<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta charset="utf-8">
<meta name="generator" content="pdf2htmlEX">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<link rel="stylesheet" href="https://static.pudn.com/base/css/base.min.css">
<link rel="stylesheet" href="https://static.pudn.com/base/css/fancy.min.css">
<link rel="stylesheet" href="https://static.pudn.com/prod/directory_preview_static/626609214c65f41259256531/raw.css">
<script src="https://static.pudn.com/base/js/compatibility.min.js"></script>
<script src="https://static.pudn.com/base/js/pdf2htmlEX.min.js"></script>
<script>
try{
pdf2htmlEX.defaultViewer = new pdf2htmlEX.Viewer({});
}catch(e){}
</script>
<title></title>
</head>
<body>
<div id="sidebar" style="display: none">
<div id="outline">
</div>
</div>
<div id="pf1" class="pf w0 h0" data-page-no="1"><div class="pc pc1 w0 h0"><img class="bi x0 y0 w1 h1" alt="" src="https://static.pudn.com/prod/directory_preview_static/626609214c65f41259256531/bg1.jpg"><div class="c x0 y1 w2 h2"><div class="t m0 x1 h3 y2 ff1 fs0 fc0 sc0 ls0 ws0">实验六 端口扫描攻击检测</div><div class="t m0 x2 h4 y3 ff2 fs1 fc0 sc0 ls0 ws0">1<span class="ff1">、<span class="_ _0"> </span>需求分析</span></div><div class="t m0 x3 h4 y4 ff1 fs1 fc0 sc0 ls0 ws0">针对内外网<span class="_ _1"></span>用户的恶意扫<span class="_ _1"></span>描检测,通过<span class="_"> </span><span class="ff2">snort<span class="_"> </span></span>的端口扫描攻击检测,<span class="_ _1"></span>初步识别攻击<span class="_ _1"></span>的源</div><div class="t m0 x3 h4 y5 ff1 fs1 fc0 sc0 ls0 ws0">和目的地址,进行及时防御,将威胁降到最低,更好的保护公司单位网络的安全。</div><div class="t m0 x3 h4 y6 ff1 fs1 fc0 sc0 ls0 ws0">外网用户的恶意扫描探测</div><div class="t m0 x2 h4 y7 ff2 fs1 fc0 sc0 ls0 ws0">2<span class="ff1">、<span class="_ _0"> </span>实验原理</span></div><div class="t m0 x2 h4 y8 ff2 fs1 fc0 sc0 ls0 ws0">2.1 <span class="ff1">端口扫描基本知识</span></div><div class="t m0 x4 h4 y9 ff1 fs1 fc0 sc0 ls0 ws0">端口<span class="_ _1"></span>扫描<span class="_ _1"></span>向目<span class="_ _1"></span>标主<span class="_ _1"></span>机的<span class="_ _2"> </span><span class="ff2">TCP<span class="_ _3"></span>/IP<span class="_"> </span><span class="ff1">服务端<span class="_ _1"></span>口发<span class="_ _1"></span>送探<span class="_ _1"></span>测数<span class="_ _1"></span>据包<span class="_ _1"></span>,并<span class="_ _1"></span>记录<span class="_ _1"></span>目标<span class="_ _1"></span>主机<span class="_ _1"></span>的响<span class="_ _1"></span>应。<span class="_ _1"></span>通</span></span></div><div class="t m0 x2 h4 ya ff1 fs1 fc0 sc0 ls0 ws0">过分<span class="_ _1"></span>析响<span class="_ _1"></span>应来<span class="_ _1"></span>判断<span class="_ _1"></span>服务<span class="_ _1"></span>端口<span class="_ _1"></span>是打<span class="_ _1"></span>开还<span class="_ _1"></span>是关<span class="_ _1"></span>闭,<span class="_ _1"></span>就可<span class="_ _1"></span>以得<span class="_ _1"></span>知端<span class="_ _1"></span>口提<span class="_ _1"></span>供的<span class="_ _1"></span>服务<span class="_ _1"></span>或信<span class="_ _1"></span>息。