How to prevent unauthorized modification of network IP addresses

Source: Internet
Author: User

After the TCP/IP parameters of the workstations in the LAN are modified at will, it is easy to cause IP address conflicts, which will bring great trouble to the management work. Is there any way to protect your network from unauthorized IP address modification?
In fact, it is very simple. You only need to refer to the following steps to easily avoid the trouble of illegal IP address modification!

Registry Settings

First, you need to hide the "Network Neighbor" icon on the desktop, so that others cannot enter the TCP/IP Parameter Setting interface through the "Network Neighbor" attribute window. Expand the subkeys "HKEY_CURRENT_USER", "Software", "Microsoft", "Windows", "CurrentVersion", "related ies", and "Explorer" in the registry editing window in sequence, then, under the "Explorer" sub-key, create a double byte value named "NoNetHood" and set it to "1.


Then, hide the "network" icon in the control panel window, and others cannot open the TCP/IP Parameter Setting interface. As long as you open "WindowsSys_tem (remove" _ ") etcpl. cpl file, and then enter a line at [don "t load], such as" netcpl. cpl = no. After saving the code again, the "network" icon disappears from the control panel window.

At this point, all the ways to change the IP address are "disconnected", so that other people can do nothing even if they want to modify the IP address. Of course, this method can only be used by cainiao netizens. For "Prawn" Netizens, it is almost the ears of the deaf. Because once a netizen finds "netcpl. the cpl file still has a way to restore the "network" or "Network Neighbor" icon. Therefore, you still need to do the following to truly cut off the "IP address modification channel:

Expand the "HKEY_CURRENT_USER", "Software", "Microsoft", "Windows", "CurrentVersion", "Policies", and "Network" subkeys in the Registry in sequence, create a dual-byte value named "NoNetSetup" under the "Network" subkey and set it to "1". Then, if you want to open the "Network Neighbor" or "network" attribute window, you will receive a prompt that you are not authorized to access the window.

After the TCP/IP parameters of the workstations in the LAN are modified at will, it is easy to cause IP address conflicts, which will bring great trouble to the management work. Is there any way to protect your network from unauthorized IP address modification?

In fact, it is very simple. You only need to refer to the following steps to easily avoid the trouble of illegal IP address modification!

Registry Settings

First, you need to hide the "Network Neighbor" icon on the desktop, so that others cannot enter the TCP/IP Parameter Setting interface through the "Network Neighbor" attribute window. Expand the subkeys "HKEY_CURRENT_USER", "Software", "Microsoft", "Windows", "CurrentVersion", "related ies", and "Explorer" in the registry editing window in sequence, then, under the "Explorer" sub-key, create a double byte value named "NoNetHood" and set it to "1.


Then, hide the "network" icon in the control panel window, and others cannot open the TCP/IP Parameter Setting interface. As long as you open "WindowsSys_tem (remove" _ ") etcpl. cpl file, and then enter a line at [don "t load], such as" netcpl. cpl = no. After saving the code again, the "network" icon disappears from the control panel window.

At this point, all the ways to change the IP address are "disconnected", so that other people can do nothing even if they want to modify the IP address. Of course, this method can only be used by cainiao netizens. For "Prawn" Netizens, it is almost the ears of the deaf. Because once a netizen finds "netcpl. the cpl file still has a way to restore the "network" or "Network Neighbor" icon. Therefore, you still need to do the following to truly cut off the "IP address modification channel:

Expand the "HKEY_CURRENT_USER", "Software", "Microsoft", "Windows", "CurrentVersion", "Policies", and "Network" subkeys in the Registry in sequence, create a dual-byte value named "NoNetSetup" under the "Network" subkey and set it to "1". Then, if you want to open the "Network Neighbor" or "network" attribute window, you will receive a prompt that you are not authorized to access the window.

Address binding method

In addition to disabling others from illegally modifying IP addresses by cutting off the "channel" for IP address modification, you can also directly restrict the specified IP address so that others can modify the IP address even if they do not, and cannot connect to the network. You can use the address binding method to restrict IP addresses:

First, switch the system to the doscommand line status and run the "ipconfig/all" command. In the displayed window, record the MAC address and IP address of the NIC;

Next, on the proxy server, bind the specified IP address with the corresponding MAC address. Even if someone modifies the IP address on your computer, the proxy server will fail, network connection. For example, when binding an IP address, you can run the "arp-s 10.168.160.10 00-30-6E-36-5A-EF" command in the doscommand line, you can bind the static IP Address "10.168.160.10" with the nic mac address "00-30-6E-36-5A-EF.

In a LAN, workstations that use proxy servers to access the Internet can use the preceding method to restrict the modification of static IP addresses. If you need to "Unbind" the IP address in the future, you only need to run the "arp-d 10.168.160.10 00-30-6E-36-5A-EF" command.

If your LAN uses a layer-3 Switch to connect to each workstation, you only need to restrict the IP address at each switch port so that others can modify the IP address even if the IP address is changed, you cannot access the Internet through a vswitch.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.