臺灣博碩士論文加值系統

Brctl的目的是將多個網路介面連接起來成為一個虛擬的網路介面，這些多個網路介面彼此之間都會互相傳遞封包。Tcpdump是針對所建立的虛擬網路介面進行網路封包資料的擷取；IPTables是針對所建立的虛擬網路介面去對特定形式的封包進行阻斷。現今網路安全的主要顧慮除了熟知的網路病毒入侵問題，木馬程式及後門程式的植入，或是個人資料的遭到竊取之外；許多機構更是重視機構內部資料的控管，而這些資料的流動的方式，不外乎是檔案傳輸、EMail與即時通訊。本論文提供記錄或阻斷網路封包的方式來建立網路的安全性，針對九種的網路協定進行處理，如HTTP、FTP、TELNET、SMTP、POP3、MSN、Yahoo Messenger、AOL/AIM/ICQ及Google Talk。HTTP、FTP與TELNET，這三個是屬於資料呈現或檔案傳輸的部分。在EMail部分則是SMTP與POP3。最後，MSN、Yahoo Messenger、AOL/AIM/ICQ與Google Talk，這四個皆為即時通訊的部分。

The purpose of the Brctl is a virtual network interface, which consists of many network interfaces. Those network interfaces transfer packets for each other. The Tcpdump captures packets from the virtual network interface. The IPTables blocks packets in particular shape or form from the virtual network interface. People have a lot of scruple about the current network security including virus, Trojan horse, backdoor programs and, stealing personal information, but those aren’t the most important things for many apparatus. They attach great importance to control of internal information, that those information are transmitted by transferring files, Email and, instant message. This paper provides methods of recording or blocking network packets that build network security. This paper’s system process nine network protocols like HTTP, FTP, TELNET, SMTP, POP3, MSN, Yahoo Messenger, AOL/AIM/ICQ and, Google Talk. HTTP, FTP and, TELNET belong to transferring files or presenting data. SMTP and POP3 belong to EMail. At last, MSN, Yahoo Messenger, AOL/AIM/ICQ and, Google Talk belong to instant message.

致謝 I
Abstract II
中文摘要 III
目錄 IV
表目錄 VII
圖目錄 IX
第一章 緒論 1
1.1 研究背景 1
1.2 研究動機 2
1.3 研究方法 3
1.4 論文組織 3
第二章 文獻探討 4
2.1 Linux 4
2.1.1 Linux簡介 4
2.1.2 Kernel簡介 5
2.1.3 Kernel演進 6
2.1.4 Kernel版本 9
2.2 Netfilter 11
2.2.1 Netfilter簡介 11
2.2.2 Rule 12
2.2.3 Target 13
2.2.4 Chain 15
2.2.5 Table 16
2.2.6 IPTables指令簡介 18
2.3 Tcpdump 22
2.3.1 Tcpdump簡介 22
2.3.2 Tcpdump運作方式 23
2.3.3 Tcpdump命令列結構 25
2.4 Bridge 27
2.4.1 Bridge簡介 27
2.4.2 Bridge效能 28
第三章 系統研究與開發 29
3.1 系統研究 29
3.2 系統開發 29
3.2.1 原始封包記錄 30
3.2.2 網路協定阻斷 30
3.2.2.1 根據埠做阻斷 30
3.2.2.2 根據字串做阻斷 34
3.2.2.3 根據位址做阻斷 35
第四章 實驗結果與分析 36
4.1 網路拓樸 36
4.2 實驗數據 39
4.2.1 使用IPerf做測試 39
4.2.2 使用Socket做測試 41
4.2.3 阻斷效能 44
4.2.4 記錄效能 46
第五章 結論與建議 49
參考文獻 50
附錄A 55
附錄B 57

[1] 王義智, “日本資訊安全市場發展趨勢,” 台灣安全產業電子報, 2007
[2] L.Garber, “Instant Messaging: A New Target for Hackers,” IEEE Computer Society members, Volume 38 Issue 7, CA, USA, pp 20-23, 2005
[3] 鄭進興、林敬皇、沈志昌、林宜隆, “電腦鑑識方法與程序之研究,” TANET 2003台灣網際網路研討會論文, 2005
[4] 彭元、黃皚昌、莊軍蓮, “國內即時通訊軟件的安全脆弱性分析,” 廣西科學院學報, 2005
[5] H.Zhenyu, L.Zaiqiang, S.Purui, and F.Dengguo, “Blocking MSN: A Case Study of Preventing the Abuse of IM,”2005 Asia-Pacific Conference on Communications, Perth, Western Australia, pp 3-5, 2005
[6] Hypothetic, MSN Messenger Protocol, http://www.hypothetic.org/docs/msn/
[7] Linux Die, Brtcl, http://linux.die.net/man/8/brctl/
[8] Tcpdump, tcpdump/libpcap, http://www.tcpdump.org/
[9] Netfilter, netfilter/iptables, http://www.netfilter.org/
[10] Linux, Linux, http://www.linux.org.tw/
[11] Knowplace, Netfilter, http://www.knowplace.org/netfilter/syntax.html
[12] Debian, http://www.us.debian.org/
[13] Ubuntu, http://www.ubuntu.com/
[14] Knoppix, http://www.knoppix.net/
[15] Linspire, http://www.linspire.com/
[16] Xandros, http://www.xandros.com/
[17] Helsinki, Linus Torvalds, http://www.cs.helsinki.fi/u/torvalds/
[18] Kernel, http://www.kernel.org/
[19] Intel, Multi-Processor, http://www.intel.com/design/pentium/datashts/242016.htm
[20] USB, http://www.usb.org/
[21] PCMCIA, http://www.pcmcia.org/
[22] J.Pranevich, “Kernel korner: Linux 2.4 spotlight: ISA plug and play,” Linux Journal, Volume 2000 Issue 70, Seattle, WA, 2000
[23] 林彥明, “寶刀SLES 9，RHEL 4不出，誰與爭鋒！,” 恆逸資訊講師講稿,新竹,台灣, 2005
[24] D.Koufaty and Deborah T.Marr, “Hyperthreading technology in the netburst microarchitecture,” HYPERTHREADING TECHNOLOGY, Volume 23 Issue 2, pp 56-65, Berkeley, CA, 2003

