摘要
首先介绍了OSPF(OpenShortestPathFirst开放最短路径优先)路由协议及其数据包的头部结构,接下来介绍了与之相关的链路年龄、链路序号、链路校验等三个参数以及OSPF协议存在的脆弱性,分析了针对OSPF的三种外部攻击方法(即链路序号加一攻击,最大链路年龄攻击和最大链路序号攻击)和两类内部攻击方法.针对如何检测某一种特殊攻击的问题,介绍了公钥验证的思路.最后,提出了利用入侵检测系统来识别各种攻击的办法.
This paper first introduces OSPF(open shortest path first) routing protocol and header format of its data packet, then it describes three parameters: link age, link sequence number and link checkout sum, as well as OSPF routing protocol vulnerabilities. It also analyzes three OSPF attack methods from outside(i.e. link sequence number attack, oldest link age attack and biggest link sequence number attack) and two attack methods from inside. So as how to detect one special attack, it brings out the publick key method. At last, a method using the intrusion detection system to detect the OSPF routing protocol attacks is proposed.
出处
《武汉大学学报(工学版)》
CAS
CSCD
北大核心
2004年第3期98-101,共4页
Engineering Journal of Wuhan University
