Defense and counterattack against arp attacks in ubuntu

Today, in the organization, we found that someone is using jusheng network management and p2p Terminator.
 
In windows, you can install the arpfirewall or install similar software for detection. However, I have already switched to ubuntu. I can't go back to windows once I get attacked. So I went online and found some methods to prevent arp attacks in linux.
Method 1
Use static arp.
In this way, the corresponding records of ip and mac addresses are created in/etc/ethers. Then, use arp-f to read records. In this way, the mac address and ip address of the gateway are created in the static arp file. Arp spoofing is not easy.
You can also disable arp resolution by using ifconfig eth0-arp.
 
Method 2
Use arping
Babo @ babo-laptop :~ $ Arping
Usage: arping [-fqbDUAV] [-c count] [-w timeout] [-I device] [-s source] destination
-F: quit on first reply
-Q: be quiet
-B: keep broadcasting, don't go unicast
-D: duplicate address detection mode
-U: Unsolicited ARP mode, update your neighbors
-A: ARP answer mode, update your neighbors
-V: print version and exit
-C count: how many packets to send
-W timeout: how long to wait for a reply
-I device: which ethernet device to use (eth0)
-S source: source ip address
Destination: ask for what ip address
 
Example: My ip address 192.168.1.101 Gateway: 192.168.1.1
Use arping-U-I eth0-s 192.168.1.101 192.168.1.1
The result is as follows:
Unicast reply from 192.168.1.1 [00: 21: 29: 94: 62: 47] 1.999 ms
Unicast reply from 192.168.1.1 [00: 21: 29: 94: 62: 47] 9.571 ms
Unicast reply from 192.168.1.1 [00: 21: 29: 94: 62: 47] 1.245 ms
Unicast reply from 192.168.1.1 [00: 21: 29: 94: 62: 47] 1.227 ms
Unicast reply from 192.168.1.1 [00: 21: 29: 94: 62: 47] 1.390 ms
Unicast reply from 192.168.1.1 [00: 21: 29: 94: 62: 47] 4.526 ms
Unicast reply from 192.168.1.1 [00: 21: 29: 94: 62: 47] 1.294 ms
Unicast reply from 192.168.1.1 [00: 21: 29: 94: 62: 47] 1.245 ms
Unicast reply from 192.168.1.1 [00: 21: 29: 94: 62: 47] 1.239 ms
Unicast reply from 192.168.1.1 [00: 21: 29: 94: 62: 47] 1.266 ms
Unicast reply from 192.168.1.1 [00: 21: 29: 94: 62: 47] 1.259 ms
Unicast reply from 192.168.1.1 [00: 21: 29: 94: 62: 47] 1.267 ms
Sent 12 probes (1 broadcast (s ))
Received 12 response (s)
 
Ultimate Solution www.2cto.com
It is the best solution to use arpoison. This solution is based on the solution to arp attacks in linux [original.
Arpoison requires the libnet library to be correctly compiled. Therefore, you need to download libnet and arpoison.
 
Arpoison Homepage
Http://www.arpoison.net/
 
Libnet Homepage
Http://www.packetfactory.net/libnet
 
Install
Currently, libnet is installed. Because it is source code compilation, I will not talk about it when gcc is required. Check the required software package for ubuntu source code installation.
Tar zxvf libnet.tar.gz
Cd libnet/
Sudo./configure
Sudo make
Sudo make install
During compilation, some warnings are prompted, which does not matter. After installation,/usr/lib/libnet. a is enough.
 
Then install arpoison
Tar zxvf arpoison-0.6.tar.gz
Cd arpoison/
Sudo gcc arpoison. c/usr/lib/libnet. a-o arpoison
Sudo mv arpoison/usr/sbin
Example:
Babo @ babo-laptop :~ $ Sudo arpoison
Usage: -I <device>-d <dest IP>-s <src IP>-t <target MAC>-r <src MAC> [-a] [-w time between packets] [-n number to send]
 
Description
-I: eth0, the NIC interface used to send arp packets
-D 192.168.1.1: Specify the destination ip address as 192.168.1.1.
-S 192.168.1.101 specifies the source ip address as 192.168.1.101
-T ff: ff indicates that the target mac address is ff: ff (arp broadcast address)
-R 00: 1c: bf: 03: 9f: c7 specify the source mac address as 00: 1c: bf: 03: 9f: c7
 
For example, I want to prevent arp attacks.
Sudo arpoison-I eth0-d 192.168.1.1-s 192.168.1.101-t ff: ff-r 00: 1c: bf: 03: 9f: c7
 
For example, I want to attack the machine 192.168.1.50 to prevent him from accessing the Internet.
Sudo arpoison-I eth0-d 192.168.1.50-s 192.168.1.1-t ff: ff-r 00: 1c: bf: 03: 9f: c7
 
Conjecture
If you start the NAT service on the local machine
Then, use arp spoofing to trick the recipient's gateway address into his own address. Because he has enabled NAT, the recipient should be able to access the Internet cafe. Then, enable wireshark to capture packets, and the other party will be monitored unconsciously. These ideas are not tested. I don't know whether NAT can be used in this way.