論文使用權限 Thesis access permission:校內外都一年後公開 withheld
開放時間 Available:
校內 Campus: 已公開 available
校外 Off-campus: 已公開 available
博碩士論文 etd-0705105-121106 詳細資訊
Title page for etd-0705105-121106
論文名稱 Title |
建構於鏈結層網路介面驅動程式上之封包過濾器的設計與實作 The Design and Implementation of Packet Filter over Link Layer NIC Driver |
||
系所名稱 Department |
|||
畢業學年期 Year, semester |
語文別 Language |
||
學位類別 Degree |
頁數 Number of pages |
73 |
|
研究生 Author |
|||
指導教授 Advisor |
|||
召集委員 Convenor |
|||
口試委員 Advisory Committee |
|||
口試日期 Date of Exam |
2005-07-01 |
繳交日期 Date of Submission |
2005-07-05 |
關鍵字 Keywords |
防火牆、封包、驅動程式、穿隧、鏈結層 Linux, PPTP, VPN, Packet filter, Firewall, Tunneling, FreeBSD, Ethernet device driver |
||
統計 Statistics |
本論文已被瀏覽 5751 次,被下載 7948 次 The thesis/dissertation has been browsed 5751 times, has been downloaded 7948 times. |
中文摘要 |
在現今網際網路日益發達的時代,如何有效管理並且組織有效率的網路是非常重要的議題,VPN技術因此而誕生。透過VPN,可以有效的組織管理分散各地的區域網路,但是其所使用的穿隧技術,卻有著隱藏的安全性問題,若搭配更改Port Number等方式就有隱藏的危機出現。 本篇論文主要針對一些主要的VPN技術做基本的概念分析,並且介紹如何修改使它具有穿越防火牆的能力,造成網管人員或防火牆不易控管。另外,本篇論文並在後面提出解決方法,使其有效率的解決VPN安全性的問題。 最主要造成安全性的問題在於盜用其他通訊協定的Port Number,本篇論文之解決方法在於徹底解決不當更改Port Number的問題,使駭客無法利用如一般防火牆未阻擋的HTTP Port 80的方式進行不當連線。 我們的解決方法是製作一個基於網路裝置驅動程式的封包過濾器,利用IETF定義好的RFC規範建立封包檢查機制,將不合法的封包阻擋起來,以確保網路的安全。 |
Abstract |
In this age, the internet has becoming more and more popular recently. How to manage and organize the network effectively is a very important issue.Therefore, the technology of VPN was born. Through the VPN, we can manage and organize the local netork which spread everywhere effectively.But the tunneling technology which VPN used has a security problem. If we also change the VPN’s port number, it will have a big dangerous security problem. In this paper, we will analyze some basic technology of VPN, and introduce how to modify the VPN. Let VPN have ability to pass through the firewall. This problem will make the people who managed whole network or firewall hard to control and manage it. Another, this paper will bring up the solution which can solve the security problem effectively. The key of network security problem is to use another protocol’s port number. The solution in this paper will through solve this problem, so hacks can’t modify the TCP port number such as HTTP Port 80 at will. Our solution is to implement a packet filter which is based on ethernet device driver.We use the RFC document which are defined by IETF to make the packet check rule. This packet filter can reject the illegal packet and make sure the network is safe. |
目次 Table of Contents |
