Please use this identifier to cite or link to this item:
標題: 適用於3G網路之新IP spoofing封包過濾機制
A new mechanism of IP spoofing packet filtering for the 3G network
作者: 王信正 
Wang, Shin-Cheng 
關鍵字: GTP(GPRS Tunnelling Protocol);分散式阻斷服務攻擊(DDos);IP欺瞞(IP spoofing);直連通道(Direct Tunnel)
出版社: 資訊科學與工程學系所
引用: [1] 國家通訊傳播委員會, [2] “GPRS Tunnelling Protocol(GTP) across the Gn and Gp interface”, 3GPP TS 29.060 V7.15.0 , Dec. 2009. [3] “General Packet Radio Service (GPRS) Service description”, 3GPP TS 23.060 V8.5.1 , Jun. 2009. [4] 3GPP, [Online]. Available: [5] 黃通文,“3G/UMTS HSDPA技術研習講義”,中華電信訓練所,2005. [6] 賴正祥,“2G/3G GPRS網路GOA攻擊及防範之探討”,碩士論文 ,國立中興大學,Jun. 2007. [7] 鄭欣明,顏在賢,林風,塗冠驊,”UMTS HSDPA 關鍵技術與議題之探討”, 國立臺灣大學「臺大工程」學刊 90, pp.57-63, 2004. [8] “FDD Enhanced Uplink Overall description”,3GPP TS 25.309 V6.6.0 , Mar. 2006. [9] “Enhanced Uplink Overall description”,3GPP TS 25.319 V9.2.0 , Dec. 2009. [10] Bellovin,S.M., “Security Problems in the TCP/IP Protocol”, Computer Communication Review, Vol 19, No.2.32-48, Apr. 1989. [11] M. Tanase,”An Introduction to Distributed Denial of Service Attacks”, [12] D. Moore,G. M. Voelker and S. Savage,”Inferring Internet Denial-of-Service Activity”,USENIX Security Symposium, pp.9-22, 2001. [13] V. Paxson,”An Analysis of Using Reflectors for Distributed Denial-of-Service Attacks”, ACM SIGCOMM Computer Communication Review 31(3), pp.38-48,2001. [14] Nmap,“Port Scanning Techniques", [15] Nmap,“TCP Idle scan", [16] M. Crother, IP Address Spoofing and Hijacked Session Attacks,Bugtraq: CIAC Advisory F-08,Jan. 1995. [17] Dave Dittrich, “Demonstration: Session hijacking”, [18] J. P. McDermott, “Attack net penetration testing”, workshop on New security paradigms, 2001. [19] C. WEISSMAN,Penetration Testing,Handbook for the Computer Security Certification of Trusted Systems, Dec. 1985. [20] 吳宏毅,“一精確度可至單一主機單一 Port 之IP Spoofing 偵測法”,碩士論文 ,國立中央大學,Jul. 2007. [21] P. Ferguson and D. Senie, “Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing”, RFC 2827. [22] A. Yaar, A. Perrig, D. Song, "StackPi: New Packet Marking and Filtering Mechanisms for DDoS and IP Spoofing Defense", IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS, VOL. 24, NO. 10, OCTOBER 2006. [23] C. Jin, H. Wang, Kang G. Shin, “Hop-count Filtering: An Effective Defense Against Spoofed DDoS Attacks”, ACM Computer and Communications Security,Oct. 2003. [24] A. Bremler-Barr and H. Levy,”Spoofing Prevention Method”, IEEE INFOCOM 2005. 24th Annual Joint Conference of the IEEE Computer and Communications Societies, pp.536-547, Mar. 2005. [25] J. Li, J. Mirkovic, M. Wang, P. Reiher, L. Zhang, “SAVE: source address validity enforcement protocol”,INFOCOM 2002. Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies,pp. 1557-1566 , Jun. 2002. [26]“High Speed Packet Access (HSPA) evolution Frequency Division Duplex (FDD)”, 3GPP TR 25.999 V7.1.0 , Mar. 2008. [27] Lihong Zhang,“The Direct Tunnel Technology Deployment in 3G Network”, Nokia Siemens Networks, Beijing, China [28] Wireshark, [29] Microsoft Visual C# 2010 Express, [30] Sharppcap, [31] Packet.Net,
由於網路攻擊大多藉由IP spoofing 方法進行攻擊並以此掩護攻擊者的來源,使得被攻擊者無法明確找出攻擊者的真正來源而無法有效的防止攻擊,所以本論文利用GTP(GPRS Tunnelling Protocol)協定特性而設計一封包過濾機制,有效的防止3G行動裝置藉由IP spoofing方法進行之任何形式的網路攻擊,並可正確標示攻擊來源以提供網路管理者統計或採取必要之管控措施。

The launch of HSDPA and HSPA services in 3G network provides users more bandwidth for uplink and downlink.This allows more network applications to be achieved.The convenience of powerful smart phones makes mobile internet access more and more popular. However, for most mobile terminals,it is not easy and effective to foil virus or hack attacks.As a result,many mobile terminals will most likely to become Corpse computers.
IP spoofing has often been exploited to conceal the attack sources since one cannot clearly identify the true source of the attacker.So it is difficult to prevent attacks.In this thesis, we use the GTP (GPRS Tunnelling Protocol) protocol characteristics to design a packet filtering mechanism. It can effectively prevent the 3G mobile devices from any of network attack based on IP spoofing method. Furthermore it can identify the source of attacker correctly.
Appears in Collections:資訊科學與工程學系所

Show full item record

Google ScholarTM


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.