With the development of network technology, there are more and more attacks in the network. ICMP is a simple nonconnected network layer protocol; many people who have a bad purpose often implement different kind of attacks using the insufficiency of the ICMP. The thesis studies the principle of ICMP, analyses kinds of attacks, points out that there is a main insufficiency inside the ICMP datagram —— easy to forge. The thesis has designed a blue print that can improve the authenticity and integrality of ICMP —— ICMP Security Tail (ICMP ST for short) Project. ICMP Security Tail is a data structure that inserted in the tail of the ICMP datagram, composed of Tag Field, Length Field, Sequence Field, Communication Key Field, and Error-Correcting Code Field. Each ICMP ST maps a Security Tail Association (STA for short) which arranged by the communicators beforehand. This two structures and a series of relative operators compose the ICMP ST Security Project, provides the Identity Authentication and Forward Error Correction. The project not only supports all kinds of ICMP datagram, but also will never influence the running of any network equipment, and can be well compatible with other equipments and protocols. If they want, any network equipment can implements the project to provides the Identity Authentication and Forward Error Correction by updating their ICMP controlling software.
[ 本帖最后由 linx00 于 2008-6-1 14:29 编辑 ] |
|