(3.215.183.251) 您好!臺灣時間:2021/04/22 11:20
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果

詳目顯示:::

我願授權國圖
: 
twitterline
研究生:陳俊宏
研究生(外文):Chun-Hung, Chen
論文名稱:網路位址轉換設備偵測之研究
論文名稱(外文):A Study of Network Address Translation Devices Detection
指導教授:楊永仁楊永仁引用關係
指導教授(外文):Yung-Jen, Yang
學位類別:碩士
校院名稱:玄奘大學
系所名稱:資訊科學學系碩士班
學門:電算機學門
學類:電算機一般學類
論文種類:學術論文
論文出版年:2007
畢業學年度:95
語文別:中文
論文頁數:32
中文關鍵詞:網路位址轉換TCP 時間戳記網路安全
外文關鍵詞:network address translationTCP timestampsnetwork security
相關次數:
  • 被引用被引用:0
  • 點閱點閱:89
  • 評分評分:系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:0
在校園網路環境中,IP位址資源的分配規則是一個使用者配給一個公有IP位址使用,以便對使用者的行為進行控管,而網路位址轉換技術,則是讓所有位於私有網域中的使用者能共享一個公有IP位址連上網際網路,以節省公有IP位址的消耗。然而,使用者可能為了一時便利而啟用了具有網路位址轉換功能的設備,但未做好身分認證等管理措施,使得其他人也能藉此共享同一個上網位址,不但因此擾亂了網路管理規範,而且可能為惡意使用者開啟了一個隱形的漏洞,增添管理上的複雜度與安全性的隱憂。
現有偵測網路位址轉換設備的方式,都是努力在網路封包資料中,分析找出可用的資訊,用以歸納判定設備的存在與否。過去曾有人提出利用分析IP封包裡的識別碼方式,來推測隱身在同一公有IP之下的使用者數量。但是因網路延遲、或封包遺失而被迫從送等因素,此類方法往往無法有效將封包分類,以致於造成數量上的判讀錯誤。我們所提出的方法則是另外加入了網路TCP層的時間戳記因素,透過相輔相成的搭配效果,以便協助網路管理人員能在第一時間察覺公有IP異常的過度使用行為,偵測藏匿於網路中的網路位址轉換設備。
Monitoring the user's behavior in network environment, the rule of IP address allocation is that the user assigned to a single public IP address. The network address translation technology enables multiple users to access concurrently the internet on a private network that using a single public IP address in order to reduce the consumption of public IP address. However, users may use a device with network address translation function at their convenience, but do not have a good control of identity authentication which may enable others can access the internet by the same IP address. These behaviors not only discomfit the rules of network management, but also open a hiding loophole for the malicious user that may increase the complexity and the security crisis of network management.
Currently, the method for detecting the device with network address translation function is to search and analysis arduously the available information in the network packet data, then determine the device existence or not. In the past, analyzing the identification number in the IP packet for inferring the amount of user under the same public IP address had been proposed. However, due to the network delay, or lose the packet accounted for packet retransmission, this kind of method was often unable to classify the packet effectively, and might cause the mistake of detecting. Therefore, we will provide a method to advance the timestamps factor of the network TCP layer. It will support the network administrator to observe the unusual using behavior in the single public IP address at the same time, and detect the network address translation device hided in the network.
目錄 1
第一章 緒論 4
1.1 概論 4
1.2 研究動機與目的 5
1.3 論文架構 6
第二章 文獻探討 7
2.1 NAT運作原理與模式 7
2.2 相關推論NAT設備存在方法 9
2.2.1 以使用者行為模式作偵測 9
2.2.2 以統計封包內容作偵測 10
2.3 時間戳記 15
第三章 研究方法 17
3.1 TCP時間戳記估計目的與方法 17
3.2 NAT設備偵測法 19
第四章 實驗模擬環境與結果 23
4.1 封包處理 23
4.2 實驗結果 24
第五章 結論與未來展望 29
參考文獻 30
[1]S. M. Bellovin, “A technique for counting NATed Hosts,”In Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurement, November 2002, pp.267– 272.
[2]R. Beverly, “A robust classifier for passive TCP/IP fingerprinting,” In Proceedings of Passive and Active Network Measurement, 5th International Workshop, 2004, pp.158–167.
[3]R. Beyah, S. Kangude, G. Yu, B. Strickland, and J. Copeland, “Rogue access point detection using temporal traffic characteristics,”In Proceedings of IEEE GLOBECOM, 2004, pp. 2271–2275.
[4]S. Deering and R. Hinden, “Internet Protocol, Version 6 (IPv6) Specification,” RFC 2460, Internet Engineering Task Force, December 1998.
[5]B. Dutcher, “The NAT Handbook:Implementing and Managing Network Address Translation,” John Wiley & Sons, January 2001.
[6]T. Hain, “Architectural implications of NAT,”RFC 2993, Internet Engineering Task Force, November 2000.
[7]V. Jacobson, R. Braden, and D.Borman, “TCP Extensions for High Performance,” RFC 1323, Internet Engineering Task Force , May 1992.
[8]T. Kohno, A. Broido, and K. C. Claffy, “Remote physical device fingerprinting,” In IEEE Symposium on Security and Privacy, 2005, pp. 211–225.
[9]S. J. Murdoch, “Detecting temperature through clock skew,” In Proceedings of the 23rd Chaos Communication Congress, December 2006.
[10]J. Postel, “Transmission Control Protocol,” RFC 793, Internet Engineering Task Force, September 1981.
[11]Y. Rekhter, B. Moskowitz, D. Karrenberg, and G. de Groot, “Address Allocation for Private Internets,” RFC 1597, Internet Engineering Task Force, March 1994.
[12]D. Senie, “Network address translator (nat) -friendly application design guidelines,” RFC 3235, Internet Engineering Task Force, January 2002.
[13]P. Srisuresh and K. Egevang, “Traditional IP Network Address Translator (Traditional NAT),” RFC 3022, Internet Engineering Task Force, January 2001.
[14]R. Stevens, “TCP/IP Illustrated (Vol. 1):The Protocols,”Addison Wesley, 1994.
[15]B. Veal, K. Li, and D. Lowenthal, “New Methods for Passive Estimation of TCP Round-Trip Times,” In Proceedings of Passive and Active Measurements, 2005.
[16]WinDump:tcpdump for Windows, http://www.winpcap.org/
[17]林志杰, 高國峰, 廖宜恩,“植基於封包分析之非法無線基地台偵測方法,”Workshop on Wireless, Ad Hoc and Sensor Networks, National Central University, August. 1-2, 2005, pp. 427-431.
[18]禹凡, “無線網路通訊概論,”文魁出板社, 2002.
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
系統版面圖檔 系統版面圖檔