Why Campus Networks Are Often Attacked by RAP?

The campus network belongs to the local area network, if there is a machine in the local area network is infected by the ARP virus, then it will affect all the machines in the local area network, the best way is to find the source of the virus, delete the infected virus, you can use the ARP firewall with 360 to block the attack, or the Rising firewall also has a tool to prevent ARP attacks.

Turn. ARP is the meaning of the address resolution protocol, it translates the IP address into the MAC address of the network card, ARP spoofing generally occurs in the LAN, because when two computers communicate in the LAN to find each other in the form of broadcasting, other A hosts are called B hosts, so the computers in the LAN can receive it, but they don't respond if they don't call themselves, if C hosts respond to A hosts, then A hosts will treat C hosts as B hosts, which is the principle of ARP spoofing.

Solution: We recommend that you use the two-way binding method to solve the problem and prevent ARP spoofing.

1) First, get the MAC address of the router's intranet (for example, the MAC address of the Hiper gateway address is 0022aa0022aa).

2) Write a batch file with the following contents:

echo off

arp -d

arp -s 00-22-aa-00-22-aa

Change the gateway IP address and MAC address in the file to your own gateway IP address and MAC address.

Drag this batch software into "Windows--Start--Program--Start".

3) If it is an Internet café, you can use the paid software server program (pubwin or Vientiane) to send batch files to the startup directory of all clients. The default boot directory for Windows 2000 is "C: Documents and Settings All Users Start Menu Program Start".

In the HIPER management interface - advanced configuration - user management, each host of the LAN is bound.

arp it.

Your next Security Guard 360 is to install an ARP firewall.

Connected to the same disease,Installed the system n times,Checked the CPU and graphics card n times,It turns out that the CPU is caused by a campus network attack.,It's useless to use a lot of anti-rap attacks.,Including color shadow RA (but I found out that I didn't receive 50 attacks in seconds!) P,CPU is still high occupancy,No way,The best way to play a game or card every time is to cut off the local connection。

I haven't found an effective way to do this on the Internet, and the landlord is calm.

But if you find a contact with me, teach me. If you want to stop the campus network attack, I think the only way is for everyone to self-discipline, and there should be no other way.

If you can't access the Internet, it may be that you have been attacked by ARP, and you can't open the software, or you have a problem with your system.

I suspect that the computer with the ARP virus is your reinstaller.

In the anti-education network, the best software for ARP attacks on the LAN is Caiying, you might as well try it.

Also, you may have been poisoned by the machine yourself.

Hip-hop has a battle. There is a reason for rap to diss.

Use the "honeypot" method, which is not clear above, but if you want to find the hacker who attacked you, that method is better. In addition, if you are sure that you are under unauthorized intrusion, you can view all the IPs and open ports of the machine. Specifically, open the command prompt, enter netstat an enter, find out the IP connected to the machine This method is only suitable for dealing with those beginner hackers, if it is a professional hacker who deliberately attacks your network, then you might as well try the "honeypot" method, you can consult your computer teacher for details, (but I don't know if you understand).

Check whether it is ARP first, and generally ARP is the most common.

See which computer it is.

First of all, you need to make a **.

The following computers must go through your computer to surf the Internet, that is, make your computer a route, and then when this attack is attacked, capture the packets on this computer, analyze the packets, and it is easy to find the computer.

If it's an on-network attack, just use an ARP firewall to find his IP address or contact the network administrator.

If somebody attacks the entire campus network, it's much harder to find unless he's a fool and doesn't need a springboard.

Before going online, I took a knife and bleed from person to room, and then unplugged their network cables, and returned to the dormitory.

The most humane way is to open BT at the same timeThunder. Thunderbolt.

QQ Whirlwind Internet Express Get off the movie together You hang up the machine and go to class You can watch a movie when you come back. Let them grab the bandwidth.

This brother is so humorous!

For the introduction of Ruijie, you can take a look at this below.

Firewall recommendation: ARP firewall must be installed, followed by antivirus software.

Poison bully, Rising and so on.

You do this about your own safety:

The so-called privacy originally refers to things that you don't want to tell others, and it also refers to things that you don't want to tell others. The recent ** incident about some celebrities that has been hyped up on the Internet is a typical personal privacy leakage problem.

The concept of privacy in the Internet includes a lot, such as your mobile phone number, ID number, your home address, workplace, game account, etc., and some important information should not be stored in the computer casually. Some people may say that my computer has anti-virus software, my computer has set security passwords, etc., but don't forget that there are vulnerabilities, Trojans, viruses and other concepts in the network, and they are ubiquitous.

Take the author's QQ as an example, a 7-digit QQ, with a relatively high level of confidentiality, and the mobile phone is bound. My computer is equipped with anti-virus software, and it is often upgraded and disinfected, but in the second half of 2007, my QQ was frequently stolen, and I traveled to most of China, and then I thought that it was estimated that there were too many people on the office computer, and there were number theft Trojan horses. Fortunately, I have a good sense of prevention, there is a password recovery function, there is no QQ currency in the account, and there is no privacy in it, but fortunately there is no fundamental loss.

Online game accounts should also fall into the category of privacy, right? However, the theft of online game accounts is nothing new now. Normally, the higher the popularity index and playability of an online game, the higher the frequency of number theft.

Take the "R2" that the author plays, for example, there was a large-scale number theft incident when it was still in closed beta, and many players could not log in to their accounts at the same time, and then the equipment and accounts of these players were put in some ** auctions. Some criminals will also take advantage of the player's tricky psychology and walk around some so-called plug-ins or the address of the winning equipment. As the saying goes, "there is no such thing as a free lunch," and many times these links may contain bad programs such as number theft Trojans, which can fool some lucky players.

