ARP is the abbreviation of Address Resolution Protocol. In the LAN, the actual transmission is frame, and the frame contains the MAC address of the target host. In Ethernet, to directly communicate with another host, you must know the MAC address of the target host. But how can I obtain the target MAC address? It is obtained through the Address Resolution Protocol. The so-called "Address Resolution" refers to the process in which the host converts the target IP address to the target MAC address before sending the frame. The basic function of ARP is to query the MAC address of the target device through the IP address of the target device to ensure smooth communication.
Evaluation Software
Click to directly access the firewall Evaluation page
360 security guard arpfirewall 2
Jinshan arpfirewall 1.2
Rising firewall Personal Edition 2008
CHX-I V3
Arpfirewall Personal Edition 5.0.1 (ANTIARP)
Yundun firewall 1.27 BETA2
ARP attack software
P2P Terminator 3.6 (he was chosen because he is free of charge and has good performance. The operation is simple and suitable for all groups of users. He should be among the top users in ARP attack software)
Test Environment
China Telecom 1 m adsl, a router, a local machine, a small LAN consisting of two virtual machines (in the bridge mode), this test is mainly carried out in virtual machines!
Use thunder to check out the software for downloading the speed test.
In order to avoid the speed of different video resources, only Nagano Legend 2 is used for each test.
Virtual Machine System
Network speed without ARP Spoofing
No defense against the network speed when ARP spoofing occurs
All ARP Spoofing rules are
In the following example, the attacker machine is called A and the attacker is called B.
360 security guard arpfirewall
System Requirements: free of charge, but 360 security guard must be installed, otherwise installation is not allowed
Restart After installation is complete.
Interface and settings
Resource usage
Test Results
The P2P Terminator on the attacker can detect the local host and impose ARP spoofing speed limits on it. It finds that the firewall can intercept, but the speed is still limited. The firewall intercepts 336 attacks within one minute.
Jinshan arpfirewall
Authorization method: free version
Supported systems: 2 K/XP/VISTA
Interface and settings
Test Results
Kingsoft sets the security mode. The P2P terminator of Kingsoft cannot find the client. However, if the P2P Terminator is enabled before Kingsoft arpfirewall is started, B will still be detected.
In addition, if server A detects server B for the first time, it does not detect server B for the next time. If the IP address of server B still exists in the P2P attack list, even if Server B is not detected, it will send ARP spoofing like server B by default.
Test Kingsoft detected 1547 attacks within one minute. ARP spoofing speed limit has little impact on machine B.
The result is as follows: