【作者】 周曦；

【导师】 侯整风； 王庆元；

【作者基本信息】 合肥工业大学 ， 计算机技术， 2010， 硕士

【摘要】 随着Internet的迅速发展,网络安全问题引起了人们的高度关注,防火墙技术成为目前应用最为广泛的一种网络安全技术。传统防火墙对每个流经的数据包进行规则检查,效率较低。基于状态检测技术的防火墙只在建立时进行规则检测,后续的连接只进行状态检测,从而大大提高了防火墙系统的工作效率。本文介绍了防火墙技术的发展历史及研究现状,阐述了三种典型的防火墙技术,探讨了Windows环境下的数据包截获技术。在此基础上,设计并实现了一个基于状态检测的个人防火墙系统。该防火墙系统具有如下特点：1.通过上层协议(TCP、UDP、ICMP)的动态连接,以关联的IP数据流的观点来处理数据包,若IP包属于某个已建立的连接,则直接“越过”协议栈中的规则检测,从而提高了系统效率。2.采用NDIS (Network Driver Interface Specification)中间层驱动程序技术来截获进出主机的数据包,截获效果好,从而有效的保护了主机系统。3.实现防御SYN攻击的机制。动态调控TCP的连接时间,当状态表的记录数达到上限时,删除状态表中的半连接记录,从而避免遭受SYN攻击。4.以源地址、目的地址、源端口、目的端口作为UDP包的状态信息,从而实现了对无连接的UDP包进行状态检测。最后,对设计的防火墙系统进行了测试,测试内容包括：协议过滤测试、端口扫描测试、功能测试和传输速度测试。测试结果表明,该防火墙系统比传统的包过滤防火墙在安全性和效率上有着明显的优势。更多还原

【Abstract】 With the development of Internet, information security problem is paid more and more attention,the firewall technology becomes the most popular network security technology at the present time. The traditional firewalls have to implement the rule inspection for every passing packet, which strongly influences their efficiency. While the Stateful Inspection Firewall enjoys high efficiency because the firewall based on the state inspection technology only implements the rule inspection at the beginning of the connection construction, and carries on the state inspection in the following connection.This thesis introduces the history and the present situation of the firewall technology, expounds three typical firewall technologies, discusses packet capture technology in the Windows environment, and finally designs and implements a PC firewall system based on the state inspection.This firewall system has the following characters:1.Process packets according to the dynamic connection of higher layer protocol(TCP、UDP、ICMP) and the viewpoints of the related IP data flow so that to improve the efficiency. If the IP packet belongs to the connection that has been set up, it can directly surmount the rule inspection in the protocol stack.2.Adopt the technology of NDIS intermediate driver to capture the packets going into and out from the host and the capturing result is so good that the host system is effectively protected.3.Realize a mechanism to defend the SYN attack. This mechanism can dynamically control the connecting time of TCP. When the items in the state table reach the maximum limit, half-connection items is deleted to avoid the SYN attack.4.Take source address, destination address, source port, and destination port as the state information of UDP packet so that to realize the state inspection toward the connectionless UDP packet.Finally, test this PC Stateful Inspection Firewall system,which includes protocol filter testing, port scan testing, function testing, and transmission rate testing, and the results show that this PC Stateful Inspection Firewall enjoys more distinct advantages than the traditional packet filter firewall in efficiency and security.更多还原