Prevent arp spoofing attacks in linux

Source: Internet
Author: User
Two days ago, the home network was intermittent and found that someone was using arp spoofing. In fact, it was not likely to attack someone, most of the reason is that someone is using software such as "P2P Terminator" under win. Bs is useless, and the problem still needs to be solved. win is easy to handle. There are many ready-made software, l

Two days ago, the home network was intermittent and found that someone was using arp spoofing. In fact, it was not likely to attack someone, most of the reason is that someone is using software such as "P2P Terminator" under win. Bs is useless, and the problem still needs to be solved. win is easy to handle. There are many ready-made software. in linux, you have to do it yourself ^.

The principle of arp spoofing is not described in detail. Basically, it is to impersonate a gateway by sending fake arp packets. During online communication, the gateway IP address and MAC address are bound to the arp cache, and the fake arp packet will refresh the cache, as a result, the packets that were supposed to be sent to the Gateway are sent to the spoofer. The solution is static arp.

Assume that the IP address of the Gateway is 192.168.0.1. First, we need to obtain the correct MAC address of the Gateway. ping the Gateway first:

ping 192.168.0.1

Run arp to view the Gateway MAC in the arp cache:

localhost~$ arpAddress       HWtype  HWaddress        Flags Mask   

Interface192.168.0.1   ether  00:12:34:56:78:9A    C             eth0

The MAC address of the Gateway is assumed to be 00: 12: 34: 56: 78: 9A. C indicates that the binding is saved in the buffer, all we need to do is to bind the IP address to the MAC address statically. First, create the/etc/ethers file and enter the following content:

192.168.0.1 00:12:34:56:78:9A

Save and exit, and then use this static binding:

localhost~$ arp -f

Run arp to view the information:

localhost~$ arpAddress       HWtype  HWaddress        Flags Mask   

Interface192.168.0.1   ether  00:12:34:56:78:9A    CM            eth0

M is added, indicating the static gateway. OK to close ~

In addition, if you do not communicate with users in the LAN, you can simply turn off arp resolution. assume that your Nic is eth0, then you can run:

localhost~$ ifconfig eth0 -arp

In this way, we can deal with the Terminator software, but it is not enough if someone really wants to attack it, because attackers can also cheat the gateway, the solution is to bind two-way connections between the Gateway and the machines in the LAN. The same is true for the principles. this is also true for Internet cafes.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.