How to bind Arp commands in CentOS

How to bind Arp commands in CentOS

Linux Arp command hazards: Linux Arp commands are extremely harmful. Some viruses use ARP spoofing, which not only affects their own machines, but also other machines in the same network segment, add the virus code to the HTTP packets of other machines.

1. code example: this virus is very harmful! Even if the security of your machine is very good, there is no way to ensure the security of other machines in the same network segment!

Solution: bind the IP address and MAC address to the gateway and the host to prevent ARP spoofing.

2. Linux Arp command conventions
A. The following machines have been bound to the gateway. Gateway IP: 192.168.1.1 MAC: 00: 02: B3: 38: 08: 62
B. Linux host IP address to be bound: 192.168.1.2 MAC: 00: 04: 61: 9A: 8D: B2

3. Linux Arp command binding procedure
1. Use arp and arp-a to view the current ARP cache list.

1. [Root @ ftpsvr~] #Arp
2. AddressHWtypeHWaddressFlagsMaskIface
3. 192.168.1.234Ether00: 04: 61: AE: 11: 2BCEth0
4. 192.168.1.145Ether00: 13: 20: E9: 11: 04CEth0
5. 192.168.1.1Ether00: 02: B3: 38: 08: 62CEth0

Linux Arp command description:
Address: IP Address of the host
Hwtype: host hardware type
Hwaddress: host hardware address
Flags Mask: Record flag. "C" indicates entries in the arp cache, and "M" indicates static arp entries.

[Root @ ftpsvr ~] # Arp-
? (192.168.1.234) at 00: 04: 61: AE: 11: 2B [ether] on eth0
? (192.168.1.1) at 00: 16: 76: 22: 23: 86 [ether] on eth0

2. Create a static mac --> ip table file: ip-mac. Write the IP address and MAC address to be bound to this file in the format of ip mac.
[Root @ ftpsvr ~] # Echo '1970. 168.1.1 00: 02: B3: 38: 08: 62'>/etc/ip-mac
[Root @ ftpsvr ~] # More/etc/ip-mac
192.168.1.1 00: 02: B3: 38: 08: 62

3. Set automatic binding upon startup
[Root @ ftpsvr ~] # Echo 'Arp-f/etc/ip-mac'>/etc/rc. d/rc. local

4. Manually perform the binding
[Root @ ftpsvr ~] # Arp-f/etc/ip-mac

5. Check whether the binding is successful.

1. [Root @ ftpsvr~] #Arp
2. AddressHWtypeHWaddressFlagsMaskIface
3. 192.168.0.205Ether00: 02: B3: A7: 85: 48CEth0
4. 192.168.1.234Ether00: 04: 61: AE: 11: 2BCEth0
5. 192.168.1.1Ether00: 02: B3: 38: 08: 62CMEth0
6. [Root @ ftpsvr~] #Arp-
7. ?(192.168.0.205)At00: 02: B3: A7: 85: 48[Ether]OnEth0
8. ?(192.168.1.234)At00: 04: 61: AE: 11: 2B[Ether]OnEth0
9. ?(192.168.1.1)At00: 02: B3: 38: 08: 62[Ether]PERMOnEth0

From the ARP cache list before and after binding, you can see that the gateway (192.168.1.1) record mark has changed, indicating that the binding is successful.