| Today during the rapid development of computer network technology, network security is regarded as more and more important. Illegal external link detecting system is an effective means of solving network security problems. In a number of internal network with higher security level, network managers often implement physical isolation between the internal network and the public information network. But there are some illegal external link mainframes, which become a great threat on the internal network information security. At present, according to security sector's surveys, of the loss to the computer network caused by the security incidents, more than 70% came from the internal network, including illegal external link behavior of insiders. This paper will give out an illegal external link detecting system based on routing deception to monitor the illegal external link behavior in the internal network. Based on the research of the system background, the relevant theory and the development of the status quo at home and abroad of the illegal external link detecting system。the paper focuses on analyzes on the key technology of the IELDS. Based on the research of the routing technology and operating system, combined with a full investigation of the system requirements, the paper analyzes and designs the technology scheme of IELDS. The scheme adopts the method of adding pseudo routing in the network router(or the 3-layer switch).As scanning packets do not need forged source address, thus it can avoid being filtered by the configured router ACL. This scheme has overcome the shortcomings of existing methods. In accordance with various internal network structures, the writer has designed various deployment plans, including the distributed implementation in a complex internal network. At the technical aspect, the writer has implemented the six function module including the detecting of IELDS, packets analyzing, log processing, alarming, log database maintenance and ARP blocking. At last, the writer summarizes the process of the developing, testing and performance analysis of the system on the whole, and looks to the development trend of the illegal external link detecting system based on the routing deception.The system uses the routing deception technology, and implements function of external link detecting. Especially the implimentation based on the Web page solves the problems of trouble updating and maintenance in the C/S structure client. Moreover, the management for logs of the database module provides a good support for the security audits work, which makes the system have good scalability, reusablility and maintainability. After repeated tests, the system runs stable and the result is good. |