| With the rapid development of Internet, network profoundly influences many fields of society. While people enjoy the convenience and great efficiency brought by the Internet, their computers are exposed to all kinds of attacks and intrusion. Port scan is the critical step of network intrusion. Hence it is very important to protect us from the kind of attack.At present, the common method of port scan is to construct a data packet which has been in a state of closure responds for the abnormal data packets which we have received. However, if a TCP connection required data packet, with such protection technology, host information will lead to Information leakage. About the problem, a number of solutions had been proposed. But the have different defects, for example: network security researchers George Kurtz put forward a way to reduce occurrence of the port scan by limiting the range of IP addresses. However, if the invaders use IP spoofing to send a TCP-SYN connection to require data packet, this problem still exists.To solve the above problems, this paper proposes a novel port scan protection technology based on state inspection. By constructing a state of an opening port, we could analyze the action of scan and response with a mock answer, which let attackers lose the actual information of a host. In addition, for performance reason and the ability to integrate with firewall, we implement the port scan protection technology on firewall. The entire system couldrun as a plug-inof a firewall or independently.In this paper, at first, it described firewall related technology and capture technology of data packet in the windows operation system. Then it presented the structure of system design and implementation of the related modules. At last, it gave the result of the system test and analysis, which proved the correctness and feasibility of the port scan protection technology. This made a solid foundation for future work. |
PDF Full Text Request