It's not the only case of a player using a stolen account in R2.

While enjoying the convenience and speed brought by the network, paying attention to protecting personal privacy is the lesson that the first event brings to everyone in the network; Learning how to protect your privacy on the Internet is something that everyone on the Internet should do after reading this article.

There is no absolute protection, only the safest.

If there's only one folder, you can use folder encryption software and cancel all sharing, patch all the admin passwords, the more complex the better, and then disable it completely, and then go to Skynet. 360 is also practical.

360 Security Guard Edition--- real-time protection --- ARP firewall --- enabled. So far, the effect is good.

Defense, counterattack is unrealistic, ARP attack is launched by multiple machines, the machine that hits the Trojan horse will automatically send ARP attacks to other machines, infect other machines that do not have the Trojan, a vicious circle, it will be like a snowball, it will get bigger and bigger, only a unified anti-virus can be **, generally speaking, defense is OK.

If you want to **, find a disc and engrave a mirror, and it will be done in a while.

Are you a webmaster? It's still a user. If you are a user.

You can't do anything. Does the computer have a recovery card? Can I install the software myself?

Can I debug hardware devices such as routing? If you're a webmaster, you have a lot to do. Computer real-name system, stand-alone speed limit, firewall settings, virus interception, file monitoring, IP-MAC binding, yo ah too much, depending on the model of your firewall.

The firewall of the mountain tower is still good.

ARP firewall adopts kernel layer interception technology and active defense technology, and several functional modules (intercepting ARP attacks, intercepting IP conflicts, suppressing DOS attacks, security mode, ARP data analysis, monitoring ARP cache, active defense, tracking attack sources, detecting ARP viruses, system time protection, IE home protection, ARP cache protection, self-process protection, intelligent defense) cooperate with each other to completely solve ARP-related problems and stifle DOS attack sources.

Generally, it is used to Jusheng network management (but it should be noted that there are many problems on the Internet, if it is the kind that says that it is said that it can be used after decompression, it is really usable, and it is not limited by the number of computers).

I can send it to you if needed.

Look**It's not that someone else is attacking you, but your computer is poisoned, and other computers in the attack LAN are blocked by your firewall It is recommended to install 360 Security Guard, use 360 anti-virus to kill poison, and if it doesn't work, reinstall the system.

Leave it alone. It's okay.. Install a 360 to turn on ARP protection.

With 360, enable ARP protection and bind the IP and MAC address of the gateway! Used, absolutely non-stop networking!

Friends suggested installing 360 Security Guard.

And turn on the LAN protection in the Trojan firewall to block ARP attacks.

What router you use, if it is supported, you can bind ARP to the route, that is, IP and MAC address binding.

Attack your IP with 360 bindings and set up an automatic counter-attack address.

The real machine of the attack can be viewed on the switch.

There are two types of ARP spoofing, one is the spoofing of the router's ARP table; The other is gateway spoofing for intranet PCs.

The first type of ARP spoofing works – intercepting gateway data. It notifies the router of a series of wrong intranet MAC addresses, and continuously proceeds according to a certain frequency, so that the real address information cannot be saved in the router by updating, and as a result, all the data of the router can only be sent to the wrong MAC address, causing the normal PC to not receive the information.

The second type of ARP spoofing works – fake gateways. It works by setting up a fake gateway and letting the PC tricked by it send data to the fake gateway instead of surfing the Internet through a normal router. In the eyes of the PC, it is just that it can't be connected to the Internet, and "the network is disconnected".

The usual solution is:

1. In the broadband router, input the IP-MAC of all PCs into a static table, which is called router IP-MAC binding. 2. Set the static ARP information of the gateway on all PCs on the intranet, which is called PC IP-MAC binding. The third is a combination of the first two methods, which is called IP-MAC two-way binding.

The method is effective, but the work is tedious and the management is cumbersome. Binding each PC is already laborious, and it is even more painful to add, maintain, and manage such a long list of router items. Once the capacity is expanded and adjusted in the future, or the network card is replaced, it is easy to cause confusion due to negligence.

In addition, there are new variants of ARP, and the second-generation ARP attacks have the ability to automatically propagate, and the existing macro file binding method has been broken, which is mainly manifested in the spread of viruses through network access or inter-host access. Since the virus has infected the computer host, it can easily remove the ARP static binding on the client computer, with the cancellation of the binding, the wrong gateway IP and MAC correspondence can be smoothly written to the client computer, the wrong gateway IP and MAC correspondence can be smoothly written to the client computer, ARP attack is unimpeded again.

I have also been poisoned by ARP, the hard-working two-way binding encountered the second generation of ARP attacks has become nothing to hide, I think that in order to truly eliminate ARP attacks, we still need to link every computer in our intranet, jointly prevent, jointly suppress, the firewall of anti-ARP attacks is far from enough, this can only ensure that you may not be attacked, but if someone sends you a large number of ARP packets, although it can be intercepted, but a large number of ARP packets may block your network card exit, Again, your data still can't be sent. In the same way, you can't guarantee that you won't send ARP attacks, so it's a palliative not a cure, so if you want to really eliminate ARP, the most curative way is to prevent and control, both to prevent attacks from ARP and to control attacks that don't send ARP, recently there is a popular effect on the market called immunity wall, which can intercept the datagram of the disguised MAC or IP, and also let the correct packets flow out, and there are also restrictions on the correct ARP exploration will not let a PC send a large number of ARP packets.