Internet Café Network encounters ARP attack common eight kinds of situation detailed explanation

1, Arpddos attack:

Arpddos attack is the most common, is to send a large number of normal ARP request packets, consuming host bandwidth. This attack in the LAN meaning is not too large, such as ADSL cat, send ARP request, in a few minutes will let it die, this packet is a normal package, will not be ARP firewall and switch filter out.

2. ARP Gateway spoofing

ARP Gateway spoofing, if the client did a gateway static binding, installed the ARP firewall you can not cheat on it, can not disconnect it from the Internet, then we will be ARP spoofing gateway. For example, a is a client and B is a server. A to protect, and you want to block him on the internet, then we do a cheat on B, is to think of B as a computer, has been sent to him a false address, this package to be continuous, the amount of data to be larger.

3. ARP Request spoofing

ARP Request spoofing is also more common, that is, the ARP request protocol in the destination IP and MAC address are no errors, the error is the requester's MAC address problem, is not true.

4, ARP full network request deception

This deception is to request deception and return deception further extension, the principle is to the Ethernet frame head to the target address to FF-FF-FF-FF-FF-FF is broadcast to all hosts, the source address IP address or gateway IP address, the physical address is a fake MAC address, remember in the destination IP, is the 192.168.1.255 multicast address.

5, ARP return packet spoofing

ARP return packet spoofing is to send ARP return packets to the host, this kind of packet IP gateway address, the sender of the physical address is their own or forged, so that the other computer's IP--MAC Address Table error, When the IP packet adds this hardware address to the data, the correct physical exit address is not found. This kind of protection is simpler, uses ARP-S to bind the gateway, and is uses the ARP firewall, but this kind of deception may be by the router sends the correct address to cover off.

6. ARP IP address conflict

IP address conflicts are also caused by ARP packets, he is the Ethernet frame head address broadcast, packet inside the source IP address and destination IP address is the same, this package is very common, it is possible that everyone does not know, every time you pc boot, he will be his own IP address broadcast, See if there is no computer using the same IP address, this broadcast defines it as "free ARP". This broadcast can be filtered directly with the ARP firewall. In fact, this package will not cause broken nets, but the old pop-up annoying dialog box, like the long Horn Cattle Network monitoring is to send such a package.

7, ARP Middle deception

This deception is done under the switch, some people say that the data flow under the Exchange environment is secure, the following attack is directed at the switch. The approximate process is this, ABC three computers, A and C for normal communication, B launched an intermediate attack, B first sent Arp cheat told a I B is C, And tell C I'm a. So the data transfer between A and C is completely checked by B, and this deception also has to do a data forwarding mechanism, or the communication between A and C will be broken, such as Peer-to-peer Terminator is this kind of deception.

8, ARP switch port forwarding spoofing

ARP switch port forwarding spoofing, that is, the Skiller attack method of the Mirage Network Shield: ARP switch spoofing {Skiller}. The principle is to change the forwarding list of the switch. This ARP spoofing is the hardest to solve.

The above is the Internet Café Network encounter ARP attack common several situations, understand the situation, when the network encounter ARP attack, you can according to the specific form of expression to determine which link appeared a problem.