| 基于NDIS的Anti-Xprobe2实现技术研究 |
| |
| 引用本文: | 马君亮,何聚厚,冯德民.基于NDIS的Anti-Xprobe2实现技术研究[J].航空计算技术,2006,36(2):67-69,73. |
| |
| 作者姓名: | 马君亮 何聚厚 冯德民 |
| |
| 作者单位: | 陕西师范大学,计算机科学学院,陕西,西安,710062 |
| |
| 摘 要: | Xprobe2通过模糊矩阵统计分析主动探测数据报对应的ICMP数据报特征,进而探测得到远端操作系统的类型.在分析Xprobe2实现机制的基础上,通过对探测数据报进行检测,并以指定的操作系统特征为模板,对输出ICMP数据报进行伪装,实现防御Xprobe2探测.基于NDIS给出了实现的体系机构,并对事件分离模块和伪装应答模块进行了详细的讨论.测试结果显示,该方案能有效的防御Xprobe2主动探测,实现了对操作系统指纹的伪装.
|
| 关 键 词: | 网络安全 NDIS 操作系统指纹 Anti-xporbe2 |
| 文章编号: | 1671-654X(2006)02-0067-03 |
| 修稿时间: | 2005年12月24 |
Research on Technology of Anti-Xprobe2 Based on NDIS |
| |
| MA Jun-liang,HE Ju-hou,FENG De-min.Research on Technology of Anti-Xprobe2 Based on NDIS[J].Aeronautical Computer Technique,2006,36(2):67-69,73. |
| |
| Authors: | MA Jun-liang HE Ju-hou FENG De-min |
| |
| Abstract: | Xprobe2 combines various remote active operating system fingerprinting methods using the ICMP protocol,and it utilizes a matrix based fuzzy logic to analyzing the results produced by various remote active operating system fingerprinting tests.Based on analyzing the mechanism of Xprobe2,this paper describes the design of Anti-xprobe2 which defenses OS fingerprinting detection of Xprobe2 by camouflaging response packets.It also gives the architecture of Anti-xprobe2 and discusses the event separator module and packets camouflage module in detail based on NDIS.The test result displays that this intermediate driver defense the detection of Xprobe2 successfully. |
| |
| Keywords: | network security NDIS OS fingerprinting anti-xprobe2 |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
