function of route packet check and filter system is tested and confirmed. Finally the prospect of the route attack and protection technology is given. |
PDF Full Text Request