There are always people in the company who use ARP attacks, only to the IP address, can you directly

Don't take this ARP too seriously, it is usually generated by monitoring software and throttling software, which will only affect your internet speed.

1.If you enable your own firewall, you can also turn on the firewall of the router.

There is an anti-ARP, just turn it on.

3.Install a Kingsoft anti-ARP software and so on.

Except for the first one, the other two can track the IP address and the actual address of the attack on your computer, but it will be difficult for you to find that computer, and you have to check each one, corresponding to that one. It's generally like this.,You looked up n computers and they weren't.,In the end, you found out that it was the boss's computer.,Hehe.。。。 I'm like this a lot, and I don't need to say what it means.

No matter what kind of ARP firewall you use, you should be able to get the MAC address of this person instead of just getting its IP address, and you probably know about it.

The ARP attack should be the P2P terminator he uses, and you can use the anti-P2P terminator to stop him, or even disconnect him.

In addition, you can try to type the net send IP address content in DOS, some computers do not have this service enabled, and some can, directly display a dialog box on their computer desktop to warn them.

Jusheng software can catch his bag, if he can catch the QQ number on QQ, he can almost know who it is. If you have an IP, you should be able to see the name of his computer and guess it.

Here's how to track the source of an ARP attack:

1. Open the "Run" window and enter "cmd" to enter the MSDOS window.

2. In the command prompt window, enter "arp -a" to view the list of arp attacks on the computer.

3. How to find multiple MAC addresses and gateway IPs (usually corresponding, it means that the computer is under ARP attack, and the corresponding MAC address is the source computer of the attack.) Based on this, the target computer can be traced.

4. In addition, we can also use ARP attack detection tools to detect ARP attacks in the LAN.

Dude, you can set it up, set up the method. Open the 360 Trojan Shield, turn on the ARP Guard, and click Smart Settings on the right. For more settings, find the ARP protection wall on the left, and find the manual binding gateway.

Once you've set it up, others won't be able to attack you.

If you want to spend some money, you can get that stand-alone version of the ARP firewall to chase and lock the mac, and you can find the network administrator to give him the mac and ask him to help you block it directly, and the person will find it, hehe, this method is the easiest.

It's very simple, the next Kingsoft network standard or 360 network firewall (both software have been the company's **, so the official website does not have it), which can be seen.

1. Install ARP firewall on the computer, and it is recommended to install simple software such as 360 security guard;

2. You can find the IP address.

Hehe, don't chase it, it's useless, it's just that the LAN is not interfered with by some software installed on other computers. What can you do if you catch up with the IP?

This method is relatively simple, and it can be completed by using the system's built-in arp commands without using third-party tools. As mentioned above, when ARP spoofing occurs in the local area network, the ARP virus computer will send ARP spoofing broadcasts to the whole network non-stop, and then other computers in the LAN will dynamically update their own ARP cache table, and record the MAC address of the gateway as the MAC address of the ARP virus computer. It needs to be entered at the cmd command prompt. The following information is returned:

internet address physical address type

00-50-56-e6-49-56 dynamic

At this time, since the ARP table of this computer is an error record, therefore, the MAC address is not the MAC address of the real gateway, but the MAC address of the poisoned computer! At this time, according to the IP-MAC address comparison table of the whole network when the network is normal, you can find the IP address of the poisoned computer. It can be seen that when the network is normal, it is very important to save an IP-MAC address comparison table of computers on the whole network.

You can use the NBTSCAN tool to scan the IP address and MAC address of the entire network segment and save it for later use. Nowadays, there are many ARP virus location tools on the Internet, among which the better one is Anti ARP Sniffer (now renamed ARP Firewall), and I will demonstrate the use of Anti ARP Sniffer to locate ARP poisoned computers.

First, open the Anti ARP Sniffer software, enter the IP address of the gateway, and then click the "Enumerate MAC" button in the red box to get the MAC address of the correct gateway.

Then click the "Auto Protection" button to protect the normal communication between the current NIC and the gateway.

When ARP spoofing is present in the local area network, the packet is logged by Anti ARP Sniffer, and the software alerts you in the form of a bubble.

