近期看到有关欺骗检测的一些文章,何为欺骗检测?isa判断欺骗检测的标准是什么?
请看下面资料:
The ISA Server network model incorporates spoof detection to decide whether source and destination IP addresses are valid. Every time a network adapter receives a packet, ISA Server checks whether the packet is spoofed. ISA Server checks packet validity against the properties of the network associated with the adapter, and the Microsoft Windows Server 2003 or Windows 2000 Server routing table. A packet is considered spoofed (and therefore dropped) if one of the following is true:
- The packet contains a source IP address that (according to the routing table) is not reachable through any network adapter associated with the network.
- The packet contains a source IP address that does not belong to the address range of a network (array network for Enterprise Edition) associated with a network adapter
从上面看出,isa检查的是收到包的源IP地址,然后根据收到此包的网络适配器和WRT进行判断,假如isa收到此包,然后会检查针对此网络有关的所有适配器,看看能否通过这些适配器到达目标网络,如果不能到达,那么就是欺骗检测。
2,isa会检查源ip地址,看看是否包含在此网卡所在网络包含的ip地址范围。
我们在配置网络的时候会通常遇到过此种网络拓扑:
我们在配置内部网络地址范围的时候会包含192.168.1.0,192.168.2.0,192.168.3.0
这样做的目的就是为了防止欺骗检测,假如在配置范围的时候没有包含192.168.2.0,那么isa内网卡在收到源地址为192.168.2.0的包时,就会检查内部网络看看又没有192.168.2.0,如果没有的话,那么就会判定为欺骗检测。