<span class="_ _1"></span>端口<span class="_ _1"></span>扫</div><div class="t m0 x2 h4 yb ff1 fs1 fc0 sc0 ls0 ws0">描也可<span class="_ _1"></span>以通过<span class="_ _1"></span>捕获本<span class="_ _1"></span>地主机<span class="_ _1"></span>或服务<span class="_ _1"></span>器的流<span class="_ _1"></span>入流出<span class="_ _2"> </span><span class="ff2">IP<span class="_"> </span></span>数据包来<span class="_ _1"></span>监视本<span class="_ _1"></span>地主机<span class="_ _1"></span>的运行<span class="_ _1"></span>情况,<span class="_ _1"></span>他</div><div class="t m0 x2 h4 yc ff1 fs1 fc0 sc0 ls0 ws0">仅能<span class="_ _1"></span>对接<span class="_ _1"></span>收的<span class="_ _1"></span>数据<span class="_ _1"></span>进行<span class="_ _1"></span>分析<span class="_ _1"></span>,帮<span class="_ _1"></span>助我<span class="_ _1"></span>们发<span class="_ _1"></span>现目<span class="_ _1"></span>标主<span class="_ _1"></span>机的<span class="_ _1"></span>某些<span class="_ _1"></span>内在<span class="_ _1"></span>的弱<span class="_ _1"></span>点,<span class="_ _1"></span>而不<span class="_ _1"></span>会提<span class="_ _1"></span>供进<span class="_ _1"></span>入</div><div class="t m0 x2 h4 yd ff1 fs1 fc0 sc0 ls0 ws0">一个系统的详细步骤。</div><div class="t m0 x4 h4 ye ff1 fs1 fc0 sc0 ls0 ws0">端口扫描技<span class="_ _1"></span>术行为作为恶<span class="_ _1"></span>意攻击的前奏<span class="_ _1"></span>,严重威胁用<span class="_ _1"></span>户的网络,<span class="_ _4"></span><span class="ff2">snort<span class="_"> </span></span>通过扫描的行为</div><div class="t m0 x2 h4 yf ff1 fs1 fc0 sc0 ls0 ws0">特征准确地识别出恶意的扫描行为,并及时通知管理员。</div><div class="t m0 x4 h4 y10 ff1 fs1 fc0 sc0 ls0 ws0">常用的端口扫描技术:</div><div class="t m0 x4 h4 y11 ff1 fs1 fc0 sc0 ls0 ws0">(<span class="ff2">1</span>)<span class="_ _5"> </span><span class="ff2">TCP <span class="_ _1"></span></span>端<span class="_ _1"></span>口<span class="_ _1"></span>连<span class="_ _1"></span>接<span class="_ _1"></span>扫<span class="_ _1"></span>描<span class="_ _1"></span>:<span class="_ _1"></span>这<span class="_ _1"></span>是<span class="_ _1"></span>最<span class="_ _1"></span>基<span class="_ _1"></span>本<span class="_ _1"></span>的<span class="_"> </span><span class="ff2">T<span class="_ _6"></span>CP<span class="_"> </span><span class="ff1">扫<span class="_ _1"></span>描<span class="_ _1"></span>。<span class="_ _1"></span>操<span class="_ _1"></span>作<span class="_ _1"></span>系<span class="_ _1"></span>统<span class="_ _1"></span>提<span class="_ _1"></span>供<span class="_ _1"></span>的<span class="_ _2"> </span></span>connect()<span class="_ _1"></span><span class="ff1">系<span class="_ _1"></span>统</span></span></div><div class="t m0 x4 h4 y12 ff1 fs1 fc0 sc0 ls0 ws0">调用<span class="_ _1"></span>,用<span class="_ _1"></span>来与<span class="_ _1"></span>每一<span class="_ _1"></span>个感<span class="_ _1"></span>兴趣<span class="_ _1"></span>的目<span class="_ _1"></span>标计<span class="_ _1"></span>算机<span class="_ _1"></span>的端<span class="_ _1"></span>口进<span class="_ _1"></span>行连<span class="_ _1"></span>接。<span class="_ _1"></span>如果<span class="_ _1"></span>端口<span class="_ _1"></span>处于<span class="_ _1"></span>侦听<span class="_ _1"></span>状态<span class="_ _1"></span>,</div><div class="t m0 x4 h4 y13 ff1 fs1 fc0 sc0 ls0 ws0">那么<span class="_ _0"> </span><span class="ff2">connect()<span class="_ _1"></span></span>就能<span class="_ _1"></span>成功<span class="_ _1"></span>。