基于TCP/IP协议的网络教学系统设计
Design of the Network Teaching System Based on TCP/IP Protocol
曹琼 彭博 黄智哲 霍兆丹
通过对高校网络教学现状的调查与分析,提出了总体的设计目标以及设计方案,包括系统运行环境以及系统展现内容.系统采用C/S模式,通过主机与客户机发送数据包,利用网络包截获的相应技术以及包过滤等策略,对特定的数据包进行分析,将各类协议首部用的二进制代码展现,可更直观的看到网络传输的具体方式,同时可将二进制代码转换为十进制,使系统具有更强的可视性.[著者文摘]
Through the survey and analysis of the network-based teaching in colleges and universities, puts forward the overall design purpose and the design scheme including operating environment and the system display content. The system is of Client/Server mode, which analyzes specific data packet by using host PC and client PC to send data packet and using the technology intercepted by network packets and packet filtering strategy, and uses the binary code to display the different network protocols. Thus, the concrete ways of the network transmission can be seen more directly. Meanwhile, the change of binary code into decimal code makes the system more visible.[著者文摘]
一种基于IPv6防火墙的多维IP分类算法
罗蔚 刘乃琦
本文首先介绍了目前几种主要的IP分类算法以及其在IPv6环境中的适用性。然后分析了IPv6环境对IP分类算法的需求,并按这样的需求设计实现了一种IPv6环境下的支持范围匹配的多维IP分类算法,介绍了算法的基本思想,数据结构,预处理过程以及IP分类过程。最后分析了该算法在IPv6环境下的适用性。[著者文摘]
基于Linux的TCP/IP协议栈安全性研究
The Research of the TCP/IP Protocol Security Based on Linux
张毅[1] 董云艳[2]
本文重点研究目前主要的网络安全威胁以及internet在基础协议-TCP/IP协议中存在的安全问题。提出在Linux内核上实现杜绝漏洞的思路和解决办法。并给出了linux操作系统netfiher的原理和实现方法。[著者文摘]
This paper had researched the menace on the network and those security problems existing in the TCP/IP protocols. Through the study, had presented the method and ways to resolve the question in kernel.Besides that, this paper has described the principle and realization of netfiher in Linux os.[著者文摘]
在IP包过滤中状态TCP包的过滤研究与设计
原箐 卿斯汉
IP包过滤防火墙是构造整体网络安全系统的必不可少的部分。传统的IP包过滤防火墙有许多的缺陷,解决方法之一是使防火墙具有状态过滤能力。以TCP为例,状态过滤机制不仅能根据ACK标志和源、目的地址及端口号进行过滤,还能根据TCP包里的序列号和窗口大小来决定对该包的操作。这样可以防止一些利用TCP滑动窗口机制的攻击。在IP包过滤里加入状态过滤机制不仅能阻止更多的恶意包通过,还能提高IP包过滤的过滤速率(这对防火墙来说是很重要的)。
与移动节点无关的Mobile IP架构
Implementation of Mobile IP Independent of Mobile Node
谢云 韩国强
在WLan中,移动节点MN(Mobile Node)在Access Point(AP)间的漫游通常是通过二层网络实现。随着网络扩大,二层的广播包会降低系统性能。RFC3344提出的Mobile IP架构使得三层网络的漫游成为可能。但是,RFC3344作为一种通用的解决方案,直接集成到WLan中,其定义的一些服务与802.11定义的服务在功能上存在重叠。同时,RFC3344要求MN提供相关的支持,这限制了协议适用范围。在RFC3344的基础上,提出了一种Mobile IP在WLan中的实现方式,通过对DHCP消息过滤,实现对MN位置的跟踪。此实现基于在Internet中广泛使用的服务,同时独立于MN的实现,具有很好的实用价值。[著者文摘]
