Features and protection of server ARP Virus

Recently, some users have reported that virus code has been inserted to all websites on the server, but these virus codes
The source file of the server cannot be found. Therefore, it is impossible for the network administrator to clean up viruses.
Why?

A: This is caused by the recently popular ARP virus.
Specifically, your server is located in a machine room with hundreds of servers, one of which is
The server has been intruded into and installed with the ARP virus. Although not your own server has been intruded,
But it will also seriously affect other servers, including your own servers.

For example, if one of the servers with viruses is intruded into the data center, it will
Other servers in the room broadcast such fraudulent information: "I am a gateway and you send packets.
", Other servers automatically send normal data after receiving this information.
Sent to this "infected server", this "infected server" will be normal
Insert virus code into the data (usually webpage). When you use IE to remotely access
When a website is on your own server, you will find all the websites on your server inexplicable.
"Virus code" has been inserted to all the workers, but you cannot find them in the source file of the server.
To these "virus code ".

Bytes ------------------------------------------------------------------------------------------------------------

Solution:
1. From the above analysis, we can know that if you want to fundamentally solve this problem,
You must first find out the virus-infected server in your IDC and then stop the virus-infected server.
And conduct anti-virus.

2. If the IDC does not help you solve the problem, you can forcibly set your own server
The server uses the static gateway. After the static gateway is set, the server that receives the virus
The broadcast information: "I am a gateway, and everyone sends packets through me" is the same
Will be affected.

The configuration method is as follows:

1. on your server desktop,

2. Create a bat-format batch file named "prevent ARP. bat.

The file content is as follows:
Arp-d *
Arp-s 192.168.0.1 03-00-0f-07-a0-0c

(Replace 192.168.0.1 with the IP address of your Server Gateway,
You can obtain this IP address from the IDC ).
(Change 03-00-0f-07-a0-0c to your server Gateway
MAC address. You can also obtain this address from the IDC ).
　　　　　　　　　
Note: If the IDC does not tell you the MAC address, you can also
Run the arp-a command to view the MAC address of the gateway.
Note: If the ARP virus exists, the MAC address may be incorrect. You need
Confirm with your IDC

3. After setting the batch file, you can double-click it to run it.
Set your server to use static gateway ". This will solve the problem.
ARP attacks.

Note: each time you restart the server, you need to re-run the "batch processing file"
To take effect. You can also add this "batch processing file"
In the "Start item" or "scheduled task" added to the operating system,
Let him run it on his own.