找回密码
 立即注册
TheARPpackets模式 | 企业管理 2022-09-10 62 0star收藏 版权: . 保留作者信息 . 禁止商业使用 . 禁止修改作品
此防火墙分为内核模式部分(kernel-model)和用户模式部分(user-model)。内核模式部分工作在NDIS定义的中间层(IntermediateDriver)上,中间层驱动,坐落微端口层(MiniportDriver)和协议层(ProtocolDriver)之间。当机器被传染ARP木马,并向外发送ARP攻击时,ARP防火墙将截获这些攻击包,这样从基本上阻止ARP欺骗包在局域网内横行。用户模式部分使用Winpcap对机器发送承受的包和局域网内的广播包进行监测,及时地提示用户。

(This firewall is divided into a kernel-mode part (kernel-model) and a user-mode part (user-model). The kernel mode part works on the intermediate layer (IntermediateDriver) defined by NDIS. The intermediate layer driver is located between the miniport layer (MiniportDriver) and the protocol layer (ProtocolDriver). When the machine is infected with ARP Trojan and sends out ARP attacks, the ARP firewall will intercept these attack packets, which basically prevents ARP spoofing packets from running rampant in the LAN. The user mode part uses Winpcap to monitor the packets sent by the machine and the broadcast packets in the local area network, and prompt the user in time.)

[下载]13311398584.rar




上一篇:Anti ARP Sniffer _网卡扫描工具
下一篇:趋势科技Web安全网关IWSA白皮书