However, you are not allowed to go out of the door. All your contact with the outside world must be contacted by Uncle Li (GATEWAY) by phone. If you want to chat with your classmate James, James lives in another yard far away (James and you are not on a LAN ), uncle Wang (James's gateway) is also in the courtyard of his house ). You do not know the phone number of James's house, but your teacher in charge has a list of all the students in your class and a phone number table. Your teacher is your DNS server. So you called Uncle Li at home and had the following conversation:
Tom: Mr. Li, can I check James's phone number with the class teacher? (DNS query)
Uncle Li: Well, you are waiting. (Then, Uncle Li Hung up a phone number for your class teacher and asked James about his phone number.) He asked his phone number 211.99.99.99 (the IP address of James's house)
Small: Great! Uncle Li, I want to contact James. Could you help me contact James.
Uncle Li: No problem. (Then, Uncle Li sent a request to the telephone Bureau to connect Mr. Smith's phone. The last pass was, of course, transferred to Mr. Wang from the courtyard of Mr. Smith's house, then grandpa Wang transfers the phone number to Xiao mingjia)
In this way, you have contacted James. (Establish a connection)
As for the DHCP server, it can be compared as follows:
There are more and more residents in your yard. The telephone switches in the data transmission room, Uncle Li, cannot meet the needs of so many residents (originally, there were few partners and there were too many fixed IP addresses, if you cannot handle the problem, you can use DHCP. When the residents start the system, they will get a random phone number. Each time they get a different phone number, the number may be different. Once in a while, the number you rented will be withdrawn and you will need to get a new one next time. (This is the DHCP lease)
Uncle Li at your door: Your gateway
Your class teacher: your DNS server
Communication room telephone switch: Your DHCP server
Similarly, the conversation between Uncle Li and Mr. Wang is called routing.
In addition, if there is another child called Tom, he lives in the courtyard to visit Uncle sun, because he has just built a dark courtyard, and Uncle sun has just arrived, he does not have the phone number from Uncle Li and Uncle Wang's office (Ye Li and Mr. Wang certainly do not have his phone number). There are two situations:
1. Zhao Dama of the neighborhood committee told Sun's phone number about Uncle Li and Wang (Zhao Dama also told Li and Wang about Sun's phone number), which is called static route setting.
2. Zhao Dama is ill. Grandpa sun calls everywhere and says, "I am from the dark, and the phone number is in charge of the Yard." Li and Wang heard the result, I recorded it in their address book, and then Li and Wang sent a call to Uncle sun and said, "I'm James (not a little) and they called the yard ", this is called Dynamic Route configuration.
Then, one day, I am not looking for a dark image. The result is naturally that I am not calling Uncle Li and saying, "Grandpa, I am looking for Tom "(here I omitted the process of checking the phone number by Mr. Li. Suppose he knows the phone number by Mr. Li). When Mr. Li looks for the address book:" Oh, the phone number of the yard is managed by Uncle sun. if you want to contact Mr. Sun, you must first notify him. I can notify Mr. Wang to ask him to contact Mr. Sun, you can also look for sun directly. Of course, it is convenient to look for sun directly. "So Uncle Li called Uncle sun and then he transferred the phone to Mr. Sun's home.
Here, Uncle Li's address book is called a route table.
Uncle Li chose whether to directly find Uncle sun or ask Uncle Wang to help transfer the route.
The reason why Uncle Li chooses to contact uncle sun directly is that he can find Uncle sun in one step. If Uncle Wang needs to transfer the information, two steps are required, here, the "Step" is called "Number of hops". Uncle Li's choice follows the minimum step (number of hops) Principle (if he does not follow this principle, it may take some time to find the hidden state. The final result may lead to Uncle Li being fired for poor work. This is called "the delay is too long and the routing principle is unreasonable, changed to a vro ")
Route tables on the Internet are always transmitted in this way. If the central router breaks down one day, then many points associated with this will not find the target, and you will not be able to access the network.
Of course, things are always changing. Tom and James are quarreling. These days, Tom always calls Tom and thinks, "Fuck, is he talking bad about me ?" So James decided to eavesdrop on a conversation with Tom, but he was not allowed to leave the hospital. What should he do? James made the following decision:
First, he told Ye Wang, the phone number manager in his courtyard, "you have called Ye Li to say that Mr. Smith has moved to our yard. I will pick up the phone number he has called ", uncle Wang did not reflect it (after all, he is older !) He called Ye Li and said, "Now I have managed Mr. Sun's phone number." As a result, Mr. Li changed his address book, this is called route spoofing.
