Features and Protection of ARP viruses in servers or vps

 

Some users report that virus code has been inserted to all websites on the server, but the virus code cannot be found in the server's source file. Therefore, the network administrator cannot clean up the virus, why is this? This is caused by the recently popular ARP virus. Specifically, there are hundreds of servers in the data center where your server is located. One server is infiltrated and installed with the ARP virus. Although not your own server is intruded, but it will also seriously affect other servers, including your own servers.

 

 

For example, if one of the servers with viruses is intruded into the data center, it will

Other servers in the room broadcast such fraudulent information: "I am a gateway and you send packets.

", Other servers automatically send normal data after receiving this information.

Sent to this "infected server", this "infected server" will be normal

Insert virus code into the data (usually webpage). When you use IE to remotely access

When a website is on your own server, you will find all the websites on your server inexplicable.

"Virus code" has been inserted to all the workers, but you cannot find them in the source file of the server.

To these "virus code ".

 

Bytes ------------------------------------------------------------------------------------------------------------

 

Solution:

1. From the above analysis, we can know that if you want to fundamentally solve this problem,

You must first find out the virus-infected server in your IDC and then stop the virus-infected server.

And conduct anti-virus.

 

2. If the IDC does not help you solve the problem, you can forcibly set your own server

The server uses the static gateway. After the static gateway is set, the server that receives the virus

The broadcast information: "I am a gateway, and everyone sends packets through me" is the same

Will be affected.

 

The configuration method is as follows:

 

1. on your server desktop,

 

2. Create a bat-format batch file named "prevent ARP. bat.

 

The file content is as follows:

Arp-d *

Arp-s 192.168.0.1 03-00-0f-07-a0-0c

 

(Replace 192.168.0.1 with the IP address of your Server Gateway,

You can obtain this IP address from the IDC ).

(Change 03-00-0f-07-a0-0c to your server Gateway

MAC address. You can also obtain this address from the IDC ).

　　　　　　　　　

Note: If the IDC does not tell you the MAC address, you can also

Run the arp-a command to view the MAC address of the gateway.

Note: If the ARP virus exists, the MAC address may be incorrect. You need

Confirm with your IDC

 

3. After setting the batch file, you can double-click it to run it.

Set your server to use static gateway ". This will solve the problem.

ARP attacks.

 

Note: each time you restart the server, you need to re-run the "batch processing file"

To take effect. You can also add this "batch processing file"

In the "Start item" or "scheduled task" added to the operating system,

Let him run it on his own.

 

 

You can also install other software, such as antiarp and Kingsoft ARP.