Summary of methods to prevent ARP attacks in Linux

Source: Internet
Author: User

I have summarized three methods to prevent ARP attacks in Linux: directly binding the gateway method, using related software such as Libnet and arpoison, and using arptables to prevent arp attacks, finally, I wrote the shell script myself. Let's take a look at it.

Method 1: bind a gateway

Generally, the gateway of the server does not change, and vps also applies.
1. view the current Gateway

[Root @ local @ xiaohuai ~] # Arp-
? (218.65.22.122) at 80: fb: 06: f2: 4a: f4 [ether] on eth0

Run the preceding commands in SSH to check the gateway host name, gateway IP address, Gateway MAC address, and corresponding Nic.

2. Bind a gateway MAC
1) Bind

[Root @ local @ xiaohuai ~] # Echo "218.65.22.122 80: fb: 06: f2: 4a: f4">/etc/safe

# Modify the ip address and mac address based on the actual situation. Format: gateway IP (Space) MAC address
2) activate it to take effect

[Root @ local @ xiaohuai ~] # Arp-f/etc/safe

Use SSH to execute the preceding command to make it take effect.

Iii. Check for effectiveness

[Root @ local @ xiaohuai ~] # Arp-
? (218.65.22.122) at 80: fb: 06: f2: 4a: f4 [ether] PERM on eth0

Run the arp-a command again. For example, if the end of a sentence contains one more: PERM, the manual binding takes effect.


Method 2: use the software Libnet and arpoison

Backup Software

Libnet go to the official website
Arpoison goes to the official website

Installation Method (FC is successfully installed. For other releases, refer ):

Install libnet first
Tar-xvzf libnet.tar.gz
Cd libnet
./Configure
Make
Make install

Install arpoison
Tar-xvzf arpoison-0.6.tar.gz
Cd arpoison
Gcc arpoison. c/usr/lib/libnet. a-o arpoison
Mv arpoison/usr/sbin

Usage:

Usage:-I device-d dest_IP-s src_IP-t target_MAC-r src_MAC [-a] [-w time between packets] [-n number to send]

Example:
Arpoison-I eth0-d 172.16.18.254-s 172.16.18.19-t ff: ff-r 00: 11: 09: E8: 78: DD

Explanation:

-I eth0 indicates the interface for sending arp packets eth0
-D 172.16.18.254: Specify the destination ip address as 172.16.18.254.
-S 172.16.18.19: Specify the source ip address as 172.16.18.19.
-T ff: ff indicates that the target mac address is ff: ff (arp broadcast address)
-R 00: 11: 09: E8: C8: ED: Specify the source mac address as 00: 11: 09: E8: C8: ED.

I wrote a small script. According to the notes, I believe that smart users can handle arp attacks in linux:

#! Bash
# ArpDefend. sh
#######
# Yk103 #
#######

# Gateway mac address
GATEWAY_MAC = 00: D0: F8: FF: 4A: 23
# Target mac address
DEST_MAC = ff: ff
# Destination IP address
DEST_IP = 172.16.18.254
# Local Nic Interface
INTERFACE = eth0
# $ INTERFACE mac address
MY_MAC = 00: 11: 09: E8: 78: DD
# $ Interface ip Address
MY_IP = 172.16.18.19

# Create a static IP/mac entry on the local machine $ DEST_IP-$ GATEWAY_MAC
Arp-s $ DEST_IP $ GATEWAY_MAC

# Send arp reply to update $ DEST_IP to $ MY_IP. the mac address of $ MY_IP is $ MY_MAC.
Arpoison-I $ INTERFACE-d $ DEST_IP-s $ MY_IP-t $ DEST_MAC-r $ MY_MAC 1>/dev/null &

Method 3: arptables defends against arp attacks


Centos5 installation:


# Http://www.bKjia. c0m
Wget http://superb-sea2.dl.sourceforge.net/project/ebtables/arptables/arptables-v0.0.3/arptables-v0.0.3-4.tar.gz
Tar zxvf arptables-v0.0.3-4.tar.gz
Cd arptables-v0.0.3-4
Make
Make install

Arptables rule settings:

Arptables-F
Arptables-P INPUT ACCEPT
# Default policy
Arptables-a input -- src-ip 192.168.1.1 -- src-mac 7A: 31: 14: 42: 10: 01-j ACCEPT
# Allow access to a specific MAC address in this segment, and the IP address matches the MAC address
Arptables-a input -- src-mac! 74: 8E: F8: 53: DC: C0-j DROP
# Reject non-Gateway MAC
Arptables-a input -- src-ip! 192.168.1.1-j DROP
# Reject non-gateway IP addresses

Save the rule and load it at boot:

Iptables-save>/etc/sysconfig/arptables
/Etc/init. d/arptables save
Chkconfig arptables on

An error occurs when the rules are saved and reloaded. The-o any field in the following file is removed.


/Etc/sysconfig/arptables

Method 4: shell scripts against arp attacks

The Code is as follows: Copy code


#! /Bin/bash
Declare gw = 'route-n | grep-e' ^ 0.0.0.0''
Declare gwname = 'echo $ gw | grep-oe 'w * $''
Declare gwip = 'echo $ gw | grep-oe '[0-9] {2, 3 }. [0-9] {1, 3 }. [0-9] {1, 3 }. [0-9] {1, 3 }''
Declare gwmac = 'Arp-n | grep-e $ gwip | grep-oe '[0-9A-F] {2}: [0-9A-F] {2}: [0-9A-F] {2 }: [0-9A-
F] {2}: [0-9A-F] {2}: [0-9A-F] {2 }''
Echo "switch $ gwname arp: $ gwip-$ gwmac to static"
Arp-s $ gwip $ gwmac
Echo "done, off arp reuqest .."
Ifconfig $ gwname-arp
Echo "all done ."

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.