Network management to prevent ARP attacks

ARP attack is a major hidden danger of Internet Café Network security, it is also the scourge of Internet Café Administrator. It is much easier and more important to prevent ARP attacks than to resolve ARP attacks. How to prevent ARP attack, protect Internet bar network security? You may refer to the following methods:

In the case of normal network, record the Ip/mac table in the Backup network, check the ARP table in the network with the Arp–a command, control whether the Ip/mac address of the gateway is consistent with the plaintiff's backup, whether there is duplicate IP or MAC address, If the above phenomenon can determine the existence of ARP attacks in the network.

The operation can be detected by tool software such as Antiarpsniffer or Nbtscan command line, and the prevention or resolution measures are as follows:

⑴ empty ARP cache

Everyone may have had the use of ARP instructions to solve the ARP spoofing problem, the method is aimed at the ARP spoofing principle to solve, the process is as follows: In the command-line mode, enter the ARP-A command to view the current native storage in the Local system ARP cache IP and Mac corresponding relationship information;

Using the arp-d command, the ARP cache information stored in the native system is emptied, so that the incorrect ARP cache information is removed, and the machine will regain the correct ARP information from the network, and achieve the goal of mutual visits and normal Internet access between the LAN machines.

If you encounter the use of ARP spoofing tool to attack the situation, the above method can be completely resolved, but if it is infected with ARP spoofing virus, the virus every time automatically send ARP spoofing packets, then use the method of emptying the ARP cache will be powerless.

⑵ Specifies the ARP correspondence:

In fact, the method is to force the specified ARP correspondence because the vast majority of ARP spoofing virus is targeted at the Gateway MAC address, so that the ARP cache in the information stored in the Gateway device disorder, so that when the machine to send the Internet packet to the gateway will be due to the wrong address and failure, Causes the computer to be unable to surf the internet.

We assume that the Mac information for the gateway address is 00-14-78-a7-77-5c, the corresponding IP address is 192.168.2.1, and specifies that the ARP correspondence refers to these addresses on the infected machine, click on the desktop-> taskbar "Start"-> "Run", Input cmd back enter, enter cmd command line mode;

Use the Arp-s command to add an ARP address correspondence, such as the ARP-S192.168.2.100-14-78-A7-77-5C command, which binds the IP of the gateway address to the correct MAC address, and the native network connection will return to normal;

Because ARP cache information is cleared every time the computer is restarted, we should add this ARP static address to a batch file such as: Bat, and then place the file in the system's startup item when the program is loaded with the system's startup. You can dispense with the loss of ARP static mapping information.

⑶ Add routing information to address ARP spoofing

General ARP spoofing is for the gateway, then we can add a route to the local to solve this problem? As long as the route is added, then the Internet is routed through this route, and naturally will not be ARP spoofing packet interference.

The first step: first by clicking on the desktop taskbar "Start"-> "Run", and then enter CMD back, enter the cmd black background command line mode;

Step Two: Manually add the route, the detailed commands are as follows:

To delete the default route: routedelete0000;

Add route: Routeadd-p0000mask00001921681254metric1;

Confirm Modification: Routechange

This method is appropriate for a fixed gateway situation, and if you change the gateway in the future, you need to change the routing configuration for all clients

⑷ use anti-virus software or kill tools

The above is the prevention of ARP attacks to protect the Internet Bar Network security measures. In order to prevent the Internet café users to bring a better experience.