否<span class="_ _1"></span>则,<span class="_ _1"></span>这个<span class="_ _1"></span>端口<span class="_ _1"></span>是不<span class="_ _1"></span>能用<span class="_ _1"></span>的,<span class="_ _1"></span>即没<span class="_ _1"></span>有提<span class="_ _1"></span>供服<span class="_ _1"></span>务。<span class="_ _1"></span>这个<span class="_ _1"></span>技术<span class="_ _1"></span>的</div><div class="t m0 x4 h4 y14 ff1 fs1 fc0 sc0 ls0 ws0">一个<span class="_ _1"></span>最大<span class="_ _1"></span>的优<span class="_ _1"></span>点是<span class="_ _1"></span>,你<span class="_ _1"></span>不需<span class="_ _1"></span>要任<span class="_ _1"></span>何权<span class="_ _1"></span>限。<span class="_ _1"></span>系统<span class="_ _1"></span>中的<span class="_ _1"></span>任何<span class="_ _1"></span>用户<span class="_ _1"></span>都有<span class="_ _1"></span>权利<span class="_ _1"></span>使用<span class="_ _1"></span>这个<span class="_ _1"></span>调用<span class="_ _1"></span>。</div><div class="t m0 x4 h4 y15 ff1 fs1 fc0 sc0 ls0 ws0">另一个<span class="_ _1"></span>好处就<span class="_ _1"></span>是速度<span class="_ _1"></span>。如果<span class="_ _1"></span>对每个<span class="_ _1"></span>目标端<span class="_ _1"></span>口以线<span class="_ _1"></span>性的方<span class="_ _1"></span>式,使<span class="_ _1"></span>用单独<span class="_ _1"></span>的<span class="_ _7"> </span><span class="ff2">connect()</span>调用<span class="_ _1"></span>,</div><div class="t m0 x4 h4 y16 ff1 fs1 fc0 sc0 ls0 ws0">那么<span class="_ _1"></span>将会<span class="_ _1"></span>花费<span class="_ _1"></span>相当<span class="_ _1"></span>长的<span class="_ _1"></span>时间<span class="_ _1"></span>,你<span class="_ _1"></span>可以<span class="_ _1"></span>通过<span class="_ _1"></span>同时<span class="_ _1"></span>打开<span class="_ _1"></span>多个<span class="_ _1"></span>套接<span class="_ _1"></span>字,<span class="_ _1"></span>从而<span class="_ _1"></span>加速<span class="_ _1"></span>扫描<span class="_ _1"></span>。使<span class="_ _1"></span>用</div><div class="t m0 x4 h4 y17 ff1 fs1 fc0 sc0 ls0 ws0">非阻<span class="_ _1"></span>塞<span class="_ _2"> </span><span class="ff2">I/O<span class="_"> </span></span>允许<span class="_ _1"></span>你设<span class="_ _1"></span>置<span class="_ _1"></span>一个<span class="_ _1"></span>低<span class="_ _1"></span>的时<span class="_ _1"></span>间<span class="_ _1"></span>用尽<span class="_ _1"></span>周<span class="_ _1"></span>期,<span class="_ _1"></span>同<span class="_ _1"></span>时观<span class="_ _1"></span>察<span class="_ _1"></span>多个<span class="_ _1"></span>套<span class="_ _1"></span>接字<span class="_ _1"></span>。<span class="_ _1"></span>但这<span class="_ _1"></span>种<span class="_ _1"></span>方法<span class="_ _1"></span>的</div><div class="t m0 x4 h4 y18 ff1 fs1 fc0 sc0 ls0 ws0">缺点<span class="_ _1"></span>是很<span class="_ _1"></span>容易<span class="_ _1"></span>被发<span class="_ _1"></span>觉,<span class="_ _1"></span>并且<span class="_ _1"></span>被过<span class="_ _1"></span>滤掉<span class="_ _1"></span>。