The Design And Implementation Of The IP Spoofing Defense Experimental Platform

Posted on:2013-05-06

Degree:Master

Type:Thesis

Country:China

Candidate:X H Yuan

Full Text:PDF

GTID:2268330374475434

Subject:Computer system architecture

Abstract/Summary:

PDF Full Text Request

Nowadays, with the rapid development of information technology, more and morepeople use the network to share information. A lot of data has been stored in kinds of networkequipment, providing information service through the Internet. How to ensure data availability,integrity and confidentiality has become an important issue of internet security. However, thevarious forms of network attack emerge in endlessly, has been a serious threat to the securityof the information data. IP Spoofing technology is a widely used, threatening and with highgreat deceptive network attack means, mainly used in network scanning, DOS/DDOS attacks.It is of great significane to network security, if we can effectively defend the ip spoofing.In this paper, by researching the ddomestics and international IP spoofing defense-relatedtechnology, we design and implement an IP spoofing defense experimental platform,including IP spoofing attack module, the host status monitoring module, defense supportmodule and a Web control platform. Through in-depth research Network Ingress Filtering,Hop-Count Filtering, Reflector Attack Defense, we analyze their advantages and limitation,the paper gives his own implementation basic on them. NIF cannot be detected for theshortcomings of internal fraud subnet, this paper gives the IP and MAC mapping method tosolve the shortcomings of the NIF canâ€™t detect internal deception; For updating the IP2HCtable in HCF, the paper presents a update mechanism by self-building and sending pingpackets; By constructing the mapping table of the original content and new content of the IPpackets, the paper ensuring that the application layer correctly respond to the original request.Finally, we construct experimental network and deploy defense experimental platform inthe deterlab open platform. And then make the system functional testing and performanceanalysis. The results show that, the system can correct and effective oprate, and also have agood performance, which has verified the feasibility and availability of the scheme.

Keywords/Search Tags:

IP Spoofing, DOS Defense, IP Filtering, Network Security

PDF Full Text Request

Related items

1	Research On Defense Against ARP Spoofing
2	Design And Implement Of The NFV-Based Detection And Defense System Against Routing Spoofing Attack On The OSPF Protocol
3	Research And Implementation Of ARP Spoofing Detection And Defense
4	The Research And Implementation In View Of Packet Filtering Technique In Individual Security Defense System
5	Arp Spoofing Defense System Design And Implementation
6	The Research And Implementation Of Proxy-Based Defense To DNS Spoofing Attack
7	Key Technologies For Quantitative Evaluation Of Network Security Defense System Effectiveness
8	Research On Address Spoofing Attack Traceability And Defense Mechanism In Programmable Network
9	Campus Network Environment, Network Security And Defense Research And Practice
10	Research On Large-scale Network Security Situation Assessment And Defense Technology