Prevent arp spoofing attacks in linux

Two days ago, the home network was intermittent and found that someone was using arp spoofing. In fact, it was not likely to attack someone, most of the reason is that someone is using software such as "P2P Terminator" Under win. Bs is useless, and the problem still needs to be solved. win is easy to handle. There are many ready-made software. In linux, You Have To Do It Yourself ^.

The principle of arp spoofing is not described in detail. Basically, it is to impersonate a gateway by sending fake arp packets. During online communication, the gateway IP address and MAC address are bound to the arp cache, and the fake arp packet will refresh the cache, as a result, the packets that were supposed to be sent to the gateway are sent to the spoofer. The solution is static arp.

Assume that the IP address of the gateway is 192.168.0.1. First, we need to obtain the correct MAC address of the Gateway. ping the gateway first:

ping 192.168.0.1

Run arp to view the gateway MAC in the arp cache:

localhost~$ arpAddress       HWtype  HWaddress        Flags Mask    Interface192.168.0.1   ether  00:12:34:56:78:9A    C             eth0

The MAC address of the gateway is assumed to be 00: 12: 34: 56: 78: 9A. C indicates that the binding is saved in the buffer, all we need to do is to bind the IP address to the MAC address statically. First, create the/etc/ethers file and enter the following content:

192.168.0.1 00:12:34:56:78:9A

Save and exit, and then use this static binding:

localhost~$ arp -f

Run arp to view the information:

localhost~$ arpAddress       HWtype  HWaddress        Flags Mask    Interface192.168.0.1   ether  00:12:34:56:78:9A    CM            eth0

M is added, indicating the static gateway. OK to close ~

In addition, if you do not communicate with users in the LAN, you can simply turn off arp resolution. Assume that your Nic is eth0, then you can run:

localhost~$ ifconfig eth0 -arp

In this way, we can deal with the terminator software, but it is not enough if someone really wants to attack it, because attackers can also cheat the gateway, the solution is to bind two-way connections between the gateway and the machines in the LAN. The same is true for the principles. This is also true for Internet cafes.