There are too many ARP spoofing viruses .. So I wrote this .. Instructions in advance. I also read other people's tutorials. But I modified it myself. This is simple.
Remember to read it. I have limited expression ability. If you cannot understand it, don't blame me...
The gateway is used to replace 192.168.0.1 with your own gateway.
Now run-CMD-route print.
========================================================== ==========================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.129 10
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.129 192.168.0.129 10
192.168.0.129 255.255.255.255 127.0.0.1 127.0.0.1 10
192.168.0.255 255.255.255.255 192.168.0.129 192.168.0.129 10
224.0.0.0 240.0.0.0 192.168.0.129 192.168.0.129 10
255.255.255.255 255.255.255.255 192.168.0.129 192.168.0.129 1
Default Gateway: 192.168.0.254
========================================================== ==========================================
Persistent Routes:
None
Such a route table (this is my route table. You may have different IP addresses). The last Metric is the priority level (permission) of the route table. The maximum value is 10.
Let's look at the first line.
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.129 10
Any IP address any IP gateway IP address local IP priority level (10 is the minimum)
This line means
If I want to access the Internet, go from the Local Machine (192.168.0.129) to any Internet server through the gateway (192.168.0.1)
The following route tables are irrelevant.
To put it simply. If you want to access the Internet, first go through the route table of the local machine, then to the router (GATEWAY), and then to the Internet server you want to access
Now we know the role of the route table ..
The ARP virus also reads the gateway from the local TCP/IP. I don't know if future ARP variants will read the route table.
Now I start ..
Method: (Anti-spoofing ARP virus)
For example, if the current Gateway (the one set in the local connection property TCP/IP, which is later) is 192.168.0.1, then we need to replace the gateway ip with any one between 192.168.0.1-192.168.0.254. But cannot conflict with other clients. You 'd better change the IP address you don't need (in fact, you can add anything to the gateway IP address in this way. We are afraid that 123.123.123.123 will be okay, but we 'd better use IP addresses of the same network segment to prevent ARP spoofing and suspicion .) Now we switch to 192.168.0.200, so we cannot get online, right? (The Gateway is not correct. All idiots know ~! -_-!) Well, the first step is done. NEXT
Run CMD-route print to view the route table. The gateway IP address in the first line is changed to the IP address you just set .. And the gateway IP address cannot be connected to the network... All Chinese know ..
Next. We still enter route add-p 0.0.0.0 mask 0.0.0.0 XXX in CMD. XXX. XXX. XXX metric 1 (set xxx. xxx. xxx. enter xxx to your actual gateway) and press Enter. The priority of adding a static route table is 1 (maximum)
Enter route print under CMD to view the route table. Bottom Line
Persistent Routes:
None
This is already replaced
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 xxx. xxx 1
A static route has been added ..
This can be done in other people's tutorials .. However, it is not feasible in actual use ..
Next. Let's do a P processing and copy the following. Save as BAT. If there is a black box on the boot, find a BAT to EXE. I remember I sent one from me some time ago. If you do not have a reply, send it to me.
Route add 0.0.0.0 mask 0.0.0.0 xxx. xxx metric 1 (replace xxx. xxx with your real gateway)
Copy it. Save as BAT. Add it to the startup Item. It runs every time it is started. You can also add it to the RUN of the Registry.
Now let's take a look at the route table. Enter route print under CMD.
========================================================== ==========================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.129 10
0.0.0.0 0.0.0.0 192.168.0.254 192.168.0.129 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.129 192.168.0.129 10
192.168.0.129 255.255.255.255 127.0.0.1 127.0.0.1 10
192.168.0.255 255.255.255.255 192.168.0.129 192.168.0.129 10
224.0.0.0 240.0.0.0 192.168.0.129 192.168.0.129 10
255.255.255.255 255.255.255.255 192.168.0.129 192.168.0.129 1
Default Gateway: 192.168.0.254
========================================================== ==========================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 192.168.0.254 1
The Gateway in the first line is the false priority we set in the local connection property TCP/IP is 10 (minimum)
The Gateway in the second line is the real gateway that we manually add. The priority level is 1 (maximum)
If you want to access the Internet. It preferentially reads the real gateway with a priority of 1 ..
ARP reads the gateway from the local TCP/IP. I don't know if future ARP variants will read the route table. Therefore, conflict with him is nothing more than conflict with a false gateway.
So we have done it .. No matter how much your gateway IP address is set. Remember that although you have added static, the P processing must be started at boot. Otherwise, the network will fail. At least I am here ..
After doing so. Don't help set IP-MAC doesn't matter. I am not sure. Some time ago, the old line was dropped. After this is done, it has never been dropped .. The machine where the ARP virus is to be dropped. Other machines and gateways are not affected.