摘要
网络侦听是采用网络搭线等信号拾获方法,使用网络探针采集网络线路上的所有数据
包并进行过滤。协议分析包括对数据包各层结构的分析,以提取地址、负载等信息;对数
据报重新汇集,还原为传输流,分析出传输的实质内容等。网络侦听和协议分析具有广泛
的应用,是实现网络流量记录和分析、网络事件记录、侦听网络数据通讯、网络入侵检测
的基础。
本论文首先研究了以太网的网络搭线、信号拾获技术,UNIX操作系统上数据包捕获
的编程方法。我们讨论了网络窃听带来的危险和可行的防范措施。
在研究以太网的网络侦听技术,因特网流量计费技术的基础上,我们开发了一套基于
网络侦听的流量计费系统。这套流量计费系统具有统计准确、稳定可靠、支持高速宽带网
络(快速以太网)、成本低廉、配置灵活、容易客户化、与网络设备无关等优点,普遍适用
于各种校园网(园区网)。这套系统已经成功运用于暨南大学校园网,是暨南大学校园网网
络管理的一个有力的工具。
本论文分析介绍了IP数据报分片重组,TCP流重组的算法和它们在LIBNIDS(网络入
侵检测系统函数库)中的实现。我们研究和实现了因特网邮件传输协议SMTP的协议分析技
术,邮件消息的解码方法。进一步讨论了因特网邮件传输服务攻击的监测和防御方法。研
究成果可以应用于监听邮件通讯、邮件传输事件记录和防范邮件系统的入侵等方面。
Network Interception and protocol analysis are useful technologies for network management, such
as network traffic monitoring, network event logging, network intrusion detection, etc.
We study the wiretap of Ethernet and packet capture programming on UNIX platform. We develop
an Internet traffic accounting system based on packet capture technology. The Internet traffic
accounting system has been proved to be accurate, reliable and stable, support up to lOOM fast
ethernet, cheap and flexible, network router independent. So that it can be deployed in various
campus networks. The system has been serving the Jinan University campus network for more
than one year. It is a great help of network management.
We analyse and introduce the algorithms of IP datagram reassembly and TCP stream reassembly
and the implementation of LIBNIDS. We study protocol analysis of Simple Mail Transfer Protocol,
message decoding then further discuss Internet mail transfer intrusion detection and protection by
listening SMTP streams. These technologies can be deployed in email interception, email transfer
logging, email service intrusion detection and protection.
引文
1.Douglas E.Comer,David L. Stevens著;林瑶,蒋慧,杜蔚轩译;《用TCP/IP进行网际互连 第一卷 原理、协议和体系结构》;1998;北京:电子工业出版社
2.Douglas E.Comer,David L. Stevens著;张娟,王海译:《用TCP/IP进行网际互连 第二卷 设计、实现和内部构成》;1998;北京:电子工业出版社
3.周明天,汪文勇,《TCP/IP网络原理与技术》;1993;北京:清华大学出版社
4. David D. Clark; RFC: 815 IP DATAGRAM REASSEMBLY ALGORITHMS; 1982
5. N. Brownlee: Reference Manual NeTraMet & NeMaC v4. 3; 1999
6. N. Brownlee: Internet Traffic Measurement: an Overview; 1999
7. C. Mills, D. Hirsh, G. Ruth; RFC: 1272 Internet Accounting: Background; 1991
8. N. Brownlee, C. Mills, G. Ruth; RFC: 2722 Traffic Flow Measurement: Architecture; October 1999.
9. N. Brownlee; RFC: 2720 Traffic Flow Measurement: Meter MIB; October 1999
10. N. Brownlee; RFC: 2123 Traffic Flow Measurement: Experiences with NeTraMec; 1997
11. N. Brownlee; RFC: 2723 SRL: A Language for Describing Traffic Flows and Specifying Actions for Flow Groups; 1999
12. The Internet NG Project Work Unit 5 - Internet Accounting; (URL: http://ing.ctit.utwente.nl/WU5/)
13. Neal Nuckolls; How to Use DLPI; 1991
14. Jonathan B. Postel; RFC: 821 SIMPLE MAIL TRANSFER PROTOCOL: 1982
15. David H. Crocker; RFC: 822 STANDARD FOR THE FORMAT OF ARPA INTERNET TEXT MESSAGES; 1982
16. N. Freed, N. Borenstein; RFC: 2045-2049 Multipurpose Internet Mail Extensions; 1996
17.罗勇辉,张会汀,薛沛林:《NeTraMet System 和流量计费系统开发》;2000:上海:CERNET2000学术年会论文集
18. Iplanet Technical Document: Introduction to SSL; (URL: http://docs.iplanet.com/docs/manuals/security/sslin/contents.htm)
19. Robert Graham, Sniffing (network wiretap, sniffer) FAQ;(URL: http://www.robertgraham.com/pubs/sniffing-faq.html)
20.李少凡,汪为农;《网络侦听器的实现及其优化》;1998;上海交通大学学报第 32 卷第10期
21.蒋东兴,戚丽,李莉;《计算机开放实验室的网络计费》;实验技术与管理,1999年增刊
22. Cabletron System Inc.; SmartSwitch Router User Reference Manual; 2000
23. Cabletron System Inc.; SmartSwitch Router Command Line Interface Reference Manual; 2000
24. Cabletron System Inc.; ETHERNET TECHNOLOGY GUIDE; 1997
25. Cisco System Inc.; The Internetworking Technology Overview; 1999
26. Martin W. Murhammer, Orcun Atakan, Stefan Bretz, Larry R. Pugh, Kazunari Suzuki, David H. Wood; TCP/IP Tutorial and Technical Overview; International Technical Support Organization; 1998
27. (美)无名氏著;王锐,陈靓,若明,周刚译;《网络最高安全技术指南》;1998;机械工业出版社
28. Vern Paxson, Network Research Group, Lawrence Berkeley National Laboratory; Bro: A System for Detecting Network Intruders in Real-Time; 1998
29. Thomas H. Ptacek, Timothy N. Newsham; Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection; 1998
30. John D. Howard, Thomas k. Longstaff; A Common Language for Computer Security Incidents; 1998; Sandia National Laboratories
31. Wietse Venema, Mathematics and Computing Science, Eindhoven University of Technology; TCP WRAPPER Network monitoring, access control and booby traps
32. SSH Communications Security Corp, Finland. SSHSecure Shell for UNIX Servers Administrator′s Guide; 2000
33. SSH Communications Security Corp, Finland. SSHSecure Shell for Workstations Windows Client Version 2.4: User Manual; 2000
34. Gary Ford, Julia Alien, Christopher Alberts, arbara Fraser, Eric Hayes, John Kochmar, Suresh Konda, Klaus-Peter Kossakowski, Derek Simmel, Dwayne Vermeulen; Securing Network Servers; 1999
35. Robert Firth, Gary Ford, Barbara Fraser, John Kochmar, Suresh Konda, John Richael, Derek Simmel, Lisa Cunningham; Detecting Signs of Intrusion; 1997