第1章 導論 1.1 研究動機 1.2 解決方案 1.3 論文架構 第2章 相關研究 2.1 VPN 2.2 L2TP 2.3 IPSEC 2.4 PPTP 2.4.1 何謂PPTP 2.4.2 PPTP的安裝 2.4.2.1 PPTP Server 2.4.2.2 PPTP Client 2.5 ETHERNET DEVICE DRIVER 2.5.1 Ethernet Device Driver on Linux 2.5.2 Ethernet Device Driver on FreeBSD 第3章 想法與實作 3.1 MODIFY THE PPTP 3.1.1 Modify TCP Port Number 3.1.2 Modify IP Protocol Number 3.2 PPTP WITH NAT 3.3 PACKET FILTER ON LINUX 3.3.1 PPTP Packet Filter 3.3.2 FTP Packet Filter 3.3.3 HTTP Packet Filter 3.3.4 Telnet Packet Filter 3.3.5 User Configuration 3.4 PACKET FILTER ON FREEBSD 3.4.1 Sniff Packets in Device Driver 3.4.2 User Configuration 3.5 遇到的瓶頸與解決方法 3.6 PACKER FILTER的配置 第4章 效能評估 4.1 實驗環境 4.2 測試項目 4.3 測試結果 4.3.1 FTP Proformance 4.3.2 HTTP Performance 4.3.3 CPU Loading Evaluation 第5章 結論與未來研究方向 5.1 結論 5.2 下一代的VPN-MPLS VPN 5.3 未來研究方向 APPENDIX A PPTP CLIENT SETUP ON WINDOWS XP APPENDIX B FTP PERFORMANCE EVALUATION DATA REFERENCE |
參考文獻 References |
[1] A. Rubini, and J. Corbet, “Linux Device Drivers, second edition”, O’REILLY, June 2001. [2] C. Perkins, “IP Encapsulation within IP”, RFC 2003, October 1996. [3] C. Scott, P. Wolfe, and M. Erwin, “Virtual Private Networks, second edition”, O’REILLY, December 1998. [4] D. P. Bovet, M. Cesati, “Understanding the Linux Kernel, second edition”, O’REILLY, December 2002. [5] E. Rosen, Y. Rekhter, and Cisco Systems, Inc. ” BGP/MPLS VPNs”, RFC 2547, March 1999. [6] J. Postel, and J. Reynolds, “FILE TRANSFER PROTOCOL(FTP)”, RFC 959, October 1985. [7] J. Postel, and J. Reynolds, “TELNET PROTOCOL SPECIFICATION”, RFC 854, May 1983. [8] K. Hamzeh et al., “Point-to-Point Tunneling Protocol(PPTP)”, RFC 2637, July 1999. [9] K. Muthukrishnan et al., “A Core MPLS IP VPN Architecture”, RFC 2917, September 2000. [10] M. K. McKusick, and G. V. Neville-Neil, “The Design and Implementation of the FreeBSD Operating System”, Addison-Wesley, July 2004. [11] S. Hanks et al., “Generic Routing Encapsulation(GRE)”, RFC 1701, October 1994. [12] S. Hanks et al., “Generic Routing Encapsulation over IPv4 networks”, RFC 1702, October 1994. [13] T. Berners-Lee et al., “Hypertext Transfer Protocol – HTTP/1.0”, RFC 1945, May 1996. [14] T. Berners-Lee et al., “Hypertext Transfer Protocol – HTTP/1.1”, RFC 2068, January 1997. [15] W.Richard Stevens, “TCP/IP Illustrated, Volume 1:The Protocols”, Addison-Wesley, October 2002. [16] W.Richard Stevens, “TCP/IP Illustrated, Volume 2:The Implementation”, Addison-Wesley, September 2002. [17] W. Simpson et al., “The Point-to-Point Protocol(PPP)”, RFC 1661, July 1994. [18] W. Townsley et al., “Layer Two Tunneling Protocol(L2TP)”, RFC 2661, August 1999. [19] “netfilter/iptables project homepage”, http://www.netfilter.org/. [20] “Network General – Application and Network Performance Analysis Solutions”, http://www.networkgeneral.com/. [21] “Poptop-The PPTP Server for Linux”, http://www.poptop.org/. [22] “PPTP Client”, http://pptpclient.sourceforge.net/. |
電子全文 Fulltext |
本電子全文僅授權使用者為學術研究之目的,進行個人非營利性質之檢索、閱讀、列印。請遵守中華民國著作權法之相關規定,切勿任意重製、散佈、改作、轉貼、播送,以免觸法。 |
紙本論文 Printed copies |
紙本論文的公開資訊在102學年度以後相對較為完整。如果需要查詢101學年度以前的紙本論文公開資訊,請聯繫圖資處紙本論文服務櫃台。如有不便之處敬請見諒。 開放時間 available 已公開 available |
QR Code |
國立中山大學 圖書與資訊處 │ 諮詢服務:2452 論文審查小組 │ 服務信箱 │ 系統開發維運:圖資處知識創新組
Office of Library and Information Services, National Sun Yat-sen University │ Contact Us : 2452 Thesis Format Review Team , Mail │ Development and operations : Knowledge Innovation Division, LIS