Summary of several methods to prevent ARP attacks in Windows

I think many of my friends have encountered ARP attacks, which may result in a large increase in traffic or the failure of the website computer. I will summarize the common methods to solve ARP attacks, for more information, see.

Method 1: Permission file setting

I. Conventional Methods:

Start -- run, enter "regedit", Press enter, go to "Registry -- search", enter "AntiARP", and delete the "AntiARP" registry information one by one.
Ii. unconventional methods (access the system through "safe mode", disable network connection, and unplug the network cable ):

According to ARP attack principle: Delete the npptools. dll file in the calling system. If you delete the DLL file, rename it npptools. DLL.

Attack prevention file: C:/WINDOWS/system32/npptools. dll

Solution: Create an empty text document, rename it npptools. dll, and copy it to the system32 folder to overwrite the original npptools. dll. If file protection is not disabled, disable it first. Then override npptools. dll in system32/dllcache, change their attributes to read-only and hidden, and then remove their everyone permissions!

Npptools. after changing the properties of the dll file to read-only and hidden, remove their everyone permissions. The virus cannot be replaced or used, and arp won't work, to prevent ARP attacks.

If drive C is in the NTFS partition format, all permissions are removed. If drive C is in the FAT format, read-only access is required.

Method 2 gateway binding method

1. After a remote connection is successfully established after the operating system is pre-installed, you can find that there is a shell arpfirewall on the desktop. Installing the firewall is a very effective method. We recommend that you install it immediately.

2. You can use the CMD command to bind the gateway.

Start → run → Enter CMD and then enterArp-Dynamic "dynamic"

Next, enterArp-sBind a gateway

Finally, let's check whether the binding status has changed to static "static"

When a gateway is bound to a computer, no ARP spoofing attack is received, and messages are sent to the IP address/MAC address of the forged gateway.

Modify the Mac address of the NIC in Windows 7 to defend against ARP attacks.

Step 1: Establish a dial-up connection

Create a new broadband connection (Start> Control Panel> network and Internet> View network status and tasks> set a new connection or network> connect to the Internet> next step ), the name I created here is "Broadband connection 2", and then find the option in the property, and remove the progress and prompt name in the connection, and the check mark before the password and certificate, OK.

Step 2: Modify the Registry

Then, Win + R (bring up the running dialog box), we enter regedit, OK, so that the Registry is opened. After the registry is opened, find HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run and create a new string key in the window on the right. Double-click this key and enter the key value c: \ Windows \ System32 \ rasphone-d "Broadband connection 2" (Note: The name of my broadband connection is "Broadband connection 2". Enter the name of your broadband connection here ), in this way, you can enter msconfig in the run to find the startup Item to see if a Windows Startup item is added, and its command is our c: \ Windows \ System32 \ rasphone-d "Broadband connection 2"

Finally, let's summarize the prevention methods.

1) virus Source: processes the machine at the virus source, and removes viruses or reinstalls the system.

(2) The Internet cafe administrator checks the LAN virus and installs anti-virus software.

(3) Install patches for the system.

(4) set a complex and strong password for the system administrator account.

(5) update anti-virus software frequently and install and use network firewall software.

(6) disable unnecessary services. If conditions permit, disable unnecessary sharing, such as C $ and D $. A single-host user can also directly disable the Server service.

(7) we recommend that you do not click the link information sent from QQ, MSN, or other chat tools to avoid virus spreading.

Personal meaning

In fact, we can directly solve this problem by installing a 360 software on the computer, because 360 has built-in anti-arp attack software.