目<span class="_ _1"></span>标计<span class="_ _1"></span>算机<span class="_ _1"></span>的<span class="_ _2"> </span><span class="ff2">logs<span class="_"> </span></span>文件会显<span class="_ _1"></span>示一<span class="_ _1"></span>连串<span class="_ _1"></span>的连<span class="_ _1"></span>接和</div><div class="t m0 x4 h4 y19 ff1 fs1 fc0 sc0 ls0 ws0">连接是出错的服务消息,并且能很快的使它关闭。   </div><div class="t m0 x4 h4 y1a ff1 fs1 fc0 sc0 ls0 ws0">(<span class="ff2">2</span>)<span class="_ _5"> </span><span class="ff2">TCP SYN<span class="_ _0"> </span></span>扫描:这种<span class="_ _1"></span>技术通<span class="_ _1"></span>常认为<span class="_ _1"></span>是“<span class="_ _1"></span><span class="ff3">半</span>开<span class="ff3">放<span class="_ _1"></span>”</span>扫描<span class="_ _1"></span>,这是<span class="_ _1"></span><span class="ff3">因</span>为扫<span class="_ _1"></span>描<span class="ff3">程<span class="_ _1"></span>序</span>不<span class="ff3">必<span class="_ _1"></span></span>要</div><div class="t m0 x4 h4 y1b ff1 fs1 fc0 sc0 ls0 ws0">打开<span class="_ _1"></span>一个<span class="_ _1"></span><span class="ff3">完</span>全<span class="_ _1"></span>的<span class="_ _2"> </span><span class="ff2">TCP<span class="_"> </span></span>连接。扫<span class="_ _1"></span>描<span class="ff3">程<span class="_ _1"></span>序</span>发<span class="_ _1"></span>送的<span class="_ _1"></span>是一<span class="_ _1"></span>个<span class="_"> </span><span class="ff2">S<span class="_ _6"></span>YN<span class="_"> </span><span class="ff1">数据<span class="_ _1"></span>包,<span class="_ _1"></span>好<span class="ff3">象<span class="_ _1"></span></span>准<span class="ff3">备<span class="_ _1"></span></span>打开<span class="_ _1"></span>一个<span class="_ _1"></span>实</span></span></div><div class="t m0 x4 h4 y1c ff3 fs1 fc0 sc0 ls0 ws0">际<span class="_ _1"></span><span class="ff1">的<span class="_ _4"></span>连<span class="_ _4"></span>接<span class="_ _1"></span>并<span class="_ _4"></span></span>等<span class="_ _1"></span>待<span class="_ _4"></span>反<span class="_ _1"></span><span class="ff1">应<span class="_ _4"></span>一<span class="_ _4"></span></span>样<span class="_ _1"></span><span class="ff1">(<span class="_ _4"></span></span>参<span class="_ _1"></span>考<span class="_ _8"> </span><span class="ff2">TCP<span class="_"> </span><span class="ff1">的<span class="_ _4"></span></span></span>三<span class="_ _1"></span>次<span class="_ _4"></span>握<span class="_ _1"></span>手<span class="_ _4"></span>建<span class="_ _1"></span>立<span class="_ _4"></span><span class="ff1">一<span class="_ _4"></span>个<span class="_ _9"> </span><span class="ff2">TCP<span class="_"> </span></span>连<span class="_ _1"></span>接<span class="_ _4"></span>的<span class="_ _1"></span>过<span class="_ _4"></span></span>程<span class="_ _4"></span><span class="ff1">)<span class="_ _1"></span>。<span class="_ _4"></span>一<span class="_ _1"></span>个</span></div><div class="t m0 x4 h4 y1d ff2 fs1 fc0 sc0 ls0 ws0">SYN|ACK<span class="_"> </span><span class="ff1">的<span class="ff3">返<span class="_ _1"></span>回<span class="_ _1"></span></span>信<span class="_ _1"></span>息<span class="ff3">表<span class="_ _1"></span></span>示<span class="_ _1"></span>端<span class="_ _1"></span>口<span class="_ _1"></span>处<span class="_ _1"></span>于<span class="_ _1"></span>侦<span class="_ _1"></span>听状<span class="_ _1"></span>态<span class="_ _1"></span>。