An alternative solution to campus network ARP Virus

Although ARP is not a new term, it is still rampant in many campus networks. Of course, anti-virus is a means of defense. However, if you change your mind, it is likely to be easily and thoroughly solved. Of course, this still has certain prerequisites, that is, your campus network must be authenticated by ruijie and other software before you can access the network. Most campus networks use ruijie. The following uses ruijie as an example:

Create a uniform version of the client (for example, you must use ruijie 2.56), and then open "integrity check" on the server.

Its principle is to use almost all ARP viruses to modify the behavior of local EXE files. Since the EXE file is modified, the integrity of the ruijie client is damaged, resulting in logon authentication failure and network connection failure. If you log on for 10 times repeatedly, the user will be blacklisted. In this case, a message "incorrect user name or password" will be displayed on the client ". Because machines infected with the ARP virus cannot connect to the network, they cannot launch attacks on their local networks, affecting others. In addition, because accounts are blacklisted, students must manually unseal them from the network center, thus, it is easy for the network maintenance teacher to accurately locate who is infected with the virus in the LAN below. At the same time, because integrity verification is enabled, illegal proxy servers and clients are also banned, which is more conducive to network management.

This solution is applicable not only to ruijie, but also to Internet authentication systems with the "Integrity Verification" function.

Of course, the limitation of this method is also obvious, that is, if the attacker is not in the virus, but deliberately attacked and stolen the data of classmates? For example, use the law enforcement officer or direct ARP attack software. Therefore, we still need to use the arpfirewall software to immediately report the attack to the school network center (generally provide IP addresses or gateways) and assist the school in handling the problem. However, campus network users do not need to open the active defense mode, which will cause larger campus network users to be disconnected collectively.

With the combination of the two methods, after a running test, the network disconnection report phone number keeps increasing from the beginning every day to the present day. If you are frustrated by network disconnection, you can advise the network center teacher.