ARP Attack and Defense instance

ARP is a layer-3 protocol that works at the network layer. It resolves IP addresses into MAC addresses. As a popular attack method, ARP attacks can be used to cheat, Mount Trojans, and steal game accounts. If you are interested, You can google it. There are a lot of content on the Internet. The following example demonstrates ARP-based attacks and defense.

Tool used: ArpSpoof.exe network topology: Description: There are two computers in the network environment. The network configuration is shown in figure. Now we use PC1 to attack PC2 to demonstrate ARP attacks. Before the attack starts, let's take a look at the network configuration of PC2, from which we can see that the current network is normal and the attack process can be normally connected to the Internet: 1. first, install ArpSpoof on PC1, decompress the ArpSpoof package to a directory, run --> uninstall startup commands, open a prompt dialog box, switch to the directory where arpspoof.exe is located, execute ArpSpoof/I, and install the driver. 2. now we start to launch an ARP attack on PC2 and execute the command: arpSpoof 192.168.0.200 192.168.0.1 0 2 to start an ARP attack, for example, 3. now ping the gateway on PC2, and find that the ping fails, and then view the IP-MAC address ing table, execute arp-a, the results are summarized as follows: through the demonstration results, it can be determined that PC1 is effective against PC2 ARP attacks. ARP defense: The above is a simple demonstration of ARP attacks. How can we defend against such attacks? You can install the arpfirewall. There are many such products, but the defense effect does not look very good! You can also write a batch to bind the IP address to the MAC address. The process is as follows: first create a text document and enter the following command: arp-s 192.168.0.1 00-26-5A-AA-8C-BAarp-s 192.168.0.200 00-0C-29-DE-49-F4 and then modify the text document. bat file, and let it start automatically, so you don't have to execute this batch of files every time you start the system. Note: in actual use, you need to change the IP address and MAC address of the gateway and Local Machine to your own. We first execute this batch processing on PC2, and then look at the IP-MAC address ing table: for example: Now, we will then perform ARP attacks on PC2, wait for a few minutes, see the effect, such: conclusion: PC2 can successfully ping the gateway and the network is normal. It indicates that PC2 can effectively defend against ARP attacks. Note: The defense method provided here can only prevent ARP attacks on the local machine. If an attacker initiates an ARP attack on the gateway, this method is invalid and must be bound to the gateway.