<span class="_ _1"></span>一<span class="_ _1"></span>个<span class="_ _2"> </span></span>RST<span class="_"> </span><span class="ff3">返回<span class="_ _1"></span><span class="ff1">,<span class="_ _1"></span></span>表<span class="_ _1"></span><span class="ff1">示<span class="_ _1"></span>端口<span class="_ _1"></span>没<span class="_ _1"></span>有<span class="_ _1"></span>处<span class="_ _1"></span>于<span class="_ _1"></span>侦听</span></span></div><div class="t m0 x4 h4 y1e ff1 fs1 fc0 sc0 ls0 ws0">态<span class="_ _1"></span>。如<span class="_ _1"></span>果<span class="_ _1"></span>收<span class="_ _1"></span>到<span class="_ _1"></span>一<span class="_ _1"></span>个<span class="_ _2"> </span><span class="ff2">SYN|A<span class="_ _6"></span>CK<span class="_ _1"></span><span class="ff1">,<span class="_ _1"></span>则<span class="_ _1"></span>扫<span class="_ _1"></span>描<span class="_ _1"></span><span class="ff3">程<span class="_ _1"></span>序必<span class="_ _1"></span>须<span class="_ _1"></span>再<span class="_ _1"></span></span>发<span class="_ _1"></span>送<span class="_ _1"></span>一<span class="_ _1"></span>个<span class="_ _2"> </span></span>RS<span class="_ _6"></span>T<span class="_"> </span><span class="ff1">信<span class="_ _1"></span><span class="ff3">号<span class="_ _1"></span></span>,<span class="_ _1"></span>来<span class="_ _1"></span>关闭<span class="_ _1"></span>这<span class="_ _1"></span>个<span class="_ _1"></span>连<span class="_ _1"></span>接</span></span></div><div class="t m0 x4 h4 y1f ff1 fs1 fc0 sc0 ls0 ws0">过<span class="ff3">程<span class="_ _1"></span></span>。这<span class="_ _1"></span>种扫<span class="_ _1"></span>描技<span class="_ _1"></span>术的<span class="_ _1"></span>优点<span class="_ _1"></span>在于<span class="_ _1"></span>一<span class="_ _1"></span><span class="ff3">般</span>不<span class="_ _1"></span>会在<span class="_ _1"></span>目标<span class="_ _1"></span>计算<span class="_ _1"></span>机<span class="ff3">上<span class="_ _1"></span>留下<span class="_ _1"></span></span>记录<span class="_ _1"></span>。但<span class="_ _1"></span>这种<span class="_ _1"></span>方法<span class="_ _1"></span>的一</div><div class="t m0 x4 h4 y20 ff1 fs1 fc0 sc0 ls0 ws0">个缺点是,<span class="ff3">必须</span>要有<span class="_ _0"> </span><span class="ff2">ro<span class="_ _6"></span>ot<span class="_"> </span><span class="ff1">权限<span class="ff3">才</span>能<span class="ff3">建立自己</span>的<span class="_ _0"> </span></span>S<span class="_ _6"></span>YN<span class="_"> </span><span class="ff1">数据包。   </span></span></div><div class="t m0 x4 h4 y21 ff1 fs1 fc0 sc0 ls0 ws0">(<span class="ff2">3</span>)<span class="_ _5"> </span><span class="ff2">TCP FIN </span>扫描:有<span class="_ _1"></span>的时<span class="ff3">候</span>有可能<span class="_ _2"> </span><span class="ff2">SYN<span class="_"> </span></span>扫描都不<span class="ff3">够秘密</span>。