节点文献
基于NDIS的Anti-Xprobe2实现技术研究
Research on Technology of Anti-Xprobe2 Based on NDIS
【摘要】 Xprobe2通过模糊矩阵统计分析主动探测数据报对应的ICMP数据报特征,进而探测得到远端操作系统的类型。在分析Xprobe2实现机制的基础上,通过对探测数据报进行检测,并以指定的操作系统特征为模板,对输出ICMP数据报进行伪装,实现防御Xprobe2探测。基于ND IS给出了实现的体系机构,并对事件分离模块和伪装应答模块进行了详细的讨论。测试结果显示,该方案能有效的防御Xprobe2主动探测,实现了对操作系统指纹的伪装。
【Abstract】 Xprobe2 combines various remote active operating system fingerprinting methods using the ICMP protocol,and it utilizes a matrix based fuzzy logic to analyzing the results produced by various remote active operating system fingerprinting tests.Based on analyzing the mechanism of Xprobe2,this paper describes the design of Anti-xprobe2 which defenses OS fingerprinting detection of Xprobe2 by camouflaging response packets.It also gives the architecture of Anti-xprobe2 and discusses the event separator module and packets camouflage module in detail based on NDIS.The test result displays that this intermediate driver defense the detection of Xprobe2 successfully.
【Key words】 network security; NDIS; OS fingerprinting; anti-xprobe2;
- 【文献出处】 航空计算技术 ,Aeronautical Computing Technique , 编辑部邮箱 ,2006年02期
- 【分类号】TP393.08
- 【被引频次】5
- 【下载频次】59