【作者】 韩冬；

【导师】 田盛丰；

【作者基本信息】 北京交通大学 ， 计算机应用技术， 2008， 硕士

【摘要】 随着网络技术的飞速发展,网络安全越来越受到重视。通过研究漏洞扫描,我们能够尽早地发现网络或系统中存在的安全漏洞,并及时采取适当的措施进行修补,从而有效地阻止入侵事件的发生。网络拓扑发现在故障检测和网络升级方面具有重要的意义。漏洞扫描和网络拓扑发现是入侵检测报警管理与入侵响应系统的一部分。一方面,本文在研究漏洞扫描的基础上,深入分析了网络漏洞扫描器Nessus。主要内容如下:1.分析了漏洞扫描的原理,介绍了CVE(Common Vulnerabilities andExposures)标准。2.介绍了Nessus的体系结构和基于插件技术的扫描策略,包括Nessus的安装和配置。3.研究了Nessus漏洞扫描脚本语言NASL,Nessus插件的基本结构和开发流程,并给出了一个NASL脚本的例子。4.对Nessus的.nsr格式的扫描报告进行信息检索与提取,将漏洞和操作系统信息自动写入数据库中。另一方面,本文讨论了几种常用的网络拓扑结构搜索方法,详细分析了简单网络管理协议(SNMP)的体系结构:管理信息结构(SMI),管理信息库(MIB)和SNMP协议。接着本文提出了基于SNMP和ICMP的两级拓扑发现算法。一级拓扑主要发现路由器和与之直接相连的子网;二级拓扑主要是搜索子网内的活动主机。另外,一级拓扑发现主要采用WinSNMP API访问管理信息库(MIB)的方法来获取路由器的各种信息,而二级拓扑发现通过调用动态链接库ICMP.dll来实现ping操作。最后对网络拓扑结构图进行了动态绘制,并把拓扑信息存储到数据库中。更多还原

【Abstract】 The network security has been paid more attention with the rapid development of network technology. Through studying vulnerability scan, we can discover those security vulnerabilities within the network or systems as soon as possible, and adopt suitable measures to remedy them, so the intruding cases could be effectively prevented to happen. The network topology discovery has important meaning on fault detection and network upgrade. Vulnerability scan and network topology discovery are a part of Intrusion Detection Alert Management & Intrusion Response System.On one hand, the paper deeply analyzes a network vulnerability scanner called Nessus based on studying vulnerability scan. The main content is as follows:1. Analyzing the principle of vulnerability scan, and introducing the criteria of CVE.2. Introducing the architecture of Nessus and its scan strategy based on plugin technology, including the installation and setting of Nessus.3. Studying NASL which is the scripting language of Nessus vulrability scan, and the basic structure and developing flow of Nessus plugins. Besides, giving a NASL scripting for example.4. Searching and obtaining the content of Nessus scan report of .nsr format, then writing the information of vulnerabilities and operation systems into the database automatically.On the other hand, the paper discusses several commonly used methods for network topology structure discovery, and analyzes SNMP architecture in detail: SMI, MIB and SNMP. Then the paper proposes a topology discovery algorithm of two degrees based on SNMP and ICMP.In the first degree, the router and the subnets which are directly linked to the router are detected. In the second degree, the main task of topology discovery is to search the active hosts in every subnet. Besides, topology discovery in the first degree obtains all information of the router by using WinSNMP API to access MIB, and topology discovery in the second degree implements the operation of ping by invoking ICMP.dll. At last, the paper draws the map of network topology structure dynamicly, and saves the topology information into the database.更多还原