DNS 重定向是基于 DNS 欺骗实现的一种数据流重定向技术。文中首先总结了几种不同形式的 DNS 欺骗技术,重点分析了现有 DNS 重定向技术的实现方式及其所存在的缺陷:一是会直接暴露监测主机的 IP 地址;二是不能同时监测多个域名。然后介绍了 NAT 和 DNAT 的技术原理,并基于 DNAT 技术给出了一种针对现有 DNS 重定向技术实现缺陷的改进方案。最后给出了改进方案在Linux 上的实现方法,对方案改进前后进行了对比,证明了改进方案的优越性。%DNS redirection is a network redirection technology based on DNS spoofing. Firstly, this paper summarizes several forms of DNS spoofing, analyzes the current implementation of DNS redirection, inclu-ding its disadvantages:one is that the current implementation would directly expose the IP address of moni-toring computer to the monitored computer, and another is that the current implementation could not moni-tor multiple domain names at the same time. Then, this paper describes the technical principles of NAT and DNAT,and based on DNAT technology,provides a modified scheme for DNS redirection. Finally, this paper proposes the implementation of this modifeid scheme on Linux system, and the superiority of this scheme is verified via comparison of between the original scheme and the proposed one.
展开▼