At this time, we can quickly locate the poisoned computer by comparing and searching the IP MAC address comparison table of the whole network according to the MAC address of the spoofing machine. When there is ARP virus spoofing in the local area network, it is often accompanied by a large number of ARP spoofing broadcast packets, and in this case, the traffic detection mechanism should be able to detect abnormal behavior of the network, and this is where packet capture tools such as Ethereal can come in handy.

The above three methods sometimes need to be used in combination to corroborate each other, so that the ARP poisoning computer can be quickly and accurately located.

ARP is attacked through a vulnerability in the intranet, and the next 360 firewall is OK.

Yes, you just need to reinstall the system and you'll be fine.

Many people think that ARP firewalls, double binding, VLAN and switching port binding, but these problems are only temporary solutions to the basic attacks of ARP, and now ARP attacks are emerging in an endless stream, mainly using request packets and reply packets to attack gateways and personal firewalls There are also great defects

1. It cannot guarantee that the bound gateway must be correct. If ARP spoofing has occurred in a network and someone is forging the gateway, then the ARP personal firewall will bind the wrong gateway, which is extremely risky. Even if the configuration does not default to the prompt, users who lack network knowledge may be at a loss.

2. ARP is a problem in the network, ARP can not only forge the gateway, but also intercept data, and is a "double-headed monster". Doing ARP protection on personal endpoints, regardless of the gateway end, is not a complete approach in itself. The role of ARP Personal Firewall is to prevent your data from being stolen, and the entire network problems, such as disconnection, stuck, etc., ARP Personal Firewall is powerless.

For example, the binding of VLAN and switch port only reduces the scope of ARP request packet and reply packet flooding in the same VLAN, but does not solve the ARP problem. Now to solve the ARP can only be intercepted from the terminal network card, and the ARP problem can be solved from the source, and the only thing that can be solved at present is to deploy the immune network, guard-type terminal binding, and the whole network linkage, group prevention and control to ensure the security and stability of your LAN and switching network.

The principle of P2P attack is to use ARP attack to send packets from other machines on the intranet to the Internet through a fake gateway, which has the effect of limiting the speed of other people's networks. ARP attacks are usually manifested as disconnections, slow network speeds, and failure to ping gateways.

Active positioning: Because all ARP attack sources will have their characteristics, the NIC will be in promiscuous mode, and you can use a tool like ARPkiller to scan which machine's NIC is in promiscuous mode, so as to determine that this machine may be the culprit. After locating the machine, it collects virus information and submits it to Trend Micro for analysis and processing.

Note: The NIC can be placed in a mode called promiscuous, in which the NIC can receive all the data that passes through it, regardless of whether the destination address of the data is actually it. That's actually the basic principle of how Sniffer works:

Let the NIC receive all the data it can receive.

You can also directly ping the gateway IP, after completing the ping, use ARP A to view the MAC address corresponding to the gateway IP, this MAC address should be spoofed, use NBTSCAN to get the real IP address, machine name and MAC address of the PC, if there is an ARP attack doing the trick, you can find the IP, machine name and MAC address of the PC equipped with ARP attack.

Command: nbtscan -r searches the entire network segment, ie; or nbtscan search for the CIDR block, ie. The first column of the output is the IP address, and the last column is the MAC address. Examples of use of nbtscan:

Suppose you find a virus host with MAC address 000d870d585f.

1) Put the and decompression in the archive under C:.

2) Start running and open in windows, enter cmd (windows98 input command), enter c: btscan -r in the DOS window that appears, and enter it according to the user's actual network segment), press Enter.

3) By querying the IP--MAC corresponding table, find out that the IP address of the virus host 000D870D585F is.

With the above methods, we can quickly find the source of the virus and confirm its MAC machine name and IP address.

2 Methods of Defense.

a.Use a Layer 3 switch that can defend against ARP attacks, bind the port-MAC-IP, restrict ARP traffic, detect and automatically block ARP attack ports in time, reasonably divide VLANs, completely prevent the theft of IP and MAC addresses, and prevent ARP attacks.