1. In this paper we present an illegal data packet filtering method called DHCP snooping based on firewall and MAC address authentication technology, which guarantees network security by filtering untrusty data packets with establishing and maintaining a DHCP snooping binding table.
本文在现有的一些防火墙技术和MAC地址认证的基础上,提出一种新的过滤非法数据包的方法——DHCP窥探,是一种通过建立和维护DHCP窥探绑定表,过滤不可信任的DHCP报文,从而保证网络安全的技术。
2. DHCP snooping captures all the DHCP messages received, normally transmits the trusty messages and discards the untrusty messages.
DHCP窥探处理模块对所有收到的DHCP数据报文进行过滤处理,丢弃不满足窥探安全规则的非法DHCP数据报文,正常转发合法的DHCP数据报文。
3. The network machines can distinguish untrusty interface connected to terminal host or firewall from trusty interface connected to DHCP server or other switcher, which works like a firewall between untrusty host and DHCP server.
DHCP窥探就像是非信任的主机和DHCP服务器之间的防火墙,客户端或者防火墙连接在非信任端口,DHCP服务器或者其他交换机连接在信任端口。
4. Currently most of the information systems in our country are built on foreign untrusty DBMSs, which makes us in danger in commercial competition and electronic warfare in such a complex international situation.
目前,国内绝大多数的信息系统都以国外的非可信的数据库产品作为基础,在目前复杂的国际形势下,这使我们在商业竞争、信息战争中处于严重不利的地位。
adj