ARP defense-double-binding batch processing ++ set

I. This batch processing has defects and sometimes cannot achieve true double binding!

@ Echo off

: Read the Mac address of the Local Machine
If exist ipconfig.txt del ipconfig.txt
Ipconfig/all> ipconfig.txt
If exist phyaddr.txt del phyaddr.txt
Find "Physical Address" ipconfig.txt> phyaddr.txt
For/f "skip = 2 tokens = 12" % M in (phyaddr.txt) do set Mac = % M
: Read the local IP Address
If exist IPAddr.txt del IPaddr.txt
Find "IP Address" ipconfig.txt> IPAddr.txt
For/f "skip = 2 tokens = 15" % I in (IPAddr.txt) do set IP = % I
: Bind the local IP address and MAC address
Arp-s % IP % Mac %
: Read the gateway address
If exist already ip.txt del already ip.txt
Find "Default Gateway" ipconfig.txt> GateIP.txt
For/f "skip = 2 tokens = 13" % G in (ip.txt) do set destination IP = % G
: Read the Mac address of the gateway.
If exist GateMac.txt del GateMac.txt
Arp-a % slave IP %> GateMac.txt
For/f "skip = 3 tokens = 2" % H in (GateMac.txt) do set hosts MAC = % H
: Bind the Mac and IP addresses of the gateway.
Arp-s % GateIP % GateMac %

Arp-s gateway IP Gateway MAC

Exit

This batch processing needs to query the local ARP cache table to see if there is a gateway IP address and a MAC address.

Bound, but not bound !!! However, we can improve it to achieve the goal of double binding, such

Add a line of arp-s gateway IP Gateway MAC...

2. This cannot achieve true double binding. You can only bind the local IP address and MAC address.

(Thanks to the Chinese DOS Alliance lxmxn)

@ Echo off
For/f "delims =: tokens = 2" % a in (ipconfig/all ^ | find "Physical Address") do set local_mac = %
For/f "delims =: tokens = 2" % a in (ipconfig/all ^ | find "IP Address") do set local_ip = %
For/f "delims =: tokens = 2" % a in (ipconfig/all ^ | find "Default Gateway") do set gate_ip = %
Fo */* % * in (getmac/nh/s % local_ip %) do set gate_mac = %
Arp-s % local_ip % local_mac %
Arp-s % gate_ip % gate_mac % ......)

After testing, the batch processing cannot bind the gateway IP address and MAC address, but can only bind the local IP address and MAC address.

3. This is not very clear. I want to test it. Currently, I know that I can also bind the local IP address and MAC address.

(Thanks to the Chinese DOS Alliance everest79)

@ ECHO OFF
SETLOCAL ENABLEDELAYEDEXPANSION
For/f "tokens = 2 delims = [] =" % I in (nbtstat-a % COMPUTERNAME %) do call set local =! Local! % I
For/f "tokens = 3" % I in (netstat-r ^ | find "0.0.0.0") do set gm = % I
For/f "tokens = 1, 2" % I in (arp-a % gm % ^ | find/I/v "inter") do set gate = % I % j
Arp-s % gate %
Arp-s % local %

Arp-s gateway IP Gateway MAC
This batch processing can bind the gateway IP address and MAC address, but it still has defects. It depends on the ARP cache on the local machine!
The improved method is to add an arp-s gateway IP address and a MAC address at the end!

4. This is found on a brother's blog. The principle is the same as the first one, but it has improved a little!

This P ping the gateway three times to get the gateway's MAC. In fact, the above batch can be used to handle the gateway's IP address and MAC,
However, if ARP spoofing occurs during startup, the IP address and MAC address you bound are wrong and cannot be accessed ..

But this is rare. Please try it out first!

@ Echo off

::::::::::::::::::: Clear all ARP caches
Arp-d

:::::::::::::::::: Read local connection Configuration
Ipconfig/all> ipconfig.txt

:::::::::::::::::: Read the IP address of the Intranet gateway.
For/f "tokens = 13" % I in (find "Default Gateway" ipconfig.txt) do set GatewayIP = % I

:::::::::::::::: PING the Intranet gateway three times.
Ping % GatewayIP %-n 3

:::::::::::::::::: Read from the arp cache of the gateway.
Arp-a | find "% GatewayIP %"> arp.txt

:::::::::::::::::: Read and bind the gateway MAC
For/f "tokens = 1, 2" % I in (find "% GatewayIP %" arp.txt) do if % I = % GatewayIP % arp-s % I % J

::::::::::::::::: Read the IP address of the Local Machine + MAC
For/f "tokens = 15" % I in (find "IP Address" ipconfig.txt) do set ip = % I
For/f "tokens = 12" % I in (find "Physical Address" ipconfig.txt) do set mac = % I

::::::::::::::::: Bind the IP address of the Local Machine + MAC
Arp-s % ip % mac %

:::::::::::::::::: Delete all temporary files
Del ipconfig.txt
Del arp.txt
Exit

The preceding P can be used together with the IP address and MAC address of the client on the route to implement completely anti-ARP, but only the IP address and MAC address of the following machine and gateway can be bound separately.
It is not very useful. For the routing above, because the routes used by everyone are different, this will not be written!