Solution to ARP spoofing attack 16A. Us

Recently, the local area network is connected to the Internet. Most of the website pages are displayed abnormally. Kabbah prompts "Trojan" when visiting the website.ProgramTrojan-Downloader.JS.Agent.gd file [url] hxxp: // 16A. US /*. JS [/url] ", view the HTML source code, there will be an extra line at the top of all the web pages, initially thought it was our unit of website server was mounted with a Trojan, later, I found that accessing other websites is also a problem, including large websites such as China Construction Bank and it168. So I locked the problem in our local area network and began to find a solution to the problem, all the methods tested have no effect, including:

Chinaz.com

 

1. Modify the hosts file chinaz.com

2. Download the fixed-time software of 360 security guard

Chinaz.com

 

3. Upgrade OS Patches

[Chinese webmaster site]

 

4. Upgrade anti-virus software to the latest virus database.

Chinaz.com

 

This morning, I am unwilling to continue searching for answers in the search engine (and this problem must be solved; otherwise, my colleagues in the Organization are basically half-paralyzed and most websites are abnormal ), inspired by a post, we think 16A. the US virus phenomenon should be an APR virus spoofing attack. Therefore, we searched for the APR virus spoofing attack solution in Baidu. After testing and demonstration, we solved all the problems on the LAN computer, I am afraid to share the solution with others. I hope I can help other colleagues who are anxious to solve this problem! Chinaz.com

The specific steps are as follows (static binding of the gateway's MAC address): [Chinese webmaster station]

Step 2: Close all IE browsers and Enter cmd Mode

[Chinese webmaster site]

 

Step 2: Enter the ARP-a command. You can view the IP address and MAC address of the LAN gateway in the returned results. (check whether the MAC address of the gateway is correct with the network administrator, the MAC address of the Gateway has been modified in the ARP cache of your computer as anti-virus ).Chinaz.com

Step 2: Enter the MAC address of the ARP-s gateway IP address gateway. Remember that the MAC address entered here requires the correct MAC address of the gateway.

[Chinese webmaster site]

 

Step 1: Enter the network attribute. If the IP address is not dynamically obtained, change it to dynamically obtained IP address (if the IP address is already dynamically obtained, then you can fix the network connection again ).

Chinaz.com

 

Step 2: Solve the problem. Open IE and test whether the website with the previous problem is normal now. Chinaz.com

Note:

[Chinese webmaster site]

 

1. We recommend that you write the third step as a batch file and add it to the startup Item. Otherwise, the configuration will be lost after each startup.

Chinaz.com

 

2. If the MAC address of the DNS server is hijacked, the corresponding DNS server Mac binding will be processed.

Chinaz.com

 

3. The above method is only a cure, and there is no cure. We need to work together to find out 16A as soon as possible. US culprit (that is to say, in the LAN computer, there must be a computer that is indeed poisoned or mounted with a Trojan) method