论文总字数：26890字

摘 要

安全事件和影响网络、系统以及信息的攻击频繁地出现在。由互联网创始至今，随着其在全世界的使用以及用户数量的激增，网络攻击事件的频率每年都在不断的增长。据估计，RED代码病毒影响了成千上万的主机，并且一时间内网络通信的崩溃也造成了巨大的经济损失。这些病毒通过拒绝服务攻击，使黑客完全地通过他人的系统进行进一步的攻击。由于在微软的Internet信息服务(Internet Information Service, IIS)中的漏洞暴露之后，只有在攻击发生之后才能开发出可用的补丁进行漏洞防护。那么这些病毒攻击所造成的大部分影响就可以避免。近来，在Apache Web服务器上出现了新型网络攻击，通过对缓冲区进行溢出攻击，影响运行在万维网上的网络服务器。管理员无法在漏洞出的瞬间为他们的系统打一次补丁需，也不能预知他们能在下一次大量的红色代码攻击到来之前打好补丁。这也就意味着整个互联网安全需要各个运营商、技术操作人员对系统进行及时的更新以及漏洞的查补。

关键词：网络安全；CISCO；IKE；IPSEC；主模式；隧道模式；蠕虫病毒；防火墙

Research and Design of IKE AGGRESSIVE Mode Based on IPSEC

Abstract

Security incidents and vulnerabilities affecting networks, systems, and information are described frequently in technical journals and the popular press. Since the Morris worm incident in 1988, the number of incidents has more than doubled each year, growing in number as the Internet expands. These incidents include scans of entire networks for the purpose of identifying the network devices and services that are present on the network, directed attacks against vulnerabilities known to exist in these systems and services, and denial of service attacks designed to exhaust bandwidth, CPU, or other resources. The past year saw a number of serious worm attacks, including the well-publicized Code Red and Nimda worms. These worms caused denial of service and also gave the attacker complete control of the victim systems. As it turns out, the vulnerability in Microsoft"s Internet Information Service (IIS) was known, and a patch was available at the time of the attacks. Much of the impact of these worms could have been avoided had the vulnerable systems been patched in a timely fashion. More recently, a buffer overflow vulnerability was identified in Apache web servers, affecting nearly 50% of all web servers currently running on the Internet. How long will it take administrators to patch their systems? Will they do so before there is another attack of the magnitude of Code Red? The challenge to contain this trend, and even to reverse it, rests on both the technology vendors and the professionals who are designing, building, and maintaining today"s sophisticated networks. Vendors must improve the quality of their products, and professionals responsible for systems and networks must consider security an important and integral component of their network infrastructures.

目 录

摘 要···············································································Ⅰ

Abstract···············································································Ⅱ

第一章 引 言·········································································1

1.1 网络背景·········································································1

1.2 实现方式··········································································1

第二章 IPSec··········································································2

2.1 IPSec介绍········································································2

2.2 IPSec组成········································································2

2.3 IPSEC加密和完整性校验机制························································3

2.3.1 加密·········································································3

2.3.2完整性校验····································································4

2.4 IPSec中分组的封装································································5

2.4.1传输模式·······································································5

2.4.2 隧道模式······································································5

2.4.3 ESP···········································································6

2.4.4 AH············································································6

第三章 IKE············································································7

3.1 IKE介绍···········································································7

3.2 IKE的两个阶段·····································································7

3.2.1 阶段1··········································································8

3.2.2 阶段2········································································· 8

3.3 IKE的两个模式·····································································8

3.3.1 主模式（或主动模式）··························································· 8

3.3.2 快速模式·······································································8

第四章 使用IKE协议的IPsec协商·······················································9

4.1预共享密钥的主模式接快速模式·······················································9

4.1.1 消息1、2········································································9 4.1.2 消息3、4·······································································10

4.1.3 消息5、6·······································································11

4.1.4阶段2消息1、2·································································11

4.1.5消息3·········································································11

4.2 数字签名认证的主模式·····························································11

4.2.1 消息5、6······································································11

4.3 预共享密钥的主模式·······························································12

4.3.1消息1、2·······································································12

4.3.2消息3、4······································································13

4.3.3消息5、6······································································13

第五章 加密原理······································································14

5.1 加密过程········································································14

5.1.1协商发起·······································································14

5.1.2协商响应·······································································15

5.1.3发起端DEBUG···································································15

第六章 结束语········································································20

致 谢··············································································21

参考文献（References）··································································22

附 录··············································································23

剩余内容已隐藏，请支付后下载全文，论文总字数：26890字