摘  要

伴随着计算机网络的普及和通讯技术的迅猛发展，网络信息已逐步成为当今社会发展的重要资源。网络互连一般采用 TCP/IP 协议，由于网络及其协议的设计者，在设计之初只考虑了效率问题没有考虑网络安全的问题，所以几乎所有的网络协议都有漏洞，ARP 协议同样也存在着安全漏洞。ARP 攻击在现今的网络中频频出现，轻者造成网络性能下降，重者造成网络不通或信息被盗。因此有效的防范 ARP 形式的网络攻击己成为确保网络畅通安全的必要条件。

本文研究了关于ARP协议；阐述针对ARP协议的攻击方式；针对这些攻击方式，如何做出防御；在攻击发生时，能够将此次攻击进行有效的检测，并对此次攻击进行判定，做出合理的防御措施。其次针对局域网中出现的 ARP 欺骗的攻击方式进行有针对性的分析，使用抓包工具截获攻击包后进行相关研究，并制定出防御局域网中出现的ARP欺骗的方法，同时对该方法进行适当改进以提高防御效率。

关键词：ARP协议；ARP病毒；检测；定位；防范
Abstract

With the popularization of computer network and the rapid development of communication technology, network information has gradually become an important resource of social development. Network interconnection generally adopts TCP/IP protocol, because of the designer of network and its protocol. At the beginning of the design, we only considered the problem of efficiency and did not consider the problem of network security, so almost all network protocols have vulnerabilities and ARP protocols also have security vulnerabilities. ARP attacks appear frequently in today's networks. The light person causes the network performance to degrade, the heavy one causes the network to be blocked or the information is stolen. Therefore, the effective protection against the network attack in the form of ARP has become a guarantee The necessary condition of network smooth security.

This paper studies the ARP protocol, expounds the attack methods against the ARP protocol, how to defend against these attack methods, can detect the attack effectively when the attack occurs, and determines the attack. To make reasonable defense measures. Secondly, aiming at the attack mode of ARP spoofing in LAN, using the capture tool to intercept the attack packet to carry on the related research. The method of defending ARP spoofing in LAN is worked out, and the method is improved to improve the defense efficiency.

Keywords: ARP protocol: ARP virus; Detection; Localization; Prevention

目  录

摘  要 I

Abstract II

第1章 绪 论 1

1.1 选题背景及意义 1

1.2 国内外研究现状 1

1.3 研究内容及论文结构 4

1.3.1 研究内容 4

1.3.2 论文的组织结构 4

第2章 ARP协议的相关理论 6

2.1 ARP 协议介绍 6

2.1.1 地址解析的作用 6

2.1.2 直接映射法 7

2.1.3 动态地址解析法 8

2.1.4 动态地址解析的缓冲区与高效率 8

2.2 ARP 协议的应用 9

2.2.1 ARP 的标准与历史 9

2.2.2 ARP 地址详述与基本操作 10

2.2.3 ARP 信息的格式 11

2.2.4 ARP 缓存 13

2.2.5 代理 ARP 15

2.3 ARP 欺骗 16

2.3.1 ARP 欺骗原理 16

2.3.2 ARP 欺骗的攻击方式 17

2.3.3 ARP 攻击的检测 19

2.3.4 ARP 病毒的防御 20

2.8 本章小结 22

第3章 ARP病毒检测与防御 23

3.1 局域网遭受ARP 病毒攻击的症状及危害 23

3.2 检测与分析 24

3.2.1 正常网络数据的捕获与分析 24

3.2.2 ARP 欺骗数据包的捕获与分析 25

3.3 ARP 欺骗的防御 26

3.3.1 针对网关 ARP 欺骗的防御 26

3.3.2 针对网内主机 ARP 欺骗的防御 27

3.4 ARP 欺骗防御方法的改进 28

3.5 本章小结 28

总  结 30

参考文献 31