跳到主要內容

臺灣博碩士論文加值系統

(44.221.70.232) 您好!臺灣時間:2024/05/30 20:04
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

我願授權國圖
: 
twitterline
研究生:喻浦軒
研究生(外文):Pu-Syuan Yu
論文名稱:建構於鏈結層網路介面驅動程式上之封包過濾器的設計與實作
論文名稱(外文):The Design and Implementation of Packet Filter over Link Layer NIC Driver
指導教授:林俊宏林俊宏引用關係
指導教授(外文):Chun-Hung Richard Lin
學位類別:碩士
校院名稱:國立中山大學
系所名稱:資訊工程學系研究所
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2005
畢業學年度:93
語文別:中文
論文頁數:73
中文關鍵詞:防火牆封包驅動程式穿隧鏈結層
外文關鍵詞:LinuxPPTPVPNPacket filterFirewallTunnelingFreeBSDEthernet device driver
相關次數:
  • 被引用被引用:2
  • 點閱點閱:193
  • 評分評分:
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:1
在現今網際網路日益發達的時代,如何有效管理並且組織有效率的網路是非常重要的議題,VPN技術因此而誕生。透過VPN,可以有效的組織管理分散各地的區域網路,但是其所使用的穿隧技術,卻有著隱藏的安全性問題,若搭配更改Port Number等方式就有隱藏的危機出現。
本篇論文主要針對一些主要的VPN技術做基本的概念分析,並且介紹如何修改使它具有穿越防火牆的能力,造成網管人員或防火牆不易控管。另外,本篇論文並在後面提出解決方法,使其有效率的解決VPN安全性的問題。
最主要造成安全性的問題在於盜用其他通訊協定的Port Number,本篇論文之解決方法在於徹底解決不當更改Port Number的問題,使駭客無法利用如一般防火牆未阻擋的HTTP Port 80的方式進行不當連線。
我們的解決方法是製作一個基於網路裝置驅動程式的封包過濾器,利用IETF定義好的RFC規範建立封包檢查機制,將不合法的封包阻擋起來,以確保網路的安全。
In this age, the internet has becoming more and more popular recently. How to manage and organize the network effectively is a very important issue.Therefore, the technology of VPN was born. Through the VPN, we can manage and organize the local netork which spread everywhere effectively.But the tunneling technology which VPN used has a security problem. If we also change the VPN’s port number, it will have a big dangerous security problem.
In this paper, we will analyze some basic technology of VPN, and introduce how to modify the VPN. Let VPN have ability to pass through the firewall. This problem will make the people who managed whole network or firewall hard to control and manage it. Another, this paper will bring up the solution which can solve the security problem effectively.
The key of network security problem is to use another protocol’s port number. The solution in this paper will through solve this problem, so hacks can’t modify the TCP port number such as HTTP Port 80 at will.
Our solution is to implement a packet filter which is based on ethernet device driver.We use the RFC document which are defined by IETF to make the packet check rule. This packet filter can reject the illegal packet and make sure the network is safe.
第1章 導論
1.1 研究動機
1.2 解決方案
1.3 論文架構
第2章 相關研究
2.1 VPN
2.2 L2TP
2.3 IPSEC
2.4 PPTP
2.4.1 何謂PPTP
2.4.2 PPTP的安裝
2.4.2.1 PPTP Server
2.4.2.2 PPTP Client
2.5 ETHERNET DEVICE DRIVER
2.5.1 Ethernet Device Driver on Linux
2.5.2 Ethernet Device Driver on FreeBSD
第3章 想法與實作
3.1 MODIFY THE PPTP
3.1.1 Modify TCP Port Number
3.1.2 Modify IP Protocol Number
3.2 PPTP WITH NAT
3.3 PACKET FILTER ON LINUX
3.3.1 PPTP Packet Filter
3.3.2 FTP Packet Filter
3.3.3 HTTP Packet Filter
3.3.4 Telnet Packet Filter
3.3.5 User Configuration
3.4 PACKET FILTER ON FREEBSD
3.4.1 Sniff Packets in Device Driver
3.4.2 User Configuration
3.5 遇到的瓶頸與解決方法
3.6 PACKER FILTER的配置
第4章 效能評估
4.1 實驗環境
4.2 測試項目
4.3 測試結果
4.3.1 FTP Proformance
4.3.2 HTTP Performance
4.3.3 CPU Loading Evaluation
第5章 結論與未來研究方向
5.1 結論
5.2 下一代的VPN-MPLS VPN
5.3 未來研究方向
APPENDIX A PPTP CLIENT SETUP ON WINDOWS XP
APPENDIX B FTP PERFORMANCE EVALUATION DATA
REFERENCE
[1]A. Rubini, and J. Corbet, “Linux Device Drivers, second edition”, O’REILLY, June 2001.
[2]C. Perkins, “IP Encapsulation within IP”, RFC 2003, October 1996.
[3]C. Scott, P. Wolfe, and M. Erwin, “Virtual Private Networks, second edition”, O’REILLY, December 1998.
[4]D. P. Bovet, M. Cesati, “Understanding the Linux Kernel, second edition”, O’REILLY, December 2002.
[5]E. Rosen, Y. Rekhter, and Cisco Systems, Inc. ” BGP/MPLS VPNs”, RFC 2547, March 1999.
[6]J. Postel, and J. Reynolds, “FILE TRANSFER PROTOCOL(FTP)”, RFC 959, October 1985.
[7]J. Postel, and J. Reynolds, “TELNET PROTOCOL SPECIFICATION”, RFC 854, May 1983.
[8]K. Hamzeh et al., “Point-to-Point Tunneling Protocol(PPTP)”, RFC 2637, July 1999.
[9]K. Muthukrishnan et al., “A Core MPLS IP VPN Architecture”, RFC 2917, September 2000.
[10]M. K. McKusick, and G. V. Neville-Neil, “The Design and Implementation of the FreeBSD Operating System”, Addison-Wesley, July 2004.
[11]S. Hanks et al., “Generic Routing Encapsulation(GRE)”, RFC 1701, October 1994.
[12]S. Hanks et al., “Generic Routing Encapsulation over IPv4 networks”, RFC 1702, October 1994.
[13]T. Berners-Lee et al., “Hypertext Transfer Protocol – HTTP/1.0”, RFC 1945, May 1996.
[14]T. Berners-Lee et al., “Hypertext Transfer Protocol – HTTP/1.1”, RFC 2068, January 1997.
[15]W.Richard Stevens, “TCP/IP Illustrated, Volume 1:The Protocols”, Addison-Wesley, October 2002.
[16]W.Richard Stevens, “TCP/IP Illustrated, Volume 2:The Implementation”, Addison-Wesley, September 2002.
[17]W. Simpson et al., “The Point-to-Point Protocol(PPP)”, RFC 1661, July 1994.
[18]W. Townsley et al., “Layer Two Tunneling Protocol(L2TP)”, RFC 2661, August 1999.
[19]“netfilter/iptables project homepage”, http://www.netfilter.org/.
[20]“Network General – Application and Network Performance Analysis Solutions”, http://www.networkgeneral.com/.
[21]“Poptop-The PPTP Server for Linux”, http://www.poptop.org/.
[22]“PPTP Client”, http://pptpclient.sourceforge.net/.
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
無相關期刊