In the future, if you try again, Uncle Li will transfer it to Uncle Wang (in fact, it should be transferred to Uncle Sun ), when Mr. Wang received the call, he transferred it to James (because he had already spoken to James). When James received the call, he pretended to communicate with Tom. James was a thief and was afraid to ask him in person when he met Tom tomorrow. after the communication was broken, I made a phone call for Tom again in the name of Tom and told him what I had just said. This is called data **.
Later on, James continued to communicate with Tom, and then fell victim to James. James said, "I can't always talk to Tom like this, what should I do if I expose the stuffing one day!" So he thought of a more sinister TRICK: "I will not listen to your phone call at all. Aren't you sure you want to call me! I cannot beat you, too !", How did he do it? Let's take a look:
He contacted a group of friends and colluded with them. Every day, at a fixed time, everyone made a phone call to the passer room in the dark courtyard. Everything was available. As long as grandpa sun answered the phone, you will hear "thunder, rain and clothes!" "People are fucking born, the demon is fucking born", "Your Mom's surname", etc. The head is too big to listen, the phone keeps ringing! One day, Grandpa sun couldn't help it, and shouted, "I can't help pulling !!!!", So I hung up and killed myself!
This is the simplest DDoS attack. Grandpa Sun's weak psychological endurance is called "a bug in the datagram processing module". Grandpa Sun's suicide is called "router paralysis ". If it was me, I would smile at home with them, for example, tell them "I have listened to the weather forecast, my clothes have been taken up 10 minutes ago" or "have a surname with your grandmother", etc, my sound psychology is called "robust datagram processing, able to defend against any attack". Even so, James can find a bunch of friends and friends (BOTS) to let Grandpa sun go.
After Grandpa sun collapsed, he finally stopped calling Tom because no matter how he played the other party, he was busy. This phenomenon is called "denial of service ", therefore, James's practice is also called "Denial of Service Attack" (DoS attack). When there are more friends, it is called Distributed Denial of Service Attack (DDoS ).
James finally quieted for a few days ,...
A few days later, James's yard came to a beautiful girl named Xiaoli, who liked her very much (what is early love at a young age !) But Xiao Li has a very handsome boyfriend, and James can't help but stare. Of course, the above principle should be followed: Lili cannot be discharged from hospital. The man wanted to make a phone call for Lili, so James was so anxious:
Do you still remember that grandpa Wang is the telephone manager of the yard? He can manage the phone number because he has an address book. Because two children in the same yard may be called James and cannot be distinguished by their names, there are only two items in each line in the address book:
House phone number
Gate 1 1234567 (this is James's) corresponds to the mac ip Address
Gate 2, 7654321 (this is Lili's)
......
Grandpa Wang has a bad memory, but it will never be wrong. (There won't be two "Gate 2" in the same yard )? Every time I call someone else, I need to give a phone number and then use the address book to knock on the door in the yard. For example, if someone says that I am looking for "1234567", grandpa Wang compared it, if it is door 1, he will go to Door 1 and "Listen to phone". If it is "7654321", then he will go to door 2 to "Listen to phone ".
The phone number here is the legendary "ip address"
The room number here is the 'mac' address of the legendary NIC (the MAC address of each Nic is different, which is written by the NIC manufacturer into the NIC chip)
James thought, "I don't want to talk about it if I don't get it." So he started his idea of grandpa Wang's address book. After careful observation and careful preparation, he finally found out that grandpa Wang had frequent urination problems (after all, the old man ...), finally, in the dark and windy day of the month, grandpa Wang went to the toilet. James secretly touched the transfer room and carefully changed Grandpa Wang's address book ......
After a few days, Xiaoli's boyfriend called Xiaoli again. The phone number reported by the other party was "7654321". grandpa Wang looked at the address book and relied on:
House phone number
Gate 1, 1234567 (this is James's)
Door 1, 7654321 (Note: This was originally from Lili, but it was changed by James)
......
Grandpa Wang didn't know how to change it, so he went to the door No. 1 to find Xiao Ming. James felt this beautiful, he taught the relationship between the man and the girl in the tone of Xiao Li's father. As a result, the man hangs up with respect. Of course, Lili doesn't know how the whole thing happened...
Here, James's behavior is called "ARP spoofing" (because ARP packets are sent on the actual network, it is called "ARP spoofing "), grandpa Wang's address book is called an ARP table"
Note: grandpa Wang now has two address books. One is to record the phone number of each yard, which is called the "route table" and the other is to record the detailed information in the yard, it is called an ARP table ".
