How to deal with ARP spoofing attacks

My biggest concern as a company network administrator is the Internet access to employees' computers or servers. After all, many applications and services are built on network connectivity. Network Attacks are also the main cause of network connection interruption. Recently, ARP spoofing attacks are the most difficult problem to solve. Many network administrators have encountered this fault. Illegal computers use ARP (Address Resolution Protocol) spoofing tools prevent other computers from accessing the internet. computers infected with viruses will also unconsciously send ARP spoofing packets to disrupt the ARP Address List in the network system. How should our network administrators cope with ARP spoofing attacks? ARP spoofing attacks are classified. Some of them are good solutions and some are difficult to solve. Is there a series of methods to completely solve all spoofing attacks? Today, we will introduce the solution to ARP spoofing.

Clear ARP cache:

Many readers may have used the ARP Instruction Method to Solve the ARP spoofing problem. This method is based on the ARP spoofing principle. In general, ARP spoofing confuses network devices by sending ARP packets corresponding to a false MAC address and IP address. It replaces the correct relationship with a false or wrong MAC address.

For some preliminary ARP spoofing, we can use commands to clear the ARP cache correspondence of the local machine, so that network devices can obtain the correct correspondence from the network. The solution is as follows.

Step 1: Go to "start"> "run" in the taskbar, Enter CMD, and press enter to enter the command line mode.

Step 2: In command line mode, enter the arp-a command to view the ARP cache information stored on the current computer in the local system.

Step 3: run the arp-d command to clear and delete the ARP cache information stored on the local computer, so that the wrong cache information is ignored, the local computer will obtain the correct ARP information from the network again, so that the Internet can be accessed normally.

Although this method can ensure that your computer has recovered from network disconnection to normal internet access, if ARP spoofing packets still exist in the network, your computer will not be able to access the Internet for a long time. Therefore, this method can only temporarily solve the problem and cannot completely break through ARP spoofing for a long time. However, for those attacks that use ARP spoofing tools, this method is a manual attack, therefore, it is impossible to automatically send ARP spoofing packets at intervals like ARP spoofing viruses. Therefore, clearing the ARP cache can solve the problems caused by ARP spoofing.

Specify the ARP correspondence method:

As mentioned above, for the ARP spoofing Fault Caused by ARP spoofing virus, the method described above will not help, and it may take only one minute to restore to normal, then, the system will fail to access the Internet due to an ARP cache error. In this case, we need to force ARP ing. Most ARP spoofing attacks target the gateway's MAC address, which causes information of the gateway device in the ARP cache relationship on the local computer to be disordered, in this way, when the machine needs to send data packets to the gateway over the Internet, it will fail due to address errors, and thus cannot access the Internet.

Step 1: assume that the MAC address of the gateway address is 11-11-11-11-11-11, and the corresponding IP address is 192.168.1.254. Then we specify the ARP correspondence for these addresses. On the computer to avoid ARP spoofing, choose Start> run in the taskbar. Enter CMD and press enter to enter the command line mode.

Step 2: Use the arp-s command to add an ARP Address ing relationship, for example, the arp-s 192.168.1.254 11-11-11-11-11 command. In this way, we bind the IP address of the gateway address to the correct MAC address. This computer will no longer affect the normal gateway address information due to errors and false ARP spoofing packets, the network connection can also be completed smoothly. (1)

560) this. style. width = 560; "border = 1 v: shapes =" _ x1__i1025 "oldsrc =" w02006102020.897012.jpg ">

Step 3: run the ARP-A command to view the ARP cache information table of the local computer, the TYPE field in the cache table is displayed as static, indicating that the corresponding field is the added static ing. (2)

560) this. style. width = 560; "border = 1 v: shapes =" _ x1__i1026 "oldsrc =" w02006102020.907291.jpg ">

By adding a static ARP ing, computers can no longer be bullied by ARP.