Home > Others

ARP protocol for TCP/IP stack reinforcement of Unix operating systems

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

ARP Protocol Analysis

Layer 3 of the OSI model is the data link layer, which provides a data transmission mechanism between network nodes. The important reason for this layer is that it is responsible for dividing data into frames for transmission. There are many insecure factors worth exploring on the data link layer, but the most important is the IP Address Resolution Protocol ARP ).

The Address Resolution Protocol ARP is used to convert IP addresses to MAC addresses. To avoid unnecessary ARP packet query, the operating system of each host maintains an ARP high-speed Cache ARP Cache, record the ing between IP addresses of other hosts on the same link and MAC addresses. ARP high-speed cache is usually dynamic. The cache can manually add static entries, which are refreshed by the system after a certain interval.

Although ARP is an efficient data link layer protocol, as a LAN protocol, it is built on mutual trust between hosts. Therefore, ARP has the following defects: ARP high-speed cache is dynamically updated at any time based on the received ARP Protocol package. ARP has no connection concept, and any host can respond even if there is no ARP request; the ARP Protocol does not have an authentication mechanism. As long as the received protocol package is valid, the host will unconditionally refresh the local ARP cache based on the content of the Protocol package, without checking the legitimacy of the Protocol package.

ARP Application

Therefore, attackers can send fake ARP packets to update the ARP cache on the attacked host at any time to perform Address Spoofing or DoS attacks. Adjust the ARP cleaning time. By buffering IP addresses with forged ARP entries, malicious users can experience resource depletion and performance reduction attacks.

 
 
    
  
  
  1. AIX5  
    2. 
  
  
  2.  
    3. 
  
  
  3. #no -o arpt_killc=20 
    4. 
  
  
  4.  
    5. 
  
  
  5. FreeBSD 5-7  
    6. 
  
  
  6.  
    7. 
  
  
  7. #sysctl -w net.link.ether.inet.max_age=1200 
    8. 
  
  
  8.  
    9. 
  
  
  9. Solaris8-10  
    10. 
  
  
  10.  
    11. 
  
  
  11. #ndd -set /dev/arp arp_cleanup_interval 60000  
    12. 
  
  
  12.  
    13. 
  
  
  13. Linux2.4-2.6  
    14. 
  
  
  14.  
    15. 
  
  
  15. #sysctl -w net.link.ether.inet.max_age=1200 
    16.

Note: If the interval between ARP cache cleanup is set to be too large, a large network may not be allocated to an ip address (some hosts that are assigned an ip address are not opened or occupy the ip address). It must be too small, this caused a large number of broadcast storms.

The content of ARP attacks has been introduced to you. I hope you have mastered it. We will continue to introduce it to you in future articles. This article and previous articles mainly introduce how to enhance the TCP/IP stack of Unix family systems. In fact, it is very simple. By configuring command lines, you can protect or mitigate Unix-type servers from Network-level denial-of-service attacks, including SYN flood attacks, ICMP attacks, and SNMP attacks.

  1. UNIX System Security Crisis assessment
  2. Take targeted measures to ensure the security of Unix servers
  3. Analysis of the inevitability of Unix host System Security Vulnerabilities
  4. TCP/IP stack reinforcement for Unix operating systems-TCP protocol section
  5. ARP protocol for TCP/IP stack reinforcement of Unix operating systems

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
operating systems for mobile devices top operating systems for laptops installation of unix operating system tcp ip protocol number design of unix operating system reset tcp ip stack different types of operating systems and functions

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More