Binding ARP bindings gateway under Windows

Source: Internet
Author: User

I. Binding ARP-bound gateways under Windows
Step One:
In the normal Internet access, enter the MS-DOS window, input command: arp-a, view the IP address of the gateway to the correct Mac, and record it down.
Note: If you are already unable to surf the internet, run the command once arp-d the contents of the ARP cache to be deleted, and the computer can temporarily resume the Internet (if the attack does not stop). Once you have access to the Internet, immediately disconnect the network (disable the NIC or unplug it), and then run ARP-A.
Step Two:
Step Two:
If the computer already has the correct MAC address of the gateway, you can ensure that the computer is no longer spoofed by simply binding the gateway IP and the correct MAC address when the Internet is not available.
To bind manually, run the following command in an MS-DOS window:
ARP-S Gateway IP Gateway Mac
For example, suppose your computer is on a network segment with a gateway of 192.168.1.1, and a native address of 192.168.1.5, after running ARP-A on the computer, the output is as follows:
Cocuments and Settings>arp-a
interface:192.168.1.5---0x2
Internet Address Physical Address Type
192.168.1.1 00-01-02-03-04-05 Dynamic
Among them, 00-01-02-03-04-05 is the gateway 192.168.1.1 corresponding MAC address, the type is dynamic, and therefore can be changed.
After being attacked, and then viewed with this command, you will find that the Mac has been replaced with the Mac that attacked the machine. If you want to find the attack machine and completely eradicate the attack, you can record the Mac at this time and prepare for the machine that will look for the attack later.
The commands that are manually bound are:
Arp-s 192.168.1.1 00-01-02-03-04-05
After binding, you can then use Arp-a to view the ARP cache:
Cocuments and Settings>arp-a
interface:192.168.1.5---0x2
Internet Address Physical Address Type
192.168.1.1 00-01-02-03-04-05 Static
At this point, the type becomes static and will no longer be affected by the attack.
However, it is necessary to note that manual binding is invalidated after the computer shuts down and needs to be re-bound again. Therefore, to completely eradicate the attack, only to find out the network segment of the virus infected computer, the virus killed, only to be considered a real problem solving. As a batch file
In the client do the ARP binding to the gateway, the following steps:
Step One:
Find the gateway address for this network segment, such as 192. 168. 1. 1, take this gateway as an example below. In the normal internet, "Start → run →cmd→ ok", enter: Arp-a, click Enter, see the gateway corresponding to the physical Address.
For example: Gateway 192.168.1.1 corresponds to 00-01-02-03-04-05.
Step Two:
Write a batch file, Rarp.bat, with the following content:
@echo off
Arp-d
Arp-s 192.168.1.1 00-01-02-03-04-05
Save as: Rarp.bat.
Step Three:
Run the batch file and drag the batch file to "windows→ start → program → start" and run the file if it needs to take effect immediately. Two. Bind IP and MAC address under Linux, prevent ARP spoofing one, apply the background
Due to the recent emergence of a new ARP spoofing virus, the main performance is:
The machine in the virus not only affects itself, but also affects other machines in the same network segment, adding the virus code to the HTTP packets of other machines. Examples of code such as:
This virus is very harmful! Even if the safety of your machine is doing well, there is no way to ensure that other machines in the same segment are safe.
WORKAROUND: Bind the IP and MAC addresses in both directions on the gateway and on the local computer to prevent ARP spoofing.

Second, the agreement
1. The gateway has been bound to the following machine. Gateway ip:192.168.1.1 mac:00:02:b3:38:08:62
2. The Linux host to be bound ip:192.168.1.2 mac:00:04:61:9a:8d:b2

Third, binding steps
1, first use ARP and arp-a to see the current list of ARP cache
[[Email protected] ~]# ARP
Address hwtype hwaddress Flags Mask Iface
192.168.1.234 ether 00:04:61:ae:11:2b C eth0
192.168.1.145 ether 00:13:20:e9:11:04 C eth0
192.168.1.1 ether 00:02:b3:38:08:62 C eth0

Description
Address: IP addresses of hosts
Hwtype: Hardware type of the host
Hwaddress: Hardware address of the host
Flags Mask: The record flag, "C" represents an entry in the ARP cache, and "M" represents a static ARP entry.

[Email protected] ~]# arp-a
? (192.168.1.234) at 00:04:61:ae:11:2b [ether] on eth0
? (192.168.1.1) at 00:16:76:22:23:86 [ether] on eth0

2. Create a new static mac-->ip corresponding table file: Ip-mac, the IP and Mac that will be bound are written to this file, in the form of an IP Mac.
[[email protected] ~]# echo ' 192.168.1.1 00:02:b3:38:08:62 ' >/etc/ip-mac
[Email protected] ~]# More/etc/ip-mac
192.168.1.1 00:02:b3:38:08:62

3, set the automatic binding on the boot
[[email protected] ~]# echo ' arp-f/etc/ip-mac ' >>/etc/rc.d/rc.local

4. Perform the binding manually
[Email protected] ~]# arp-f/etc/ip-mac

5. Verify that the binding is successful
[[Email protected] ~]# ARP
Address hwtype hwaddress Flags Mask Iface
192.168.0.205 ether 00:02:b3:a7:85:48 C eth0
192.168.1.234 ether 00:04:61:ae:11:2b C eth0
192.168.1.1 ether 00:02:b3:38:08:62 CM eth0

[Email protected] ~]# arp-a
? (192.168.0.205) at 00:02:b3:a7:85:48 [ether] on eth0
? (192.168.1.234) at 00:04:61:ae:11:2b [ether] on eth0
? (192.168.1.1) at 00:02:b3:38:08:62 [ether] PERM on eth0

From the list of ARP caches before and after binding, you can see that the logging flags for the Gateway (192.168.1.1) have changed, indicating that the bindings were successful.

Iv. Adding a trusted Windows host (192.168.1.10)
1. operation on Linux host (192.168.1.2)
[[email protected] ~]# echo ' 192.168.1.10 00:04:61:ae:09:14 ' >>/etc/ip-mac

[Email protected] ~]# arp-f/etc/ip-mac

2. Operation on Windows host (192.168.1.10)
1) Clear the ARP cache
C:documents and settingsadministrator>arp-d

2) Bind the IP and MAC address of the Linux host
C:documents and Settingsadministrator>arp-s 192.168.1.2 00-04-61-9a-8d-b2

You can write the above 2 steps in a bat (batch) file, the advantage is that in the future if you want to increase the other machine bindings, only need to maintain the file. Cases:
@echo off
Arp-d
Arp-s 192.168.1.2 00-04-61-9A-8D-B2
Exit

Note: The MAC address formats on Linux and widows are different. Linux is represented as: aa:aa:aa:aa:aa:aa,windows: Aa-aa-aa-aa-aa-aa

Binding ARP bindings gateway under Windows

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.