ARP防攻击解决方案技术白皮书
近期,很多校园网络都出现了ARP攻击景象。严重者乃至形成大面积网络不能正常访问外网,校园深受其害。H3C企业基于ARP攻击的特色,给出了有效的防ARP攻击管理方案。要管理ARP攻击问题,首要有必要理解ARP欺骗攻击的类型和原理,以便于更好的防范和预防ARP攻击的带来的危害。1.1ARP攻击概述1.2ARP攻击的类型1.2.1网关仿冒1.2.2欺骗网关1.2.3欺骗终端用户2管理方案介绍2.1认证模式2.1.1整体思路2.1.2防ARP攻击管理机制及过程2.2DHCP监控模式2.2.1整体思路2.2.2相关技术2.3设备管理过程2.3.1DHCPSnooping表项的建立与老化2.3.2ARP侵/入检测功能ARP防攻击管理方案技术白皮书.doc
(Recently, ARP attacks have appeared on many campus networks. In severe cases, a large area of ??the network cannot be accessed normally, and the campus is deeply affected. Based on the characteristics of ARP attacks, H3C enterprises provide an effective anti-ARP attack management scheme. To manage ARP attacks, it is necessary to understand the types and principles of ARP spoofing attacks, so as to better prevent and prevent the harm caused by ARP attacks. 1.1 ARP attack overview 1.2 Types of ARP attacks 1.2.1 Gateway impersonation 1.2.2 Spoofing gateway 1.2.3 Spoofing end users 2 Management scheme introduction 2.1 Authentication mode 2.1.1 Overall idea 2.1.2 Anti-ARP attack management mechanism and process 2.2 DHCP monitoring Mode 2.2.1 Overall idea 2.2.2 Related technologies 2.3 Device management process 2.3.1 Establishment and aging of DHCP Snooping entries 2.3.2 ARP intrusion/intrusion detection function
ARP Attack Defense Management Solution Technical White Paper.doc)
页:
[1]