Summary of methods to prevent ARP attacks in Linux

I have summarized three methods to prevent ARP attacks in Linux: directly binding the gateway method, using related software such as Libnet and arpoison, and using arptables to prevent arp attacks, finally, I wrote the shell script myself. Let's take a look at it.

Method 1: bind a gateway

Generally, the gateway of the server does not change, and vps also applies.
1. view the current Gateway

[Root @ local @ xiaohuai ~] # Arp-
? (218.65.22.122) at 80: fb: 06: f2: 4a: f4 [ether] on eth0

Run the preceding commands in SSH to check the gateway host name, gateway IP address, Gateway MAC address, and corresponding Nic.

2. Bind a gateway MAC
1) Bind

[Root @ local @ xiaohuai ~] # Echo "218.65.22.122 80: fb: 06: f2: 4a: f4">/etc/safe

# Modify the ip address and mac address based on the actual situation. Format: gateway IP (Space) MAC address
2) activate it to take effect

[Root @ local @ xiaohuai ~] # Arp-f/etc/safe

Use SSH to execute the preceding command to make it take effect.

Iii. Check for effectiveness

[Root @ local @ xiaohuai ~] # Arp-
? (218.65.22.122) at 80: fb: 06: f2: 4a: f4 [ether] PERM on eth0

Run the arp-a command again. For example, if the end of a sentence contains one more: PERM, the manual binding takes effect.

Method 2: use the software Libnet and arpoison

Backup Software

Libnet go to the official website
Arpoison goes to the official website

Installation Method (FC is successfully installed. For other releases, refer ):

Install libnet first
Tar-xvzf libnet.tar.gz
Cd libnet
./Configure
Make
Make install

Install arpoison
Tar-xvzf arpoison-0.6.tar.gz
Cd arpoison
Gcc arpoison. c/usr/lib/libnet. a-o arpoison
Mv arpoison/usr/sbin

Usage:

Usage:-I device-d dest_IP-s src_IP-t target_MAC-r src_MAC [-a] [-w time between packets] [-n number to send]

Example:
Arpoison-I eth0-d 172.16.18.254-s 172.16.18.19-t ff: ff-r 00: 11: 09: E8: 78: DD

Explanation:

-I eth0 indicates the interface for sending arp packets eth0
-D 172.16.18.254: Specify the destination ip address as 172.16.18.254.
-S 172.16.18.19: Specify the source ip address as 172.16.18.19.
-T ff: ff indicates that the target mac address is ff: ff (arp broadcast address)
-R 00: 11: 09: E8: C8: ED: Specify the source mac address as 00: 11: 09: E8: C8: ED.

I wrote a small script. According to the notes, I believe that smart users can handle arp attacks in linux:

#! Bash
# ArpDefend. sh
#######
# Yk103 #
#######

# Gateway mac address
GATEWAY_MAC = 00: D0: F8: FF: 4A: 23
# Target mac address
DEST_MAC = ff: ff
# Destination IP address
DEST_IP = 172.16.18.254
# Local Nic Interface
INTERFACE = eth0
# $ INTERFACE mac address
MY_MAC = 00: 11: 09: E8: 78: DD
# $ Interface ip Address
MY_IP = 172.16.18.19

# Create a static IP/mac entry on the local machine $ DEST_IP-$ GATEWAY_MAC
Arp-s $ DEST_IP $ GATEWAY_MAC

# Send arp reply to update $ DEST_IP to $ MY_IP. the mac address of $ MY_IP is $ MY_MAC.
Arpoison-I $ INTERFACE-d $ DEST_IP-s $ MY_IP-t $ DEST_MAC-r $ MY_MAC 1>/dev/null &

Method 3: arptables defends against arp attacks

Centos5 installation:

# Http://www.bKjia. c0m
Wget http://superb-sea2.dl.sourceforge.net/project/ebtables/arptables/arptables-v0.0.3/arptables-v0.0.3-4.tar.gz
Tar zxvf arptables-v0.0.3-4.tar.gz
Cd arptables-v0.0.3-4
Make
Make install

Arptables rule settings:

Arptables-F
Arptables-P INPUT ACCEPT
# Default policy
Arptables-a input -- src-ip 192.168.1.1 -- src-mac 7A: 31: 14: 42: 10: 01-j ACCEPT
# Allow access to a specific MAC address in this segment, and the IP address matches the MAC address
Arptables-a input -- src-mac! 74: 8E: F8: 53: DC: C0-j DROP
# Reject non-Gateway MAC
Arptables-a input -- src-ip! 192.168.1.1-j DROP
# Reject non-gateway IP addresses

Save the rule and load it at boot:

Iptables-save>/etc/sysconfig/arptables
/Etc/init. d/arptables save
Chkconfig arptables on

An error occurs when the rules are saved and reloaded. The-o any field in the following file is removed.

/Etc/sysconfig/arptables

Method 4: shell scripts against arp attacks

The Code is as follows:

Copy code

#! /Bin/bash Declare gw = 'route-n | grep-e' ^ 0.0.0.0'' Declare gwname = 'echo $ gw | grep-oe 'w * $'' Declare gwip = 'echo $ gw | grep-oe '[0-9] {2, 3 }. [0-9] {1, 3 }. [0-9] {1, 3 }. [0-9] {1, 3 }'' Declare gwmac = 'Arp-n | grep-e $ gwip | grep-oe '[0-9A-F] {2}: [0-9A-F] {2}: [0-9A-F] {2 }: [0-9A- F] {2}: [0-9A-F] {2}: [0-9A-F] {2 }'' Echo "switch $ gwname arp: $ gwip-$ gwmac to static" Arp-s $ gwip $ gwmac Echo "done, off arp reuqest .." Ifconfig $ gwname-arp Echo "all done ."