Design And Realization Of Network Security Scanner On Windows

With the rapid develepment of computer network in China, the probability ofhacking attacks getting higher, network security is paid more and more attention bypeople.While a widespread existence of security vulnerabilities in host systems andnetwork devices becomes the most direct threat for hacker attack.Therefore, the studyabout scanning technology for the discovery of potential vulnerabilities in system is ofgreat significance.On the basis of introducing the often used key technologies in scan tool includingport scanning, operating system identication and vulnerability scanning, this paperstudies the realization principle in kernel of SYN semi-connected scanning method indepth and analyzes the reason of common port scanning method restricted under SP2system. In addition, the paper introduces the function of NDIS protocol driver inWindows system network protocol stack. Aiming at some deficiencies in current scantools, the paper designed a network security scanner (W-NSS) runned under Windows,overall structure model of W-NSS was given and the design of every functionalmodule was also described in detail.In order to finish scanning TCP ports in the module of port scan, a method ofSYN port scan based on NDIS protocol driver was presented to solve the problem ofrestricting the use of raw socket to send TCP datagram under SP2. In the module ofoperating system identification, this thesis used the ICMP protocol stackfingerprinting technology through the method of fuzzy matrix statistical analysis todetermine the type of the remote operation system. In the module of vulnerability scan,we adopted the script plug technology and used NASL script language to programsimulation attacking codes in order to finish testing vulnerability. In addtion, astrategy based on testing type and dependence port of vulnerability was prestented toclassify all script plug-ins. Therefore, according to the results of the port sanning andthe operating system identification module, we can select targetedly plug-ins fromvulnerability plug-in database. So it not only can reduce the number of unrelatedplug-in loading, but also convenient for vulnerability plug-in library functionextension.Finally, experimental results show that SYN port scanning method based onNDIS protocol driver was feasible and the functional capacity updated was very easytoo. Meanwhile, detailed report of vulnerability scanning can provide importantreference for administrator to maintain system’s security.