How to use the tplink ARP spoofing protection function

Currently, software with ARP spoofing features include "QQ sixth sense", "cyber law enforcement officer", "P2P Terminator", and "Internet cafe Legend Killer". Among these software, some are manual operations to damage the network, some are virus or Trojan, users may not know its existence, so it expands the lethality of ARP attacks.

From the perspective of affecting the smooth network connection, ARP spoofing can be two types of attacks: one is spoofing the ARP table of the router, and the other is spoofing the ARP table of the intranet computer, of course, two types of attacks may also be carried out at the same time. In any case, the data sent between the computer and the vro may be sent to the wrong MAC address after spoofing transmission. On the surface, it is "unable to access the network ", "cannot access the vro" and "The vro crashes." as soon as the vroarp is restarted, the ARP table will be rebuilt. If the ARP attack does not always exist, the network will be normal, therefore, the Internet cafe owner is more certain that the router is "crashed", rather than thinking about other reasons. To this end, the broadband router carries a lot of "black box", but in fact it should be the ARP protocol itself. Let's take a look at how to prevent ARP spoofing.

As mentioned above, there are two types of spoofing: Spoofing router ARP table and spoofing computer ARP. Of course, our protection is also in two aspects. First, we should set it on the router, to prevent the ARP table of the router from being changed by malicious ARP packets. Secondly, we will also make some settings on the computer to prevent the ARP table from being maliciously changed. Both settings are required. Otherwise, if you only set the ARP spoofing prevention function of the vro and do not set the computer, data packets will not be sent to the vro after the computer is cheated, it is sent to a wrong place. Of course, you cannot access the Internet or access the vro.

There are two ways to bind the main IP address and the MAC address on our vro. SOHO routers are mainly engaged in common binding, and enterprise-level routers have common binding and forced binding.

Normal binding records the IP address corresponding to the MAC address of the computer in the Lan on the vro, establishes a corresponding relationship, and is not subject to ARP spoofing, resulting in failure to communicate normally. Computers that do not have an IP address bound to a MAC address may be vulnerable to ARP attacks. The normal binding of a SOHO-level router only sets a correspondence relationship between the IP address and the MAC address. If the computer changes its IP address, the router can still perform automatic ARP ing table learning, after scanning the new correspondence between the computer and the router, the computer can still communicate with the router. After the enterprise-level router is normally bound, the IP address and MAC address are one-to-one correspondence, if a computer changes its IP address, the router considers the IP address to be incorrect and thus cannot communicate with the router.

Force binding:It refers to disabling the router's learning IP and MAC address capabilities and manually adding the computer IP and MAC address to the router. Therefore, after forced binding is set, the computer that is newly connected to the vro cannot communicate with the vro if the IP address and the MAC address are not added. Or the IP address of the computer under the vro is changed. As a result, the relationship between the IP address and the MAC address recorded on the vro is inconsistent and communication fails.

The following uses TL-4299G as an example to describe how to set common binding and forced binding on enterprise-level routers, and how to prevent ARP spoofing.

I. Preparations before configuration

When the ARP spoofing prevention function (IP and MAC binding function) is used, it is best not to use a dynamic IP address, because the computer may obtain an IP address different from the IP address and MAC binding entry, at this time, you may not be able to access the internet. Follow these steps to avoid this situation.

1) disable the DHCP function of the vrodhcp: Open the vro management interface, choose "DHCP server"> "DHCP service", and change the status from "enabled" to "disabled" by default ", save and restart the vro.

2) manually specify IP addresses, gateways, and DNS server addresses for your computer. If you are not clear about the local DNS address, consult your network service provider.

2. Set vrouters to prevent ARP spoofing

Open the router management interface, and you can see in the menu on the left:

The "binding IP to MAC" function. In addition to binding IP to MAC, this function can also prevent ARP spoofing.

Open the static ARP binding settings window as follows:

 

Note that the ARP binding function is disabled by default. Select Enable and click save to enable it.

When you bind an IP address to a MAC address, you can manually add entries or view the relationship between the IP address and the MAC address in the ARP ing table,.

1, Manually add, click "add a single entry ".

 

Enter the MAC address and the corresponding IP address of the computer, and save the settings to bind the IP address to the MAC address.

2, Through the "ARP ing table", import entries, bind.

Open the "ARP ing table" window as follows:

 

This is the ARP table dynamically learned by the vro. You can see that the status column shows "not bound ".If there is no error in this dynamic learning table, that is, there is no arp spoofing at the time., Import the entries and save them as static tables. After the vro is restarted, these entries will exist to achieve the binding effect.

If many computers exist, click "import all" to automatically import the IP and MAC information of all computers.

After the import is successful, the IP address and MAC binding settings are completed. As follows:

 

You can see that the status is already bound. At this time, the vro has the function to prevent ARP spoofing. In the preceding example, there is only one entry. If you have multiple computers, the operation process is similar. If some entries are not added, you can add them next time. In addition to using the dynamically learned ARP table to import data, you can also manually add the corresponding entries as long as you know the MAC address of your computer.

In the "ARP ing table", we can see that the IP address of this computer has been bound to the MAC address. After the vro is restarted, this entry still takes effect.

3. Set up a computer to prevent ARP spoofing

The router has already set the ARP spoofing prevention function. Next we will set up the computer to prevent ARP spoofing. Microsoft's operating system contains the ARP command line program, which can be configured on the windows command line interface.

Windows XP system settings:

Click Start, Select run, and enter cmd. The command line prompt for windows is as follows:

 

Use the "arp-s router IP + router MAC" command to achieve static binding of ARP entries on the router, for example, arp-s 192.168.1.1 00-0a-eb-d5-60-80; we can see that the entry we just added already exists in the output of the arp-a command. If the Type is static, the entry is added statically. So far, we have set a static ARP entry for the computer, so that the packets sent from the computer to the router will not be sent to the wrong place.

How can I know the MAC address of a vro? You can open the vro management interface and choose "network parameters"> "LAN port settings ":

 

The MAC address of the LAN port is the MAC address of the computer gateway.

Careful people may have discovered that if the above method is used, the computer needs to input the above Command every time after restarting to prevent ARP spoofing. Is there a simpler way to automatically complete it, you don't need to enter it manually? Yes!

We can create a new batch processing file, such as static_arp.bat. Note that the suffix is bat. Edit it and add the following command to it:

 

Save it. You can double-click it to execute this command, and place it in the system startup directory for self-execution at startup. Open "start"-> "program" on the computer, double-click "Start" to open the Startup folder directory, and copy the created static_arp.bat to it:

 

All right, the computer will execute the arp-s command every time it starts up, and it will not be disturbed by ARP attacks when using the network in the future.

How to set Windows Vista and Windows 7:

1. Run the command prompt as an administrator.

2. Run the netsh-c I show in command to view the exact name of the network connection. Such as local connection and wireless network connection.

3. Bind: netsh-c I add neighbors "network connection name" "IP address" "MAC address ".

4. After the binding is complete, the static ARP after the computer is restarted does not expire and you do not need to create batch files like XP.

As shown in the following figure: