Design And Implementation Of IP Routing Protocol Vulnerability Analysis And Detection System

Nowadays,the Internet which is widespreadly used is based on IP protocol.After several decades of development,it has become the bearer of human society and played an increasing important role in political,economic,cultural and other aspects.The IP routing protocol is one of the most important basic protocol in a series of network protocols,which is applied to ensure the safe,stable and reliable operation of the network.Therefore,study of routing protocol vulnerability is of great significance.In the practice of network security,these are lots of network attacks using routing protocol vulnerability,hence,research of routing protocol vulnerability applications has practical significance.Based on RFC standard and its related security mechanismand the two major categories of the internal gateway routing protocol and the external gateway routing protocol,this thesis analyzes the protocol message format,the protocol security flawand the security vulnerability.Feasible routing attack model and the vulnerability detection system are also studied.The test environment is built to verify the attack model.In the two test environments,the differences of implementation details and vulnerability application between the OSPF and BGP protocols running on Cisco and Ruijie routers are discussed.Six kinds of OSPF denial-of-service attack models,three kinds of BGP denial-of-service attack models,as well as OSPF and BGP man-in the middle attack model are designed by using the vulnerability detection system.At the same time,the image traffic on the router is collected.Through the analysis of the data packet,the state of the network is displayed graphically,and the network attacks are tested and displayed.In the practice of network security,the network attacks using routing protocol vulnerability emerge in an endless stream.The application and detection system designed in this thesis has high reliability in the test,and the attack model has a certain versatility.The results can provide ideas and methods for the research of network space operations.The corresponding strategy and attack can be taken for enemy specific systems.This thesis has practical significance for the construction of network defense.