The ultimate device solution to get rid of ARP Problems

I. ARP is coming!

The frequent disconnection caused by ARP virus has become the biggest headache for Internet cafe owners. ARP has become one of the most familiar terms in the network circle. At that time, various network vendors have released solutions for ARP viruses, and private experts have also demonstrated their capabilities.

Hardware routing vendors are the first to offer solutions in three categories: ARP immune, which uses a specific NAT forwarding mechanism based on the underlying NAT protocol, only the PC end needs to vrolan or soft routing LAN port MAC MAC-IP binding, to deal with ARP virus is simply said "you said I do not understand ". Another type is "two-way binding", router, PC end, need to bind the other side of the MAC-IP two-way binding, simply put, is "you said I don't listen ". The other type is "intranet broadcast", which sends correct ARP information that is more frequent than ARP attacks in the internal network. Simply put, it is "I listen to my voice ".

Software vendors are also reluctant to lag behind. They have successively launched pure software solutions such as arpprotector, arpguard, ARP sniffer, arpfirewall, and caiying network security.

However, in the actual use environment of Internet cafes, the effect is not satisfactory. The second generation of ARP virus can change the PC's ARP cache as needed, and the binding is also invalid. the disadvantages of the existing solution are constantly exposed. The hardware product cannot solve the ARP virus attack problem on the PC side, neither stop ARP attacks nor locate the attack source. However, software products lack the knowledge of network hardware and underlying network protocols, and they are completely blind.

Is it really helpless to ARP? No. Patrol "immune wall" is the ultimate solution to completely get rid of ARP troubles.

2. Solution to the road patrol

First of all, it should be clarified that ARP is not a virus, but a "protocol-based attack behavior". It is called a virus because the transmission mode and attack phenomenon of ARP attack tools are getting closer and closer to the virus. ARP (Address interpretation Protocol) is an indispensable key protocol in network communication protocol. It is a protocol that converts an IP address to a corresponding MAC address. The existence of ARP provides a good opportunity for attackers. However, if the ARP protocol is missing, network devices cannot communicate with each other. This is the main reason for ARP toggle.

There are two types of ARP viruses: ARP spoofing and ARP attacks. ARP spoofing was first used by hackers to steal network accounts. Later, ARP spoofing was widely used in network management tools such as Internet posts and cyber law enforcement officers. The spoofed host will send data to disguised hosts, in this way, data is intercepted. ARP attacks are solely aimed at disrupting network communication. They send fake arp request packets or response packets, which means that all hosts in the network lose the orderly organization and connection, therefore, ARP attacks have become an important way to attack each other in Internet cafes.

For the spread of ARP viruses, there must be "bots", that is, the vulnerable host machine, which sends ARP spoofing, fake arp request packets and response packets by obtaining control of the host. Because there is no obvious characteristic word and ARP plays an important role in network communication, InterScan and firewall cannot cope with ARP viruses. Therefore, blocking the outflow of problematic data from the source and releasing valid ARP packets is the ultimate solution to completely eliminate ARP troubles.

Patrol "immune wall" came into being, installed on the PC immune wall terminal can complete the MAC-IP guard binding, completely eradicate ARP virus effect, even if the machine is poisoned (deleting the static binding list of the machine), it cannot affect itself and the network. The patrol monitoring terminal installed on the server provides a "visualized" operating platform for the network, which not only enables "attack locating", but also limits the ARP virus to a single host, avoid network damage. In addition, the network administrator can formulate policies, define attack behaviors, and formulate "counterattack" measures to demonstrate disciplinary actions. At the same time, it works with the Xinxiang router with the "ARP innate immune" function to cope with ARP virus attacks on the Intranet and Internet to form a comprehensive solution.

3. Patrol immune Wall

The patrol immune wall consists of two parts: the immune wall terminal and the monitoring terminal. The immune wall terminal is installed on the internal network host, and the monitoring terminal is installed on the server. The immune Wall works on the network card and runs automatically after the terminal is started. It has no operation interface and is completely subject to the "monitoring" control. It is responsible for communicating with the monitoring end, such as receiving control commands. As the windows of the entire network, the monitoring terminal can monitor certain network behaviors of each client in the network, such as the connection rate, number of established connections, ARP spoofing, IP spoofing, and sharding attacks. ()

 

Inspection immune wall "Authorized Version" monitoring terminal operation interface

The patrol immune wall provides the following functions:

1. malicious attack identification: accurately analyzes data, blocks "Network Attacks", and reports violations. Currently, IP Address Spoofing, all ARP spoofing, and flood packet attacks are supported.
2. ARP guard binding: completely eradicate the impact of ARP viruses. Even if the machine is poisoned (deleting the static binding list of the machine), it cannot affect itself and the network-the ultimate solution to ARP problems.
3. Large traffic discovery: According to the definition, when the traffic of a host is too large, the system will trigger an alarm (and reverse ).
4. Worm Virus discovery: when a host initiates too many connections, the system will trigger an alarm (and reverse)
5. Separate Intranet and Internet statistics: separate statistics on Intranet and Internet data to prevent Intranet transmission from being mistaken for a large traffic attack.
6. Traffic Control: You can separately control the upstream and downstream traffic of Intranet hosts.
7. Group permission management: Intranet hosts can be managed separately for different groups, including permissions and alarm conditions.
8. encrypted transmission using private communication protocols, with extremely high security.
9. At the same time to ensure the real-time, conduct on-site protection for dangerous behaviors, log records, and ensure that the evidence is traceable.
10. Automatic client and monitoring upgrade: the latest software can be quickly deployed on all hosts.

Iv. Expansion of patrol routes

The patrol function is not only limited to the solution of ARP problems. It targets other "protocol-based attack behaviors" that cause Internet cafe disconnection, such as UDP attacks, IP sharding attacks, SYN attacks, and counterfeit IP spoofing, fake mac spoofing, flood attack, and so on, patrol also provides a good solution.

Therefore, there must be no fewer toxic walls, fire walls, and immune walls ".