摘要
随着互联网的发展,网络安全形势日趋严峻。骨干网是互联网发展的基石,其核心设备路由器一旦受到攻击,不能正常运行,网络的性能将受到很大影响,甚至瘫痪。
网络攻击和安全紧密联系,只有掌握了攻击原理、过程、危害,才能制定完善的安全策略。
本论文所涉及内容是项目“国家242信息安全计划——骨干网路由器和交换机的安全检验方法研究”的重要组成部分。论文首先分析了我国互联网、骨干网的发展现状,目前网络的主要安全威胁;阐述了研究骨干网路由器攻击方法的目的和意义,以及国内外研究现状和发展趋势。接着介绍了骨干网路由器的现状、体系结构特点、软件系统和安全功能。在此基础上结合攻击分类标准,提出了具有骨干网路由器特色的攻击分类方法,并深入研究了各类攻击的原理、步骤和危害。最后设计实现了两种骨干网路由器攻击方法,即大流量攻击和RIP欺骗攻击,并进行了测试,给出了测试结果。本论文的工作为骨干网路由器安全策略和检验标准的制定提供了依据。
With the development of Internet, the network security becomes more and more important. Backbone network is the foundation of Internet. Attacking Backbone router, the core equipment of backbone network, can affect the capability of the network, even make it breakdown.
Network attack technology is relative to security closely. We can constitute good security strategy after we master the principle, process and harm of attack.
The content of this thesis is an important part of“Research of Security Verifying Methods for Backbone Routers and Switches”, which is one of the National 242 Information Security Projects. The thesis is organized as follows. First, it analyzes the status quo and threat of Internet and backbone network, the aim and significance of researching attacks. It also analyzes the status quo and developing direction of this research. According to the analysis of the backbone router’s status quo, architecture, software system and security and the attack technology classification standard, this thesis puts forward a new method to classify the attack technology, which fits for backbone routers, and then it researches the principle, process and harm of every class of attacks. Finally, it designs, implements and tests two methods used for attacking, which named traffic flooding attacks and RIP spoofing respectively. The work of this thesis provides gist for constituting the security strategy and testing standard.
引文
[1] 中国互联网信息中心 中国互联网络发展状况统计报告[Z]. 2006.01
[2] 公安部 2006 年度全国信息网络安全状况暨计算机病毒疫情调查结果[Z]. 2006.08
[3] 朱培栋. 高性能路由器[M]. 北京 :人民邮电出版社 2005. 22 页
[4] YD/T 1359-2005 路由器设备安全技术要求-高端路由器(基于 IPv4)[S].
[5] ICOVE D, SEGER K, VONSTORCH W. Computer Crime: A Crimefighter's Handbook. O'Reilly & Associates[J]. Inc. 1995.
[6] Derek Atkins, Paul Buis, Chris Hare, Robert Kelley, Carey Nachenberg, Anthony B.Nelson, Paul Phillips, Tim Ritchey, and Willam Steen. Internet Security Professional Reference[J]. New Riders Publishing, IN, 1996.
[7] HOWARD J. An Analysis of Security Incidents on the Internet[J]. USA: Carnegie Mellon University, 1997.
[8] A Taxonomy of Computer and Network Attacks[EB/OL]. http://www.cert.org/research/JHThesis /Chapter5.html
[9] W.Richard Stevens. TCP/IP 详解 卷 1:协议[M] 北京:机械工业出版社 2000. 71 页~81 页
[10] M.St.Johns RFC1413 “Identification Protocol”[S]. February 1993
[11] J. Reynolds RFC959 “FILE TRANSFER PROTOCOL (FTP)”[S]. October 1985
[12] CISCO 路由器 ICMP 重定向路由表修改漏洞[EB/OL]. http://www.nsfocus.net/vulndb/4381
[13] draft-ietf-rpsec-routing-threats-07 “Generic Threats to Routing Protocols”[S]. October 25, 2004
[14] draft-ietf-rpsec-bgpattack-00 “An Attack Tree for the Border Gateway Protocol”[S]. February 26, 2004
[15] Sean Whalen, Matt Bishop, Sophie Engle. “Protocol Vulnerability Analysis” [J]. May 6, 2005
[16] Telnet 远程拒绝服务漏洞[EB/OL]. http://www.cisco.com/warp/public/707/cisco-sa-20040827-telnet.shtml
[17] 多家厂商 SNMP 实现中 SNMPv1 请求处理存在多个安全漏洞[EB/OL]. Cisco http://www.nsfocus.net/vulndb/2319
[18] Cisco IOS 软件 SNMP 读写 ILMI 共同体字串漏洞[EB/OL]. http://www.cisco.com/warp/public/707/ios-snmp-ilmi-vuln-pub.shtml
[19] K.Sollins RFC1350 “The TFTP Protocol (Revision 2)”[S]. July, 1992
[20] Cisco IOS TFTP 服务超长文件名远程缓冲区溢出漏洞[EB/OL]. http://www.cisco.com/warp/public/707/ios-tftp-long-filename-pub.shtml
[21] Cisco TFTPD 1.1 存在目录遍历漏洞[EB/OL]. http://www.cert.org.cn/articles/bulletin/common/2001061916355.shtml
[22] Cisco SSH 超大数据包远程拒绝服务攻击漏洞[EB/OL]. http://www.cisco.com/warp/public/707/SSH-scanning.shtml
[23] 卿斯汉 蒋建春. 网络攻防技术原理与实践[M] 北京:科学出版社 2004. 108 页~123 页
[24] Mark Wolfgang “Exploiting Cisco Routers” [EB/OL]. 2003-09-29
[25] 张宏科 张思东. 路由器原理与技术[M] 北京:国防工业出版社 2003. 71 页~109 页