What should I do if I am attacked by an ARP gateway spoofing attack with an IP MAC address .

This is easy to solve! Didn't you already know about attacking this IP address and MAC address?

1. Log in to the switch.

en#conf t

show ip int bri

If you are using the floor of the third floor, the switch is directly connected.

That's a lot easier show arp

Look at this dude sending data out of that port.

When you look at it, just look at its corresponding IP mac and port, such as F0 6

Then go on.

int f0/6

The second goods are disconnected, and the networks of other comrades are also restored!

After a while, you can ask everyone if the network is good.

Others must have said yes.

Only the second cargo network is still broken!

The rest goes without saying you know!

If you still have questions, please contact us directly or send us an email.

Professional network engineers are dedicated to serving you!

Hope to give a thank you!

ARP attacks are mainly broadcast by disguising themselves as DNS or gateways to publish false address information. You can use anti-speed limiting software to detect it first to see if the attack really comes from the gateway server, if it is a host on the intranet, it will cut off its network cable; If it's really a gateway server, then you need to check if there is a problem with the gateway.

This is caused by someone else using software to control your internet speed! Now these software are basically useless, 360 can automatically intercept them! The most pitiful thing is the router, a long-term attack, the router will be blocked, everyone should not have a good network speed!

This kind of person is caught and criticized!

It should be no problem, and 360 can completely solve such a problem.

Anti-P2P terminators don't recommend that it's best to bind an IP address to a MAC address.

ARP stands for Address Resolution Protocol, which enables you to know your physical address through your IP address. Hackers modify ARP data packets according to its principle, so that the physical address of other machines or fake physical addresses obtained through the IP is obtained, resulting in other machines intercepting data or data cannot be sent at all, which is ARP spoofing.

At present, most of the problems in dealing with ARP spoofing are that the gateway and the terminal bind the IP and MAC addresses in both directions, and then install the ARP firewall on the terminal, but this does not completely solve the ARP problem.

First, some ARP Trojans modify your MAC address before your ARP firewall is running, so that the IP MAC bound to the ARP firewall is incorrect. Make your ARP firewall a great one.

Second, it cannot prevent some people in the LAN from maliciously attacking other machines, or using some software to control other machines, such as P2P terminators, Jusheng network management and other software. The LAN is flooded with a large number of ARP packets, resulting in network latency, packet loss and other problems.

At present, the most complete solution to the ARP problem on the market is the Xinxiang Immune Wall Router, which has a unique immune network solution that can completely solve the ARP attack problem. Xinxiang's immune wall router has the function of innate immunity, which fuses the NAT table and the ARP table through the modification of the protocol, and directly queries the NAT table when there is an ARP request, making the deception against the gateway ARP table completely ineffective. The terminal is equipped with an immune network card driver, which can directly read the MAC address burned on the network card to ensure that it is correct.

Filter malicious ARP packets as well as other common flood attacks to keep your network open.

Rely on 360....Open the 360 Trojan Firewall, the bottom eighth item ARP Firewall Open it OK and then click Advanced Tools Network Repair to fix it OK .

Internet. It's that simple.

In this case, it is not your computer that initiates the attack, but someone else uses a tool to forge the default network administrator to initiate the network management spoofing. You can try to use a firewall, don't use the domestic Kingsoft ARP and 360ARP, it is recommended to use outpost, the blocking effect is very good.

When you are attacked by ARP, you can manually clean up ARP

Open a command prompt and type arp -d

Most of the times will be fine.

No, IP and MAC bonding can only be said to be able to protect against ordinary ARP attacks, and dual bonding is required, that is, IP MAC bonding is carried out on the router, and the client (computer) also needs to be bound, which can effectively prevent ordinary ARP attacks.

If you bind after being attacked, the general settings may be a pseudo IP or pseudo MAC address, so it doesn't make sense.

If the upgraded ARP virus is invalid or the hacker performs the ARP D command, the static binding can be completely invalidated.

Installing an ARP firewall can also protect against most forms of ARP attacks.

Double-binding only makes the computers and routers at both ends of the network not receive relevant ARP information, but a large amount of ARP attack data can still be sent and transmitted in the intranet, which greatly reduces the transmission efficiency of the intranet, and there will still be problems.

Of course, you are just an ordinary home LAN, and in a large LAN, you can use VLAN partitioning to prevent ARP viruses by using port VLAN, but there is also a weakness, that is, once the gateway is attacked by ARP, VLAN partitioning will still lose its meaning.

Overall, each has its own advantages and disadvantages.

You can uninstall the network card, install the network card driver when the network is disconnected, record the network card MAC, re-bind the MAC and IP in the route, set a static IP on the computer, and try the effect.

The prosperity mentioned upstairs belongs to the enterprise network server level routing, and your ordinary users can't afford it at all, and there is no need.

The root cause of the problem is to find the source of the attack, disconnect the network, and clean up the ARP virus.

There is no necessarily-the client must also be bound, and the two-way binding is possible.

Yes, fundamentally immune to ARP attacks.

However, it is recommended that you find the poisoned machine and reinstall the system.

Bind the gateway will not be attacked, that's just people who don't understand, telling you that ARP now has 5 variants, I have a deep experience, our company used to ARP attacks every day, and was scolded by the boss every day, so check this ARP attack on the Internet every day, ARP can forge IP address, can forge the IP address of the gateway, can modify the IP-MAC address bound to your router ARP... In the end, I used the Xinxiang router to upgrade to the immune network, so the landlord must not listen to those who don't understand

Viruses are not easy to deal with, and it seems that static ARP bindings can be taken.