Research And Application Of ARP Virus Protection Based On Log Files

Along with the network development and Popularization, network openness,sharing and interconnection are expanding。Because network interconnection generally uses TCP/IP agreement and TCP/IP is an industry standard agreement bunch, at the beginning of this agreement bunch of making, there is not much consideration to the secure questions, so the agreement has many security loopholes, As one of the TCP/IP members, arp also has many security loopholes。The Address Resolution Protocol uses in the computer network IP address transforming as the physical MAC address. The ARP virus is one kind of address deceit virus, the ARP virus realizes the AR_P deceit through the forge IP address and the MAC address, carries on the AR_P heavy direction detection and smells searches the attack, transmits the ARP response package with the forge source MAC address, in the net the PC machine ARP buffer table is chaotic, in the network has the massive ARP communication load to cause network blocking. The ARP attack appears repeatedly in the nowadays network, the effective guard ARP form network attack has become guarantees the network unimpeded essential condition。This paper analyzes the principle of the ARP and the principle of ARP-cheat attacks firstly; and proposes one of measure of against the ARP virus attack, a kind of model will be based on the syslog format in this thesis. It is sure that the method of collecting Switch's log information should select the syslog format because the application of syslog protocol has universality and flexibility. After the case about syslog is analyzed. A way that collecting logs devices should be built on a syslog server is put forward.the server has three centers. The center can collect original logs by a syslog server, The second can monitor and save logs by log text file, and the final can get the useful information by MySQL database.Finally, in the course of discussing how to get logs on H3C Switch, all thethings are solved through syslog-ng log server above. Then, those results are displayed on web.This thesis introduces how to configure PHP's running environment and how to set up and configure the software of syslog-ng which is used to record log files. At last, some functional source codes will be presented and those are developed newly.