What is ARP? How can we prevent ARP spoofing?

Bytes.

 

What is ARP?
ARP (Address Resolution Protocol) is a low-level protocol located in the TCP/IP protocol stack. It is responsible for resolving an IP address into a corresponding MAC address.

What is ARP spoofing?
From the perspective of Affecting Network Connection smoothness, there are two types of ARP spoofing: one is spoofing on the ARP table of the router, and the other is spoofing on the gateway of the Intranet PC.
The first principle of ARP spoofing is to intercept gateway data. It notifies the vro of a series of incorrect Intranet MAC addresses and keeps running at a certain frequency, so that the real address information cannot be updated and saved in the vro, as a result, all the data of the router can only be sent to the wrong MAC address, so that the normal PC cannot receive the information. The second principle of ARP spoofing is to forge a gateway. The principle is to establish a false gateway to send data to a spoofed PC, rather than accessing the Internet through a normal router. In the PC's view, the network cannot be connected, and the network is disconnected ".

 

What are the principles of ARP attacks? (If you do not understand the above, start here)
Is your network frequently disconnected and frequent IP conflict?

Are you worried about the monitoring of communication data (such as MSN, QQ, and email )?

Do your servers often suffer from ARP spoofing and hackers implant Trojans?

Are you suffering from various ARP attack software (such as network law enforcement officers, network scissors, and local network Terminator )?

The root cause of these problems is ARP spoofing ). Before ARP spoofing, the data flow is like this: Gateway <-> local machine. After ARP spoofing, the data flow is like this: Gateway <-> attacker ("Network Administrator") <-> local, all the communication data between the local machine and the gateway will flow through the attacker ("Network Management"), so it is inevitable to "let everyone cut.
Solution

General Process

1. ensure the normal operation of the Network

Method 1: edit a ***. BAT file as follows:

 

Arp.exe s **. ** (gateway IP) ************* (Gateway MAC address) End

Let the network user click it!

 

Method 2: edit a registry. The key value is as follows:

 

Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE/software/Microsoft/Windows/CurrentVersion/run] "Mac" = "ARP s gateway IP address gateway MAC address"

Save it as the reg file and click Import Registry on each client.

2. Find the machine infected with ARP Virus

A. Ping the IP address of the gateway on the computer and run the ARP-a command to check whether the MAC address of the gateway is consistent with the actual situation. If not, you can find the computer corresponding to the MAC address.

B. Use the packet capture tool to analyze the obtained ARP datagram. Some ARP viruses direct the path to the gateway to themselves, and some send fake ARP response packets to confuse network communication. The first type of processing is relatively easy, and the second type of processing is relatively difficult. If the antivirus software cannot correctly identify the virus, it is often difficult to manually find the computer infected with the virus and manually process the virus.

C. Using the MAC address scanning tool, nbtscan scans the table corresponding to the IP address and MAC address of the entire network segment to help determine the MAC address and IP address of the ARP virus.

 

Ah ~~~ This virus is so annoying that it affects the computer and the entire network.

What is ARP? How can we prevent ARP spoofing?