Home > Cloud Computing > Cloud Security

Final Solution for using arping to grab IP addresses in Linux

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Recently, I encountered a shameless Windows user who grabbed the IP address of Linux. After studying the IP address for one afternoon, I finally solved the problem. Share with you.
Assume that the gateway is 192.168.5.1 with a 24-bit mask. 192.168.5.5 has been used by a Windows user.
My Linux is on a pleasant boot, and an error is reported when the network script is run, saying that the IP address has been used by others, and the network startup failed! Linux is so modest!
The current goal is to get this IP address back. The worst result is at least to make sure that "you don't want to use it if I can't use it ".
So I wrote a script:
Shell code

#! /Bin/sh while true; do ifconfig eth0 192.168.5.5/24 up route add default gw 192.168.5.1 sleep 1 done # arping-Uq-s192.168.5.5-Ieth0 192.168.5.1 &
In this way, as long as I run this script, even if the Windows machine is using 192.168.5.5, this IP address will be forcibly grabbed by my Linux.

Linux has been attacked by arp. Many times, our WEB server has been infected with Trojans. The server checks and finds that the code is normal. This situation is caused by arp Trojans, which are arp attacks against disguised gateways of machines in the same network segment, you can find out which machine has a problem through the following method:
1. Use tcpdump to capture packets
Tcpdump-qne arp
Through the above packet capture, we can see that the IP address of the same MAC as the gateway is a problematic machine.
Because arp is disguised as a gateway, the data passed through the gateway is modified, so the webpage content is abnormal, so there must be two machines with problems.
You can only ask the machine room to handle the problematic machine, or bind your MAC ip address to the gateway.

Key commands:
Nic interface of the arping-U-I package-s source ip address destination ip address
Instance:
Assume that the ip address of your eth0 interface is 192.168.1.1 and the gateway is 192.168.1.254.
Arping-U-I eth0-s 192.168.1.1 192.168.1.254

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More