Use the Look & amp; #39; N & amp; #39; Stop (LNS) firewall to prevent ARP attacks

This article is from the caifan forum. We do not have an account for this forum. If anyone has an account, please send it to 2cto.com # gmail.com. Thank you very much.

 

Known as the world's top firewall! In the test of a well-known firewall testing website outside China, it has surpassed the famous firewalls such as kaspersky, Kerio, ZoneAlarm, and Norton! Its installer only has more than 600 k, and the program memory usage is less than 2 MB, but its function is super powerful!

Cyber law enforcement officers and network Terminators use ARP spoofing (declaring themselves as gateways through broadcast) to control the Network Connections of other computers in the LAN.
The ARP protocol is used to resolve the correspondence between IP addresses and MAC addresses. Therefore, the following methods can be used to resist the control of cyber law enforcement officers.

The method is as follows:
①. Add a new rule, select "ARP" for "Ethernet: Type", select "Incoming" for "direction", and in the "Source" Area -- "Ethernet: address "--" equal "--" Gateway MAC address "; in the" target "Area --" Ethernet: Address "--" equal "--" Local MAC address ", other options are not modified. Save and allow this rule. See Figure 17.

②. Add a new rule, select "ARP" for "Ethernet: Type", select "outgoing" for "direction", and select "Ethernet: address "--" equal "--" MAC address of the Local Machine "; in the" target "Area --" Ethernet: Address "--" equal "--" FF: FF: FF ". Other options are not modified. Save and allow this rule. See Figure 18.

③. There is an "ARP: Authorize all ARP packets" rule in "Internet filtering", which marks the prohibition before this rule.

At this time, you cannot communicate with any other machine in the LAN. If you want to communicate, add the rule as ① and change "direction" to "two-way ", change "Gateway MAC address" to "trusted machine MAC address ". Every time you trust a machine, add a similar rule.

After completing the preceding settings, ARP spoofing can be successfully prevented. In addition, the two newly added rules can be placed at any position above the last and second rows of the rule table. When ARP attacks are frequent, we recommend that you put them at the top of the rule table.