Local ARP virus detection methods and tools

Source: Internet
Author: User

ARp attacks are so crazy that servers are vulnerable to high-traffic arp attacks every day.

Virus attack symptoms: The computer network connection is normal, the machine in the building can be pinged, but the gateway cannot be pinged, the webpage cannot be opened; or the trojan program (virus) due to ARP Spoofing) A large number of data packets are sent during the attack, resulting in unstable network operation, frequent network disconnection, frequent errors in IE browsers, and faults in some common software.

Cause of network interruption: when a host in the LAN is infected with the ARP virus, it will send ARP spoofing attacks to all hosts in the local LAN (a certain network segment, such as 172.16.24.0, change the original traffic to the network center to the virus host and use the virus host proxy to access the Internet. Because the client has the proxy protection function, the victim cannot access the Internet through the virus host.

When a large number of data packets are sent during a virus attack, the network will be congested, and you will feel that the Internet access speed is getting slower and slower. The same is true for poisoned people. Due to the limitation of their processing capabilities, when they feel slow, they may take restart or other measures. At this time, the virus stops working for a short time and you will feel that the network is back to normal. Such repetition causes network interruption.

Fault Diagnosis Method: If you find the above suspected situations, you can perform the following operations for diagnosis: click "start", select "run", enter "arp-d", click "OK", and try accessing the Internet again, if it returns to normal, it indicates that the disconnection may be caused by ARP spoofing. (The "arp-d" command is used to clear and recreate the local arp table and cannot defend against ARP spoofing. ARP attacks may occur again after being executed.

This network detection tool: download and run the AntiArp program. Enter the gateway IP address of this segment, click "Get gateway MAC address", check that the gateway IP address and MAC address are correct, and then click "automatic protection ". If you do not know the IP address of the gateway, you can obtain it through the following operations: click "start" and select "run". Enter "cmd" and click "OK". Enter "ipconfig" and press Enter, the IP address after "Default Gateway" is the Gateway address. The antivirus software displays the MAC address of the virus host in the prompt box.

Local killing tool: download and run the TSC. EXE program. During the running process, do not keep it running until it is automatically disabled. Check the report document to check whether it is poisoned. If it is poisoned, we recommend that you reinstall the operating system.


 

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.