Defense Against ARP attacks in Linux

Recently, my friend server often suffers ARP virus attacks every day, causing the website to fail to operate normally. I asked if I have any good solutions. After some attempts by Google, I finally got a solution, the virus-infected machine is found to notify the machine room of a Windows machine, and the defense policy is implemented on the machine. The problem has been well solved and the cuci enthusiastic help has been obtained in this process, thank you! Okay! The procedure is as follows:

1./* Find the ARP attack machine */
How to obtain the MAC addresses of all machines in the same network segment

Machine viruses are detected in the data center, ARP packets are sent. Although arpspoof can solve the problem, you can also find the MAC address of the computer with viruses. However, when the equipment in the data center is insufficient, it is difficult to find the IP address corresponding to the MAC address. Then we can use arping to send a packet to the machine under the subnet through a loop, so that we can view the corresponding MAC cache under ARP, and then get

IP address.

Code:

#! /Bin/sh
# Thanks to the author Wu Hongsheng
For (I = 1; I <254; I ++ ))
Do
Arping-I eth0 60.191.82. $ I-c 1
Done
ARP-A> mac_tableAfter the script is run, view the mac_table generated in the current directory.
# ARP-A: Find the MAC address of the gateway when you are poisoned, and record the corresponding machine in mac_table. Then you can find out that machine is infected with the ARP virus.

2./* use arpspoof to defend against ARP attacks */
# Yk103, the original solution provider, is here to thank you!
Install Libnet first
Http://www.packetfactory.net/libnet/dist/libnet.tar.gz
Tar-xvzf libnet.tar.gz
CD Libnet
./Configure
Make
Make install

Install arpoison
Http://www.arpoison.net/arpoison-0.6.tar.gz
Tar-xvzf arpoison-0.6.tar.gz
CD arpoison
GCC arpoison. c/usr/lib/Libnet. A-O arpoison
MV arpoison/usr/sbin

Write the arpdefend. Sh script.

Code:

#! Bash
# Arpdefend. Sh
# Yk103
# Gateway MAC address
Gateway_mac = 00: 11: BB: A5: D2: 40
# Target MAC address
Dest_mac = FF: FF
# Destination IP address (CIDR Block broadcast address)
Dest_ip = 60.191.82.254

# Local Nic Interface
Interface = eth0
# $ Interface MAC address
My_mac = 00: 30: 48: 33: F0: Ba
# $ Interface IP Address
My_ip = 60.191.82.247

# Create a static IP/MAC entry on the local machine $ dest_ip -- $ gateway_mac
ARP-S $ dest_ip $ gateway_mac

# Send ARP reply to update $ dest_ip to $ my_ip. the MAC address of $ my_ip is $ my_mac.
Arpoison-I $ interface-d $ dest_ip-S $ my_ip-T $ dest_mac-r $ my_mac 1>/dev/null &

From: http://www.linuxpk.com/391/viewspace-10196.html