Completely resolves lan arp attacks

Measure the test taker's knowledge about ARP attacks.

Currently, the most common basic method of governance is "ARP two-way binding ".

Because ARP attacks are often not caused by viruses, but by legally running programs (plug-ins and web pages), antivirus software is usually helpless.

The so-called "two-way binding" means that some common ARP table items are bound on each computer while the ARP table is bound on the router.

"ARP bidirectional binding" can defend against minor and ineffective ARP attacks. If the ARP attack program does not try to change the bound ARP table, the ARP attack will not succeed. If the attack method is not violent, it will not be able to deceive the router, in this way, we can defend against 50% ARP attacks.

However, ARP attacks often run legally, so the ARP table items of the computer can be modified legally. After the popularity of ARP bidirectional binding, the authors of attack programs have also improved their attack methods. The attack methods are more comprehensive, and the attacks are very frequent, two-way binding alone is no longer able to cope with malicious ARP attacks, and it is still easy to cause a disconnection.

So we added the "ARP attack active defense" function to the router. This function is implemented based on the ARP binding of the router. The principle is: when the network is attacked by an incorrect ARP broadcast packet, the router immediately broadcasts the correct ARP packet to correct and eliminate the impact of the attack packet. In this way, the problem of disconnection is solved, but when the most aggressive ARP attack occurs, the problem still occurs-when the ARP attack is very frequent, the router needs to send more frequently correct packets to eliminate the impact. Although it is not lost, there is a "card" Problem on the Internet.

Therefore, we believe that relying on routers to achieve "Active ARP AttacK Defense" can only solve 80% of the problems.

To completely eliminate ARP attacks, we have added the "ARP attack source attack tracking" function. For the remaining powerful ARP attacks, I use the "log" function to provide information for users to track the attack source, so that users can temporarily cut off the computer or block the attack program, able to solve the problem.

Completely address ARP attacks

In fact, because the router is the egress of the entire LAN, and ARP attacks are targeted at the entire LAN, when the ARP attack packets have reached the vro, the impact has been achieved. Therefore, the task of defending ARP attacks by routers is only a matter of expediency and cannot solve the problem well.

To truly eliminate the hidden danger of ARP attacks, we must turn to the "LAN core"-switch. Any ARP packet must be forwarded by the switch to achieve the target. As long as the switch receives an invalid ARP packet, any ARP attack will not have any impact.

We propose a really strict solution to prevent ARP attacks, that is, implement ARP binding on each access switch and filter out all illegal ARP packets. In this way, ARP attacks cannot be initiated, and ARP attacks are completely eliminated in the LAN.

Because each switch needs to have ARP binding and related security features, such a solution is undoubtedly expensive, so we provide a compromise.

Economic Solutions

We only use netcore 7324nsw, a switch that can bind a large number of ARP attacks and defend against ARP attacks. This switch can achieve up to 1000 ARP binding entries, therefore, you can basically bind the ARP of the entire network and prevent any illegal ARP packets from spreading on the primary switch.

In this way, under a powerful ARP attack, we can observe that ARP attacks can only affect computers on the same branch switch, and thus the scope of attacks may be greatly reduced. When an attack occurs, it is impossible to cause the entire network.

On this basis, we add the "log" function and the "ARP active defense" function. ARP attacks can also be perfectly solved.

Latest ARP attacks

Recently, ARP attacks discovered by Internet cafes have been escalated, and another wave of ARP attacks have come.

The features of this ARP attack include:

1. Fast and efficient. In about 10-20 seconds, 300 computers may be disconnected.

2. Hard to find. Immediately stop the attack and correct the ARP information. If there is no log function in the network, it is difficult to find attack traces by using ARP commands.

3. The latest XP and 2000 ARP patches can be cracked. the patches provided by Microsoft are obviously weak in this attack and have no effect.

4. Media changes. The attack comes from private servers (not plug-ins) and P2P programs.

Reference address: http://www.qq08.net/article/2007/1010/article_23327.html