<span class="_ _1"></span>一些防<span class="ff3">火墙</span>和<span class="_ _1"></span>包过滤器</div><div class="t m0 x4 h4 y22 ff1 fs1 fc0 sc0 ls0 ws0">会<span class="_ _1"></span>对一<span class="_ _1"></span>些<span class="_ _1"></span><span class="ff3">指<span class="_ _1"></span>定<span class="_ _1"></span></span>的<span class="_ _1"></span>端<span class="_ _1"></span>口<span class="_ _1"></span>进行<span class="_ _1"></span>监<span class="_ _1"></span>视<span class="_ _1"></span>,<span class="_ _1"></span>有<span class="_ _1"></span>的<span class="_ _1"></span><span class="ff3">程<span class="_ _1"></span>序</span>能<span class="_ _4"></span>检测<span class="_ _1"></span>到<span class="_ _1"></span>这<span class="_ _1"></span>些扫<span class="_ _1"></span>描<span class="_ _1"></span>。<span class="_ _1"></span>相<span class="_ _1"></span><span class="ff3">反<span class="_ _1"></span></span>,<span class="_ _a"> </span><span class="ff2">FIN<span class="_"> </span></span>数<span class="_ _1"></span>据包<span class="_ _1"></span>可<span class="_ _1"></span>能</div><div class="t m0 x4 h4 y23 ff1 fs1 fc0 sc0 ls0 ws0">会没有任何<span class="ff3">麻烦</span>的通过。这种扫描方法的<span class="ff3">思想</span>是关闭的端口会用<span class="ff3">适</span>当的<span class="_"> </span><span class="ff2">RS<span class="_ _6"></span>T<span class="_"> </span><span class="ff1">来<span class="ff3">回复<span class="_ _0"> </span></span></span>FIN</span></div><div class="t m0 x4 h4 y24 ff1 fs1 fc0 sc0 ls0 ws0">数据<span class="_ _1"></span>包<span class="_ _1"></span>。另<span class="_ _1"></span>一<span class="_ _1"></span>方<span class="_ _1"></span><span class="ff3">面</span>,<span class="_ _1"></span>打<span class="_ _1"></span>开的<span class="_ _1"></span>端<span class="_ _1"></span>口会<span class="_ _1"></span><span class="ff3">忽<span class="_ _1"></span>略<span class="_ _1"></span></span>对<span class="_"> </span><span class="ff2">F<span class="_ _6"></span>IN<span class="_"> </span><span class="ff1">数<span class="_ _1"></span>据包<span class="_ _1"></span>的<span class="_ _1"></span><span class="ff3">回复<span class="_ _1"></span></span>。<span class="_ _1"></span>这<span class="_ _1"></span>种方<span class="_ _1"></span>法<span class="_ _1"></span>和系<span class="_ _1"></span>统<span class="_ _1"></span>的实<span class="_ _1"></span>现</span></span></div><div class="t m0 x4 h4 y25 ff1 fs1 fc0 sc0 ls0 ws0">有<span class="_ _1"></span>一<span class="ff3">定<span class="_ _1"></span></span>的<span class="_ _1"></span>关<span class="_ _1"></span>系<span class="_ _1"></span>。<span class="_ _1"></span>有<span class="_ _1"></span>的<span class="_ _1"></span>系统<span class="_ _1"></span>不<span class="_ _1"></span>管<span class="_ _1"></span>端<span class="_ _1"></span>口<span class="_ _1"></span>是否<span class="_ _1"></span>打<span class="_ _1"></span>开<span class="_ _1"></span>,<span class="_ _1"></span>都<span class="_ _1"></span><span class="ff3">回<span class="_ _1"></span>复<span class="_ _2"> </span><span class="ff2">RST</span></span>,<span class="_ _1"></span>这<span class="_ _1"></span><span class="ff3">样<span class="_ _1"></span></span>,<span class="_ _1"></span>这<span class="_ _1"></span>种扫<span class="_ _1"></span>描<span class="_ _1"></span>方<span class="_ _1"></span>法<span class="_ _1"></span>就<span class="_ _1"></span>不</div><div class="t m0 x4 h4 y26 ff3 fs1 fc0 sc0 ls0 ws0">适<span class="ff1">用</span>了<span class="ff1">。