Defense Against ARP attacks

ARP attacks implement ARP spoofing by forging IP addresses and MAC addresses, which can generate a large amount of ARP traffic in the network to block the network. ARP attacks mainly exist in LAN networks. If a person in LAN is infected with an ARP Trojan, the system infected with the ARP Trojan will attempt to intercept the communication information of other computers in the network by means of ARP spoofing, and thus cause network connection failure of other computers in the network. ARP Trojans also steal passwords for online banking, stock trading, MSN, and QQ, which can cause huge economic losses to you. Now, how can we prevent ARP attacks? In the past two days, qinai.com has used the following methods based on the unit. The list is as follows. You can handle the problem based on your actual situation.

1 vro binding MAC address

ARP attacks are generated in Lan, while LAN access is basically achieved through routers. At the same time, the MAC addresses of any computer in the world are not repeated, you only need to bind the MAC address to the IP address in the LAN in the vro to implement anti-ARP. Because the vro brands are inconsistent, the configuration methods are also different. You can bind the MAC according to the specification or search for it online. Note: The MAC and IP binding of home or small routers are basically restricted, and some enterprise-level routers will be better implemented.

2. implemented through the Network Firewall

The functions of the network firewall are mainly anti-hacker, which must be separated from anti-virus software. For example, we are now using the cloud firewall and rising's personal firewall. Qin IAI is using lnsfirewall. At least in my LAN, it can intercept basic ARP viruses. LNS Qin Yi once mentioned that I am very satisfied with its functions and usage of system resources. You only need to set it up to help you implement anti-ARP and some anti-hacker attacks. For more information about LNS, see qinai.com's previous articles on LNS. You can also go to the professional LNS forums to obtain information.

3. Implement ARP protection through arpfirewall

There are a lot of software here, and I believe you can also find it. If you do not need to be too complex, you can use the 360 arpfirewall. The effect is good and the resource usage is not too large.

4. manually clear ARP attack Cache

Once your computer often fails to access the Internet or your Internet access speed is slow, you can use the ARP command that comes with WINDOWS to find and process it. There are multiple ARP commands. We can only use ARP-D and ARP-S commands. ARP-D is used to clear the ARP cache, and ARP-S is used to bind the IP address (generally 192.168.1.1 or 192.168.0.1) of the routing gateway to the MAC address. The input port of the ARP command is: start-run-CMD-ARP-D. The following two batch processing programs are stored in qinai.com, so you do not need to input them frequently to clear the ARP cache.

ARP cleanup is bound to the Gateway. You can put this batch of processing in start-Program-start to ensure that the file is automatically started at each boot. In this way, you can clear the ARP cache and bind it to the ARP Gateway after each restart or startup. Note: After downloading, you need to change the gateway IP address and MAC address to yours. .

5 others

There are other anti-ARP methods. However, Qin aipersonally believes that it is very important to regularly or timely clean up computer viruses and ensure that anti-virus software can be upgraded online, developing good computer habits is the best.

Source: http://www.newsunday.com/post/831.html