In grandpa Wang's system, one of them wrote "check the corresponding house number and phone number (ARP table) every month", which is called "Refresh ARP table ", the time limit of each month is called "the cycle of refreshing the ARP table ". In this way, James will never be able to find Xiaoli, And he will secretly change the address book once every month. But this is what he has to do!
In addition, James is very smart. If the address book (ARP table) is changed to this:
Home (MAC) Phone (IP)
Gate 1, 1234567 (this is James's)
Gate 2 1234567 (note: this was changed by James, but he was dizzy and wrong at the moment) means that the two MAC addresses correspond to the same IP address ......
The computer will pop up a dialog box prompting "Duplicate IP addresses". In the end, grandpa Wang will be overwhelmed, so he will notify Door 1 and door 2 that your phone number is repeated. In this way, Lili will know that someone is destroying her good deeds. This phenomenon is called "scam exposed"
Tom knows that James eavesdropped on his phone number with Tom, so he agreed on the password with Tom. Click "encrypt" at home and then tell "dark. Tudou-> Wednesday, sweet potato-> treat, dumb-> small family. So I told Tom: potato dummies. James listened ??? Don't understand .... Depressed... This is encrypted.
In addition, Lili also knew that James had changed his phone number. So grandpa Wang went to the door and wrote down the phone number and house number one by one. In addition, attackers are not allowed to modify the password. They can only have their own keys (passwords ). This is the binding between the IP address and the MAC address. When someone changes the phone number, he needs to change it to grandpa Wang. The trouble is troublesome, but it is safe. But James secretly stole grandpa Wang's key (the password was stolen), so he could modify it.
ARP spoofing:
Mr. Wang and Mr. Zhang both live in the same building (computer A and computer B are in the same network segment). To find them, he must visit the door of Mr. Zhang (GATEWAY, according to Mr. Zhang, Mr. Wang told him: I am Mr. Wang. I come to this record in Room A and tell the visitor that you should go to room A to find Mr. Wang. Normally, you need to find Mr. Zhang first. Then, Mr. Zhang tells you that Mr. Wang is in room A (address of computer)
If Mr. Zhang always says to Mr. Zhang: Actually, I am Mr. Wang. Actually, I am Mr. Wang... I'm in room B.
So when you came to Mr. Wang, ye Zhang told you that Mr. Wang was in Room B ...... As a result, you treat Xiao Zhang as Xiao Wang, and you are fooled.
This is a situation of ARP spoofing.
Another situation is that Mr. Smith is infected with viruses, and the virus keeps sending ARP packets, telling Mr. Zhang that I am the expert Zhang and telling others that I am uncle zhang. You are going out, you need to find me. Because Mr. Smith is not the real Master Zhang, many active users (gateways) cannot do it. As a result, many people cannot access the Internet or access websites that do not deserve to download viruses. This is session hijacking.
This storm of rising arpfirewall is like this:
To prevent ARP spoofing, Mr. Smith once told the gateway Uncle Zhang that I am Mr. Wang and I am in Room A. Remember wrong...
Let's talk about it again later, said Uncle Zhang. Oh, I know. (I'm not bothered to ask if I have something to do .)
The problem occurs:
Wang kept shouting: "I'm Mr. Wang, I'm Mr. Wang." he shouted, shouting, and Uncle Zhang was getting bored; if everyone in the building doesn't listen, ask Uncle Zhang to say this ....... uncle Zhang kept responding: "I know it ". I'm afraid this Uncle Zhang kept saying "I know ". This is a great deal for everyone, and the delivery room (GATEWAY) is blocked.
1. There are people in the corridor, and normal walking is affected (the network speed slows down and many ARP packets are transmitted)
2. Xiao Zhang, Xiao Wang, Xiao XX... When dozens or even hundreds of people shout and shout together, Uncle Zhang has to keep answering: Well, you know, you have to record it, so there is no time to do anything else. (Fully load the CPU load of the uplink vrouters and other network devices)
What is the solution?
1. Don't let a bunch of people yell at Uncle Zhang and broadcast it in a small scope.
2. Do not shout too frequently. The time interval is longer.
The above method is used to prevent ARP viruses and spoofing. In some cases, it is not worth the candle.
The most thorough way to deal with the ARP virus is to bind two-way IP and Mac between the switch port and the local port, which is truly active. Network administrators can be exhausted, which is critical to anti-virus.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
