计算机工程与应用 ›› 2007, Vol. 43 ›› Issue (17): 119-122.

• 网络、通信与安全 • 上一篇    下一篇

小IP报文攻击的入侵检测方法研究

卞小香,张晓山,刘星成   

  1. 中山大学 电子与通信工程系,广州 510275
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2007-06-11 发布日期:2007-06-11
  • 通讯作者: 卞小香

Study on intrusion detection for the small IP packet attack

BIAN Xiao-xiang,ZHANG Xiao-shan,LIU Xing-cheng   

  1. Department of Electrical and Communication Engineering,Sun Yat-Sen University,Guangzhou 510275,China
  • Received:1900-01-01 Revised:1900-01-01 Online:2007-06-11 Published:2007-06-11
  • Contact: BIAN Xiao-xiang

摘要: 入侵检测技术是网络安全领域中的新技术,但它发展还不成熟,很多攻击方法利用它的缺陷进行攻击。其中小IP报文攻击利用Windows和Linux对有数据重叠的报文处理方式不一样进行攻击。论文提出了小IP报文攻击的入侵检测方法,并采用Snort工具进行实验,使得Snort和被保护主机对有数据重叠的报文的处理方式一致,从而使Snort发生误报、漏报的次数明显减少,为实现网络安全提供了有益的借鉴。

关键词: 网络安全, 入侵检测, IP报文攻击

Abstract: Intrusion detection technology is a new technology in network security area.However,it is still very immature.Many malicious network attack methods make use of its drawbacks to initiate attacks.Small IP packet attack makes use of the difference between Windows and Linux when they deal with the data-overlapped packets.This paper puts forward a method that detects IP packet attacks,performs an experiment using Snort,and makes Snort act the same way as the protected host when they deal with the data-overlapped packets.As a result,the times that Snort misinforms or fails to report attack reduce.The approach provides useful reference for constructing secure network systems.

Key words: network security, intrusion detection, IP packet attack