Summary of several methods of Windows system anti-ARP attack

Source: Internet
Author: User
Tags safe mode

Prevent ARP attack method one set permission file method

First, the normal way:

Start--run, enter "regedit", return, enter "Antiarp" by "Registry-lookup", one to delete "Antiarp" registry information.
Second, unconventional way (through "Safe Mode" into the system, shut down the network connection, unplug the cable):

According to ARP attack principle: Delete the Npptools.dll file in the calling system. If you delete this DLL file, then arbitrarily get a DLL renamed Npptools.dll can be.

Anti-attack files: C:/windows/system32/npptools.dll

Processing method: Create an empty text document, renamed to Npptools.dll and then copy it to the System32 folder, overwriting the original Npptools.dll, if the file protection is not turned off first. Then the System32/dllcache in the Npptools.dll also covered, and then their properties to read-only, hidden, and finally their everyone permissions are removed, you can!

Npptools.dll file properties to read-only, hidden, and then their everyone's permission to remove, the virus can not be replaced can not use it, ARP will not work, so as to prevent the purpose of ARP.

If C disk is an NTFS partition format, the permissions are removed, if it is fat format read-only can be

Two-gateway binding method for preventing ARP attacks

1. After the successful installation of the operating system after the remote connection, you can find that there is a shell ARP firewall on the desktop, the installation of firewalls is a very effective way to recommend users to install the first time

2. The gateway can be bound using the cmd command.

In the beginning → run → input cmd first input arp-a as shown dynamic "dynamics"

Next we enter Arp-s to bind the gateway as shown

Finally, let's see if the binding state has changed to static.

When you do a binding gateway on your computer, you will not receive ARP spoofing attacks, sending messages to the Ip/mac of a spoofed gateway


Windows 7 Modify the network card MAC address, you can easily defend against ARP attacks

First step: Establish a dial-up connection

Let's create a new broadband connection (Start-> Control Panel-> Network and internet-> View network status and tasks) set up a new connection or network-> connect to internet-> the next step is to do it. I've built a "broadband connection 2" here. , and then find the option in the attribute, put the link inside the show progress and prompt name, password and certificate before the check mark are removed, OK.

Step Two: Modify the registration Form

Then, Win+r (Bring up the Run dialog), we enter regedit, OK, so that we open the registry, the registry opens, find Hkey_local_ Machine\software\microsoft\windows\currentversion\run then in the right window to create a new string key, the name of any, double-click this key to enter the key value of C: \windows\system32\rasphone-d "Broadband Connection 2" (Note: My broadband connection is called "Broadband Connection 2", here to enter the name of your broadband connection), So you can enter Msconfig in the run to find the startup item and see if you've added a Windows startup entry, and it's our c:\Windows\System32\rasphone-d "Broadband Connection 2" in its command.

Finally, to summarize the prevention method

1 virus source, to the virus source of the machine processing, anti-virus or reload system.

(2) Internet café administrators check LAN virus, install anti-virus software.

(3) Install patches to the system.

(4) Set up a strong enough complex password for the system administrator account.

(5) Often update anti-virus software, installation and use of network firewall software.

(6) Close some unwanted services, the conditions allowed to close some unnecessary sharing, also includes C $, d$ and other management shares. Completely stand-alone users can also directly shut down the server service

(7) suggest that users do not casually click on open QQ, MSN and other chat tools sent on the link information to avoid the spread of the virus.


Personal Build Justice

In fact, we can install a 360 software on the computer can directly solve this problem oh, because 360 built-in anti-ARP attack software Oh.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.