How to bind lan ip addresses to MAC addresses, bind lan ip addresses and MAC addresses to prevent IP conflict attacks
So how can we protect lan network security and prevent LAN users from arbitrarily modifying IP addresses? I believe that you can disable IP address modification on your computer in the following two ways:
1. You can bind an IP address to a MAC address, bind an IP address to a MAC address, and prohibit the computer from modifying the IP address or changing the IP address.
Binding IP addresses and MAC addresses is easy to set, for example, by using commands. For example, my IP address is 192.168.1.11, And the MAC address of the NIC is 00-11-2F-3F-96-88 (how can I see my MAC address? Enter ipconfig/all in the command line and respond as follows:
Physical Address ......: 00-11-2F-3F-96-88
DHCP Enabled...
IP Address ......: 192.168.1.11
Subnet Mask ......: 255.255.255.0
Default Gateway...: 192.168.1.1
DNS Servers ......: 61.177.7.1
Primary WINS Server...: 192.168.1.254
This information is the IP address and MAC address of your current computer!
Then, enter arp-s 192.168.1.11 00-11-2F-3F-96-88 in the command line and press Enter.
To check whether it is bound, run arp-a 192.168.1.11 and press Enter. The following message is displayed:
Internet Address Physical Address Type
192.168.1.30 00-11-2f-3f-96-88 static.
What if I want to divide it? Enter arp-d 192.168.1.30 in the command line to remove it.
Bind Gateway:
Arp-s 192.168.1.1 xx-xx (Gateway mac address)
View your IP address and the MAC address of the NIC. For Windows 98/Me, Run "winipcfg". The IP address displayed in the dialog box is, and the "adapter address" is the MAC address of the NIC. In Windows 2000/XP, enter "ipconfig/all" at the command prompt. The displayed "Physical Address" is the MAC Address, and "IP Address" is the IP Address; to bind the two, enter "arp-s IP address MAC address", for example, "arp-s 192.168.0.28 54-44-4B-B7-37-21.
2. Use special lan network management software and Internet behavior control software to bind IP addresses and MAC addresses of LAN computers to prevent unauthorized IP address modification.
Currently, many local area network control software and network management monitoring software are available in China. Generally, IP addresses and MAC addresses are bound. Generally, through such network management software, you can easily scan the IP address and MAC address of a LAN computer, and then click it to bind it. For example, there is a "jusheng network management" software (: http://www.grabsun.com/soft.html), you only need to install a computer in the LAN, you can scan all the LAN Computer IP address and MAC address, then, you can click the mouse to bind the IP address and MAC address. After binding, the LAN computer cannot modify the IP address and MAC address. Once modified, the computer cannot access the Internet, thus preventing the computer from modifying the IP address, as shown in:
Figure: binding an IP address to a MAC address
At the same time, the "jusheng network management" software can also detect lan arp attacks. Once a lan arp attack is discovered, the attacker's IP address and MAC address will be automatically output, this allows the network administrator to promptly troubleshoot the attack source host and protect lan network security. As shown in:
Figure: ARP attack output
In short, either through the operating system's built-in IP address and MAC Address binding command, or by using a dedicated lan network management software can achieve lan ip address and MAC Address binding function, however, compared with binding IP and MAC through commands, binding IP and MAC addresses through network management monitoring software is simpler and more user-friendly. The specific method can be used by enterprises and institutions according to their own needs.