View how a Broadband Router solves the ARP virus in Internet cafes

At present, there are a lot of broadband routers, so I have studied how the Broadband Router solves the ARP virus in Internet cafes. I would like to share with you here, hoping to help you. In a LAN, IP addresses must be converted to Layer 2 Physical addresses (MAC addresses) through ARP before communication ). ARP is of great significance to network security. ARP spoofing by forging IP addresses and MAC addresses poses a severe challenge to normal network transmission and security.

From the perspective of affecting the smooth network connection, ARP spoofing can be two types of attacks: one is spoofing the ARP table of the Broadband Router, and the other is spoofing the ARP table of the Intranet computer, of course, two types of attacks may also be carried out at the same time. If you don't manage it, the data sent between the computer and the Broadband Router may be sent to the wrong MAC address after spoofing transmission. On the surface, it means that the network cannot be accessed ", "cannot access the Broadband Router" and "the Broadband Router is dead". As soon as the Broadband Router is restarted, the ARP table will be rebuilt. If the ARP attack does not always exist, the network will be normal, therefore, the Internet cafe owner will be more certain that the Broadband Router is "dead", rather than thinking of other reasons. To this end, the Broadband Router carries a lot of "black box", but in fact it should be the ARP Protocol itself. Well, let's not talk about anything else. Let's take a look at how to prevent ARP spoofing.

As we have already said above, there are two ways of deception: spoofing the ARP table of the Broadband Router and spoofing the ARP of the computer. Of course, our protection is also two aspects. First, we should set it on the Broadband Router, to prevent the ARP table of the Broadband Router from being modified by malicious ARP packets. Secondly, we will also perform settings on the computer to prevent the ARP table from being maliciously changed. Both settings are required. Otherwise, if you only set the anti-ARP spoofing function of the Broadband Router and do not set the computer, data packets will not be sent to the Broadband Router after the computer is cheated, it is sent to a wrong place. Of course, you cannot access the Internet or access the Broadband Router.

I. Preparations before configuration

When the anti-ARP spoofing IP address and MAC binding function are used, it is best not to use a dynamic IP address, because the computer can obtain a different IP address from the IP address and MAC binding entry, and the Internet will not be available at this time, use the following steps to avoid this situation.

1. disable the DHCP function of the Broadband Router: Open the Broadband Router management interface, choose "DHCP server"> "DHCP service", and change the status from "enabled" to "disabled" by default ", save and restart the Broadband Router.

2. Manually specify IP addresses, gateways, and DNS server addresses for your computer. If you are not clear about the local DNS address, consult your network service provider.

2. Set a Broadband Router to prevent ARP Spoofing

Open the WEB configuration interface of the noob Broadband Router> network security-in the LAN, the IP address must be converted to the second physical address (MAC address) through the ARP Protocol before communication ). ARP is of great significance to network security. ARP spoofing by forging IP addresses and MAC addresses poses a severe challenge to normal network transmission and security.

As we have already said above, there are two ways of deception: spoofing the ARP table of the Broadband Router and spoofing the ARP of the computer. Of course, our protection is also two aspects. First, we should set it on the Broadband Router, to prevent the ARP table of the Broadband Router from being modified by malicious ARP packets. Secondly, we will also perform settings on the computer to prevent the ARP table from being maliciously changed. Both settings are required. Otherwise, if you only set the anti-ARP spoofing function of the Broadband Router and do not set the computer, data packets will not be sent to the Broadband Router after the computer is cheated, it is sent to a wrong place. Of course, you cannot access the Internet or access the Broadband Router.