Solve ARP attacks

From: http://zhidao.baidu.com/question/50940165.html? Fr = qrl

1. Clear ARP cache

You may have used the ARP Instruction Method to Solve the ARP spoofing problem. This method is used to solve the ARP spoofing principle. In general, ARP spoofing confuses network devices by sending ARP packets corresponding to a false MAC address and IP address. It replaces the correct correspondence with a false or incorrect MAC address and IP address. For some preliminary ARP spoofing, you can use ARP commands to clear the ARP cache correspondence of the local machine, so that the network device can obtain the correct correspondence from the network. The specific solution process is as follows:

Step 1: click "start"-> "run" in the taskbar on the desktop, Enter cmd, and press enter to enter the command line mode of CMD (black background;

Step 2: In command line mode, enter the ARP-a command to view the information about the correspondence between IP addresses and MAC addresses stored in the local ARP cache;

Step 3: run the ARP-D command to clear the ARP cache information stored in the local system, so that the wrong ARP cache information is deleted, the local machine will obtain the correct ARP information from the network again to achieve mutual access and normal internet access between machines in the LAN. If an attack is performed using ARP spoofing, the above method can be used completely. But if it is infected with the ARP spoofing virus, the virus will automatically send ARP spoofing packets at intervals, then the method of clearing the ARP cache will be powerless. Next we will receive another method that can solve the problem of ARP spoofing virus infection.

2. Specify the ARP correspondence

In fact, this method forces the ARP ing to be specified. The vast majority of ARP spoofing viruses attack the gateway's MAC address, causing information disorder on the gateway device stored in the ARP cache on the local machine, in this way, when the machine needs to send data packets to the gateway over the Internet, it will fail due to address errors, resulting in the computer being unable to access the Internet.

Step 1: assume that the MAC address of the gateway address is 00-14-78-a7-77-5c and the corresponding IP address is 192.168.2.1. The specified ARP ing refers to these addresses. On a virus-infected machine, click "start"> "run" on the desktop> taskbar, Enter cmd, and press enter to enter the CMD command line mode;

Step 2: Use the ARP-s command to add an ARP Address ing relationship, for example, the ARP-s 192.168.2.1 00-14-78-a7-77-5c command. In this way, the IP address of the gateway address is bound to the correct MAC address, and the network connection of the local machine is restored to normal;

Step 3: When you restart the computer, all ARP cache information is cleared. Therefore, we should write the ARP static address add command to a batch processing file (such as BAT), and then put the file into the system startup Item. When the program is loaded as the system starts, it can avoid the loss of ARP static ing information.

3. Add route information to cope with ARP spoofing:

Generally, ARP spoofing targets gateways. can we solve this problem by adding a route to the local machine. As long as a route is added, the route can be used to access the Internet, and it will not be disturbed by ARP spoofing packets.

Step 1: click "start"-> "run" in the taskbar on the desktop, Enter cmd, and press enter to enter the CMD (black background) command line mode;

Step 2: manually add a route. The detailed command is as follows: Delete the default route: Route Delete 0.0.0.0; add a route:

Route add-P 0.0.0.0 mask 0.0.0.0 192.168.1.254 metric 1; confirm the modification:

Route change this method is suitable for fixed gateways. If you change the gateway in the future, you need to change the routing configurations of all clients.

4. install anti-virus software:

Install anti-virus software and upgrade it in a timely manner. Additionally, you are advised to use the anti-virus software of the online version for qualified enterprises.
References: http://www.janmeng.com/html/22/n-4022.html