Anti-ARP spoofing in Linux

1. # ARP-A>/etc/ethers import the IP address and MAC address to Ethers

2. # vi/etc/Ethers
Edit the file format. The content of the ethers file must be deleted in any of the following formats.
192.168.1.x XX: xx

192.168.1.x XX: xx
...

// Note that Mac is capitalized, and there is no o, only zero, IP and Mac Space

3. # vi/etc/rc. d/rc. Local // open and display the/etc/rc. d/rc. Local file and the startup Item file.
# I // Edit
// Execute ARP-f at startup to bind according to the content in/etc/Ethers
Add the last line in the/etc/rc. d/RC/local file

ARP-F
Exit editing from ESC
: WQ // save and edit

4. # ARP-f // run the Save binding

(Ethers includes gateway Mac)

This can only prevent some ARP attacks. If you import all the ip mac addresses in the network into the ethers file, it can effectively prevent ARP attacks.

1. NMAP-SP 192.168.11.0/24

Scan, the result is that my ARP table contains the MAC of all machines in that network segment, copy all information to the/etc/ethers File

2, 3, 4 same as above

Bind local Mac
ARP-s 192.168.0.1-H ether 00: 90: 3B: 4C: 30: 3C-I eth1.
ARP-s 192.168.0.1 00: 90: 3B: 4C: 30: 3C is not allowed. The following prompt is displayed:
Siocsarp: invalid argument
ARP: cannot set entry on line 1 of etherfile/etc/ethers!

It is best to set the route:
Security Anti-ARP-spoof currently anti-ARP is more practical

Use the following command to disable ARP for the NIC:

Ifconfig eth0-ARP