[25] Patricia McDermott-Wells, “What is Bluetooth?,” Potentials, IEEE , Volume 23 Issue 5, pp 33-35, Miami , FL, 2004
[26] Serialata, SATA, http://www.serialata.org/
[27] G.Kroah-Hartman, “Kernel korner: udev—persistent device naming in user space,” Linux Jurnal, Volume 2004 Issue 122, Seattle, WA, 2004
[28] Randolph Y. Wang and Thomas E. Anderson, “xFS: A Wide Area Mass Storage File System,” Workstation Operating Systems, 1993. Proceedings., Fourth Workshop on, pp 71-78, Berkely, CA, 1993
[29] A. Barczyk, D. Bortolotti, A. Carbone, J.-P. Dufey, D. Galli, B. Gaidioz, D. Gregori, B. Jost, U. Marconi, N. Neufeld, G. Peco, and V. Vagnoni, “High Rate Packets Transmission on Ethernet LAN Using Commodity Hardware,” Real Time Conference, 2005. 14th IEEE-NPSS, Yorktown, NY, 2005
[30] J.Liu, A.Mamidala, A.Vishnu and Dhabaleswar K. Panda, “Evaluating InfiniBand Performance with PCI Express,” IEEE Computer Society, Volume 25 Issue 1, pp 20-29,Yorktown, NY, 2005
[31] 陳永昇, “NetFilter簡介,” Redhat Linux 技術應用系列研討會
Introduction to Linux Netfilter補充資料, 新竹,台灣, 2002
[32] Die, Tcpdump, http://linux.die.net/man/8/tcpdump
[33] A.Bagri, M.Mundhra, A.Pathak and B.Raman, Dept. of Computer Science and Engg. Indian Institute of Technology Kanpur Kanpur, India and Currently at Purdue University, USA, “WiFiDump - A Novel Architecture for Wireless Network Debugging,” Communication Systems Software and Middleware, 2007. COMSWARE 2007. 2nd International Conference on, pp 1-8, Kanpur, India, 2007
[34] IEEE802.3, http://ieee802.org/3/
[35] C.Benvenuti, “UNDERSTANDING LINUX NETWORK INTERNALS,” O’REILLY, 2005
[36] Data Link Layer, http://www.linfo.org/data_link_layer.html
[37] James T. Yu, “Performance Evaluation of Linux Bridge,” Telecommunications System Management Conference 2004, Louisville, Kentucky, 2004
[38] A.Salkever, “The Big Guys Latch Onto Linux,” BusinessWeek, March 2003.
[39] F.Fuentes and Dulal C.Kar, “ETHEREAL VS. TCPDUMP: A COMPARATIVE STUDY ON PACKET SNIFFING TOOLS FOR EDUCATIONAL PURPOSE,” Journal of Computing Sciences in Colleges, Volume 20 Issue 4, pp 169-176, Corpus Christi, TX, 2005
[40] V.Visoottiviseth and N.Bureenok, “Performance Comparison of ISATAP Implementations on FreeBSD, RedHat, and Windows 2003,” 22nd International Conference on Advanced Information Networking and Applications, pp 547-552, Bangkok, Thailand, 2008
[41] NLANR, iperf, http://dast.nlaner.net/Projects/Iperf/, 2008
[42] 古立其、李慧蘭、陳敏, “建置於TWAREN之防災專屬網路架構設計及效能品質量測,” TANET 2007台灣網際網路研討會論文, 台灣, 2007
[43] Ethereal, http://www.ethereal.com/
[44] Ethereal, Editcap, http://www.ethereal.com/docs/man-pages/editcap.1.html
[45] 張智晴 林盈達,“網路的攻擊與防護機制,”網路通訊 115期, 新竹, 台灣, 2001
[46] A.Chame, “PCI Bus In High Speed I/O Systems Applications,” Aerospace Conference, 1998. Proceedings., IEEE, Volume 4 Issue 4, pp 505-514, Sunnyvale, CA, 1998
[47] Z.Xiao, L.Guo, and J.Tracey, “Understanding Instant Messaging Traffic Characteristics,” 27th International Conference on Distributed Computing Systems (ICDCS'07), NY , USA, pp 51-51, 2007