Most WLan enables the roaming function by the layer-2 switch.As the network extends,the broadcast packet will impact the network greafly.RFC3344 provides a new architecture,mobile IP,which supports the roaming functionality in a layer-3 network.Being a general solution,there are some redundancy functionalities,when WLan integrates the roaming mechanism directly.Meanwhile,the Mobile Node (MN) of WLan is required to provide support to RFC3344,which impact the deployment of RFC3344.In this paper,a new implementation of RFC3344 is present.Based the existing feature of WLan,the method can trace the location of MN by filtering the DHCP offer.Taking advantage of popular IP facility,the method is easy to deploy.[著者文摘]
IP网络行为库的研究与应用
张帆
本论文针对现有被动式的网络安全技术,以不“侵害”网络中其他用户为目的,采用主动式防护和监管策略,从源头上过滤非法的网络数据包,识别和阻止非法的网络行为,对内部网络安全隐患进行有效的控制,提高内部网络使用的安全性,真正保障每一位网络用户在自己的权限范围内合法使用内部网络。[著者文摘]
网络流量均衡负载策略的分析与简单控制技术
Network Current Capacity Balanced Load Strategy Analysis and Simplecontrol Technology
胡凡玮
本文从低到高逐层描述链路层、IP层、传输层、应用层的流量特征。综合考虑,系统实现IP网络可运维、可管理、具有QoS保证的多业务承载平台。[著者文摘]
This article from lowers describes the link level, the IP level, the transmission level, the application level current capacity characteristic. Then synthesis considered, the systemrealizes the IP network to be possible to transport Uygur and manage,have the QoS guarantee the multi-services load bearing platform.[著者文摘]
基于认证的反射DDoS源追踪新方案研究
New research on DDoS/DRDoS attacks IP traceback based on HMAC
胡志刚 戴诏 张健
利用基于密钥集序列的消息认证码理论,以动态概率包标记和现代代数理论为基础,针对当前危害甚大的分布式反射拒绝服务攻击,提出了一种新的基于认证的源IP追踪方案。通过采用一种新的动态概率序列,既达到了较高的追踪收敛率,又能有效过滤掉攻击者伪造的垃圾数据包。采用基于密钥集序列的HMAC算法,对标记信息进行认证,防止攻击者修改已有的标记信息,达到较高的安全性和抗干扰性。[著者文摘]
Based on the Keyed-Hashing for Message Authentication (HMAC) with Key Collection Exposure, Dynamic Probahilistic Packet Marking and modem algebraic theoretics, a new Authenticated IP Traceback Scheme against DRDoS/DDoS was proposed. The results show that the scheme can achieve greater astringency and higher efficiency by adopting a new dynamic probability value sequence, and prevent the marking information from being tampered by using HMAC for authentication, thus this scheme is secure and robust.[著者文摘]
校园网ARP攻击及防护
陆玉阳
当校园网内某台主机感染ARP病毒后,就会启动ARP欺骗的木马程序,造成网络刚开始时断时续,最终导致网络瘫痪,影响用户正常使用网络。本文从ARP原理出发,根据ARP病毒攻击原理,利用交换机带有的ARP技术来对ARP病毒进行有效的解决提供一些方案。[著者文摘]
构建MPLS与移动IPv6结合的模型
Combination of Mobile IPv6 and MPLS
安华萍 李均涛 王朝晖
结合移动IPv6 MPLS(Multiprotocol Label Switching)的几种方案,分析它们各自的优缺点后提出一种改进的基于MPLS(多协议标签交换技术)的移动IPv6动态分级结构的模型。在MPLS网络中引入了多个网关外地代理GFA,保留了基于MPLS的移动IPv6分层结构局部注册的优点,改进了其依靠单个网关接入核心网的缺点.[著者文摘]
Some schemes for the combination of Mobile IPv6 and MPLS are presented. After analyzing their advantages and disadvantages, we bring forward one sort of improved mobile IPv6 dynamic hierarchical structure based on MPLS. This structure brings into several gateway foreign agents, and holds part registering and improves depending on single gateway of the former hierarchical FA structure.[著者文摘]