并且这种方法在</span>区<span class="ff1">分<span class="_ _0"> </span><span class="ff2">Unix<span class="_ _0"> </span></span>和<span class="_ _b"> </span><span class="ff2">NT<span class="_ _b"> </span></span>时,是</span>十<span class="ff1">分有用的。   </span></div><div class="t m0 x4 h4 y27 ff1 fs1 fc0 sc0 ls0 ws0">(<span class="ff2">4</span>)<span class="_ _5"> </span><span class="ff2">IP<span class="_"> </span><span class="ff3">段</span></span>扫描<span class="_ _1"></span>:这<span class="_ _1"></span>种不<span class="_ _1"></span>能算<span class="_ _1"></span>是<span class="ff3">新<span class="_ _1"></span></span>方<span class="_ _1"></span>法,<span class="_ _1"></span><span class="ff3">只</span>是<span class="_ _1"></span><span class="ff3">其</span>它<span class="_ _1"></span>技术<span class="_ _1"></span>的<span class="ff3">变<span class="_ _1"></span>化<span class="_ _1"></span></span>。它<span class="_ _1"></span>并不<span class="_ _1"></span>是<span class="ff3">直<span class="_ _1"></span></span>接发<span class="_ _1"></span>送</div><div class="t m0 x4 h4 y28 ff2 fs1 fc0 sc0 ls0 ws0">TCP<span class="_"> </span><span class="ff1">探测数<span class="_ _1"></span>据<span class="_ _1"></span>包,<span class="_ _1"></span>是<span class="_ _1"></span>将数<span class="_ _1"></span>据<span class="_ _1"></span>包分<span class="_ _1"></span>成<span class="_ _1"></span><span class="ff3">两<span class="_ _1"></span></span>个<span class="ff3">较<span class="_ _1"></span>小<span class="_ _1"></span></span>的<span class="_ _2"> </span></span>IP<span class="_"> </span><span class="ff3">段<span class="_ _1"></span><span class="ff1">。这<span class="_ _1"></span></span>样<span class="_ _1"></span><span class="ff1">就将<span class="_ _1"></span>一<span class="_ _1"></span>个<span class="_ _2"> </span></span></span>TCP<span class="_ _b"> </span><span class="ff3">头<span class="_ _1"></span><span class="ff1">分成<span class="_ _1"></span>好<span class="_ _1"></span></span>几<span class="_ _1"></span><span class="ff1">个</span></span></div><div class="t m0 x4 h4 y29 ff1 fs1 fc0 sc0 ls0 ws0">数据<span class="_ _1"></span>包,<span class="_ _1"></span>从而<span class="_ _1"></span>过滤<span class="_ _1"></span>器就<span class="_ _1"></span>很<span class="_ _1"></span><span class="ff3">难</span>探<span class="_ _1"></span>测到<span class="_ _1"></span>。但<span class="_ _1"></span><span class="ff3">必须<span class="_ _1"></span>小心<span class="_ _1"></span></span>。一<span class="_ _1"></span>些<span class="ff3">程<span class="_ _1"></span>序</span>在<span class="_ _1"></span>处理<span class="_ _1"></span>这些<span class="_ _1"></span><span class="ff3">小<span class="_ _1"></span></span>数据<span class="_ _1"></span>包时<span class="_ _1"></span>会</div><div class="t m0 x4 h4 y2a ff1 fs1 fc0 sc0 ls0 ws0">有些<span class="ff3">麻烦</span>。   </div><div class="t m0 x4 h4 y2b ff1 fs1 fc0 sc0 ls0 ws0">(<span class="ff2">5</span>)<span class="_ _5"> </span><span class="ff2">TCP <span class="ff3">反</span></span>向 <span class="_ _1"></span><span class="ff2">ident<span class="_"> </span></span>扫描:<span class="ff2">ident <span class="ff3">协<span class="_ _1"></span>议</span></span>允许<span class="_ _1"></span><span class="ff2">(rfc1413)<span class="ff3">看</span></span>到通<span class="_ _1"></span>过<span class="_ _0"> </span><span class="ff2">TCP<span class="_ _b"> </span></span>连接<span class="_ _1"></span>的任何<span class="_ _1"></span>进<span class="ff3">程<span class="_ _1"></span></span>的</div><div class="t m0 x4 h4 y2c ff3 fs1 fc0 sc0 ls0 ws0">拥<span class="ff1">有<span class="_ _1"></span></span>者<span class="ff1">的<span class="_ _1"></span>用户<span class="_ _1"></span></span>名<span class="ff1">,<span class="_ _1"></span>即使<span class="_ _1"></span>这个<span class="_ _1"></span>连接<span class="_ _1"></span>不是<span class="_ _1"></span></span>由<span class="_ _1"></span><span class="ff1">这个<span class="_ _1"></span>进</span>程<span class="_ _1"></span><span class="ff1">开</span>始<span class="_ _1"></span><span class="ff1">的。<span class="_ _1"></span></span>因此<span class="_ _1"></span><span class="ff1">你能<span class="_ _1"></span>,</span>举<span class="_ _1"></span><span class="ff1">个<span class="_ _1"></span></span>例子<span class="_ _1"></span><span class="ff1">,连<span class="_ _1"></span>接</span></div></div></div><div class="pi" data-data='{"ctm":[1.611850,0.000000,0.000000,1.611850,0.000000,0.000000]}'></div></div>
</body>
</html>
实验六 端口扫描攻击检测.rar
- Jery_f了解作者
- C/C++开发工具
- 20KB文件大小
- rar文件格式
- 0收藏次数
- 10 积分下载积分
- 0下载次数
- 2019-05-07 12:44上传日期
基于Snort入侵检测工具实现端口扫描检测试验
实验六 端口扫描攻击检测.rar
- 实验六 端口扫描攻击检测.docx23.4KB
内容介绍
评论
相关推荐
- Snort-tool-for-Intrusion-Detection.rar通过介绍常用的入侵检测工具snort的配置,基本应用和规则编写,实现简易的入侵检测功能,便于理解入侵检测的基本原理
- snortC.rarsnort源码分析snort源码分snort源码snort源码分析分析析snort源码分析
- snort--source-code-analysis.rarsnort入签检测源代码分析,很有用的一份文档,希望大家都能看一看
- Terrier:基于神经网络的端口扫描检测器我们的项目旨在识别和响应针对一个或多个系统的一个或多个系统的端口扫描。 该项目实施了一个神经网络,旨在捕获较慢的被动扫描、快速主动扫描、针对多个系统的水平扫描以及针对使用潜在欺骗地址的单个系统的垂直...
- 百度翻译源码java-Awesome-Security:真棒-安全nmap(端口扫描器)、Wireshark(数据包分析器)、John the Ripper(密码破解程序)和 Aircrack-ng(用于渗透测试无线 LAN 的软件套件) . - Linux 数据包制作工具。 - Scapy:基于 python 的交互式数据包操作程序和...
- snort 1.7源码- 探测缓冲溢出、秘密端口扫描、CGI攻击、SMB探测、操作系统侵入尝试 - 对系统日志、指定文件、Unix socket或通过Samba的WinPopus 进行实时报警 Snort有三种主要模式:信息包嗅探器、信息包记录器或成熟的...
- 百度翻译源码java-Security:安全nmap(端口扫描器)、Wireshark(数据包分析器)、John the Ripper(密码破解程序)和 Aircrack-ng(用于渗透测试无线 LAN 的软件套件) . - Linux 数据包制作工具。 - Scapy:基于 python 的交互式数据包操作程序和...
- 百度翻译源码java-awesome-security:真棒安全nmap(端口扫描器)、Wireshark(数据包分析器)、John the Ripper(密码破解程序)和 Aircrack-ng(用于渗透测试无线 LAN 的软件套件) . - Linux 数据包制作工具。 - Scapy:基于 python 的交互式数据包操作程序和...
- 百度翻译源码java-awesome_security:真棒_安全nmap(端口扫描器)、Wireshark(数据包分析器)、John the Ripper(密码破解程序)和 Aircrack-ng(用于渗透测试无线 LAN 的软件套件) . - Linux 数据包制作工具。 - Scapy:基于 python 的交互式数据包操作程序和...
- SIM800C_MQTT.rar使用SIM800C模块,使用MQTT协议,连接中国移动onenet平台,能实现数据的订阅、发布、存储等
最新资源
- 1对matlab有详细讲解,知识点全面,特别是例程特别多。相信大家都知道学这个主要就是看程序,别的都是浮云
- 2点点云数据重建matlab云数据重建matlab
- 3泊松表面重建源码,可实现有向点云的表面重建,执行效率高、重建结果准
- 4此代码利用MATLAB编程实现三维点云的重建。
- 5本模型里包含几个三维模型重建的模型,对这方面感兴趣的可借鉴学习(
- 6三维点云曲率计算,计算网格的高斯曲率、平均曲率及主曲率
- 7利用ICP算法实现点云拼接,该代码我已检验过,可以运行,只要输入相应的数据即可
- 8几种经典ICP算法的MATLAB工具包,包括最原始的Besel方法,chen改进的ICP算法
- 9一篇15年文章的复原,先用kmeans均匀分块,然后高斯映射,
- 10这是用matlab编写的一款用于实现点云的网格化连接的源码,可以实现物体三维框架的搭建,效果很不错。