-
The two-way binding method is used to solve and prevent ARP spoofing.
First, obtain the MAC address of the router's intranet (for example, the MAC address of the gateway address is 0022aa0022aa).
2) Write a batch file as follows: @echo offarp -darp -s 00-22-aa-00-22-aa, change the gateway IP address and MAC address in the file to your own gateway IP address and MAC address.
Drag this batch software into "Windows--Start--Program--Start".
3) If it is an Internet café, you can use the paid software server program (pubwin or Vientiane) to send batch files to the startup directory of all clients. The default boot directory for Windows 2000 is "C: Documents and SettingsAll Users Start Menu Program Startup".
4) Finally, after binding the IP and MAC address of the user's host on the router, the MAC address and IP address will correspond one by one, and the purpose of anti-ARP attack will be achieved. Then you can check it in the route, see that the IP is not normal, and then go to that machine.
ARP binding settings can prevent ARP attacks, because ARP viruses can pseudo IP for ** server (but MAC address is still local) For a more abstract example, the route is a building, the IP is the tenant, the MAC is the key, the ARP is the person who comes from outside, there are 10 people living in this building, each has their own key to open the door, and if you want to enter the building, you have to use the key, when the outside person comes to enter the building, but there is no key, so he knocks on the door (attack). So the double-tied mac is door-to-door. Door-to-door.
-
You can check whether the device is attacked by checking the CPCAR statistics of ARP packets.
display cpu-defend arp-request statistics all
display cpu-defend arp-reply statistics all
If the drop value is large and continues to increase rapidly, the device is attacked by ARP. In most cases, ARP-Request packets are used to attack the majority of attacks.
In most cases, ARP-Request packets are used to attack the majority of attacks.
In this case, you can adjust the CPCAR value of the packet to 128 Kbps, and consider the CPU utilization as a whole. If the CPCAR value is amplified, more packets can be sent to the CPU, which will definitely increase the burden on the CPU.
In the event of an attack, it is critical to identify the source of the attack. You can view the attack source by capturing packets or enabling the debug switch, and then configure a blacklist to block the attack source.
Debugging means: Turn on the debugging switch of arp, debugging arp packet, close after a period of time, if there is too much debugging information, you can turn it on for about 10 seconds and close it, up to 30 seconds.
Check whether the source MAC address sends too many ARP packets from the debug information or packet capture and whether the MAC address is a normal user. If not, you can configure a blacklist to filter that MAC address.
-
It depends on whether you want to find out if someone else is hitting you, or if the ARP virus in your computer is hitting someone else. You can start -run -cmd, and then type arp -a in the window that comes out to see if there are a lot of records (i.e., a lot of IPs), and if there are, then it proves that you have a good chance of getting the arp virus and launching an attack on the outside.
Or the next ARP firewall, just look at the analysis.
-
The Rising 2010 version has an anti-ARP attack function, and if you are attacked, there will be detailed records and hints.
-
There are many ways to look at the source of an ARP virus attack. I myself is manual + command search, precise positioning, who dares to attack, I immediately know which computer it is, I'm afraid to tell you here, you can't understand.
I will introduce you to a relatively simple software to find, there is no calculation, so I should help you.
First: Use a 360ARP firewall, which can find out who is attacking you when you are attacked. However, it is only suitable for protecting a single computer, and if it is not attacked, it is impossible to find other attacked computers. Unless you install it on every computer.
Second: Use the IP address for the whole network segmentMac to scan. This should be periodic, and in the event of a network conflict in the future, you can find the attacked computer by looking for the previous MAC address corresponding to the conflicting IP address.
Third: Use nbtstat
AIP address.
Command.. fileWhen you find that there is an IP conflict, first use this command, and then you can get the mac of that computer
details such as the name of the computer, so you can also know which computer it is.
There are too many ways. Not much to introduce... If you have a molecule, give me some, and if you don't, forget it.
The above method is enough for you to use in an Internet café.
I am responsible for thousands of outlets in the company. There was a conflict.
As long as it's a computer device, I'll catch him right away, and I can get his IP address back. Let him want to cry without tears. This method does operate on the client side. No need to go to the router and software settings. I did it under Microsoft.
This is easy to solve! Didn't you already know about attacking this IP address and MAC address? >>>More
The software is not good, why not negotiate directly with the landlord, please set it on the route, the landlord can't always look at his LAN attack, unless he deliberately makes it difficult for you Personally, I think it must be multiple people competing for network bandwidth Using some means, no one will have nothing to do with the sabotage, it is recommended that everyone discuss the speed limit for everyone** Try to watch less network TV Or inform the other party so as not to attack each other and cause inconvenience to yourself and others.
Is it still trustworthy to be deceived by it? Deception is divided into unintentional and intentional! 1. Some are for someone to deceive you! >>>More
ARP attacks are launched from the data link layer, and ARP firewall and 360 are all application-layer software, which cannot be prevented. In addition, ARP and other network attacks have always existed, and network attacks are sometimes not deliberately sabotage, because the Ethernet protocol has inherent vulnerabilities and difficult-to-manage defects, resulting in various intranet problems. In order to completely solve intranet attacks, the only way to prevent and control the network card of each terminal is to prevent ARP attacks from being issued. >>>More
IE7 bypasses the genuine verification method.
documents and settings all users application data windows genuine advantage data path! Don't quit the installation and keep this page! >>>More