Headache company LAN drop, our company s recent LAN old droppage??

There are only 100 machines, and it is not very difficult to troubleshoot the problem. Judging from what you said about the drop, I don't think it's the ARP virus, because you've already taken measures to deal with ARP.

Moreover, many other viruses can also cause disconnection, so it is recommended to notify all users to check for viruses. Or when you are about to leave work, you can use the method of shutting down the desktop switches one by one to troubleshoot the problematic computers.

All computers are equipped with 360 security and ARP is turned on.

Network instability, frequent disconnections and various intranet problems can be solved as follows:

1.Test the reason for the external line Test method: connect a single computer to test whether the line is stable.

2.Network bandwidth is maliciously preempted Generally, if the bandwidth is not occupied, it will only feel that the network speed is very slow and will not be dropped, although it is unlikely, but it is not ruled out.

2.You said that it would be good to restart the router, but it won't work for a while, and it's obvious that there is an attack that causes the router to crash or block.

4.In fact, 80% of cyber attacks come from intranets, and extranet attacks are not uncommon, but they are very unlikely.

Solutions to Intranet Attacks and Bandwidth Preemption:

1. On the computer you can't access, take a look at arp -a to see if the MAC and IP address obtained are the same as the gateway MAC and IP, and whether it contains an IP address of 255 or an address with a MAC address of 00 FF.

2. If the above phenomenon occurs, you should check the corresponding MAC or IP machine, or find out the initiation by grabbing packets.

IP address of the ARP attack

3. Find the source of the attack through some ARP inspection tools, and update the virus database first after finding out, if the antivirus fails, you can only redo the system (the machine that sends ARP may not be able to access the network).

The main reason for the above-mentioned intranet attacks is due to the existence of protocol vulnerabilities and poor management at the bottom of the Ethernet network, and it is certainly not possible to solve this problem by hardware alone I heard that the use of the patrol immune network solution to upgrade the existing ordinary network to the "immune network" can fundamentally solve this problem, it is recommended that you search the Internet for devices that can manage intranet terminals...

If it is a total drop or a drop in a period of time, it is recommended to change the route under the total drop restart, because the current route can no longer fully support the current number of computers.

You first check which section is old and dropped, get a minimum range, and check the switch.

Put an ARP firewall on every computer and see whose data isn't working.

Solution. 1. Arp -a on the computer you can't get on, and see if the MAC and IP obtained are the same as the gateway MAC and IP!

2. If it is inconsistent, check whether there is a MAC-IP routing device in the network, or find out the IP address that launched the ARP attack by capturing packets

3. Find the source of the attack through some ARP inspection tools, and redo the system after finding it (the machine that sends ARP may not be able to access the network).

ARP attacks are launched from the data link layer, and ARP firewall and 360 are all application-layer software, which cannot be prevented. In addition, ARP and other network attacks have always existed, and network attacks are sometimes not deliberately sabotage, because the Ethernet protocol has inherent vulnerabilities and difficult-to-manage defects, resulting in various intranet problems. In order to completely solve intranet attacks, the only way to prevent and control the network card of each terminal is to prevent ARP attacks from being issued.

Our company's previous network also had this problem, and later used the Xinxiang immune security gateway to upgrade the ordinary network to the immune network, from the bottom of the network, each terminal for prevention and control monitoring, not only to prevent the local from being attacked, but also to intercept the external network attack of the machine, strengthen the network basic security, can completely and effectively solve the problem of intranet attack, the problem is solved.

It's still a virus problem, if you want to completely solve the problem, you have to kill the virus, you must first find the source of the virus, and if you have the conditions, it is best to disconnect the network to kill the virus.

The first one is a little more professional. 100 computers, a large number, you need to find professional software to monitor. There are many reasons for the virus to occur other than what you call intermittent disconnection.

The most common ones I know are network congestion, networking mode (star, parallel, serial, the number of units, the star is the best), the server is not good, the router bandwidth limit, data distortion (including route distortion, line long distortion, interface distortion, external electrical signal interference distortion) and so on.

It is also a headache to encounter ARP virus attacks, which often occur in enterprise networks, and it is difficult to find out. The indicator does not cure the root cause, and now it will appear again in the later stage, repeatedly, which is also a headache for many network administrators.

We can't check the ARP virus attack, and the antivirus software can't kill it, so we can find out the computer with the virus and isolate it to block the virus attack. A virus attack like this is an intranet attack. These attacks all come from the network card of the PC in the intranet, and are intercepted on the network card, so as to ensure that the intranet attack cannot get out of the network card, so as to ensure the stability of the intranet.

It turns out that our company's network situation is the same as yours, and the network speed is also very stuck when the connection is not dropped. I did the following checkup:

1. Check whether the network equipment and network cable are damaged, and eliminate the hardware equipment failure.

2. Check whether there are often a large number of people on the intranet or use attack software such as P2P terminators. Through observation and visits, it was found that it was not caused by this reason, the company's colleagues knew very little about computer technology, and the company had clear regulations that it was not allowed to look at **and** things during working hours.

3. Check whether there are network viruses and network attacks on the intranet. Sniffer packet capture is used to analyze network traffic and find that the intranet is flooded with a large amount of abnormal data, and there are ARP attacks and DDoS attacks. At this point, it can be determined that the network problem is caused by an intranet attack.

Later, it was solved using an immune security gateway. In the monitoring interface of the immune wall, I saw that many network attacks were blocked, and now the network is very stable, and there has been no disconnection. The landlord can try it.

If someone on the intranet system is poisoned and a virus attack occurs, if the computer system is poisoned, there will be a lot of unfamiliar IP and MAC addresses on the router. Currently, there are ...... ARP attacks, skulls, DDoS, and oversized ping packets in the intranetA series of intranet attacks can cause intranet disconnection, and even attacks like ARP are difficult to detect, and antivirus software can't solve them, and they can't be **. This is also the main reason why the intranet disconnection cannot be solved after the system is reinstalled.

These virus attacks stream strings in Layer 2 and directly pass through the switches to reach the destination IP address. Network devices such as firewalls and UTMs cannot be managed to the second layer, and such intranet attacks cannot be solved.

These intranet attacks come from the following network cards, and we only need to block them on the network cards to ensure the stability of the intranet. Network problems have to be solved by the network.

Ethernet has protocol vulnerabilities and is not good at management, which is the technical root cause of frequent network problems. Immunity wall technology is aimed at and solves this problem. Intercept and control directly on the NIC.

Its main features: the technical scope of the immune wall should be extended to the end of the network, to the lowest level of the protocol, to the entrance and exit of the external network, and to the most complete picture of the intranet, which is to hope to fully resist the network virus through the network itself, and at the same time improve the management of the business, so that the network can be controlled, managed, prevented, and considerable.