Shulou(Shulou.com)06/01 Report--

This article will explain in detail how to make the Linux system effectively defend against ARP attacks. The editor thinks it is very practical, so I share it with you as a reference. I hope you can get something after reading this article.

The method of solving ARP attack under linux

I use fedora core 6, I first hang up several image files, search with the keyword arp, and find arptables, and arpwatcher is first of all arpwatcher, it seems that it can only monitor the local ip/arp address change and so on, it does not seem to prevent arp attacks. When I looked at arptables, I immediately thought of iptables. When I installed it, sure enough, the command line was exactly the same. But here's the problem: it's easy to keep this machine free from arp attacks (just bind it with static arp), but other people's gateways will still be attacked, we are not network administrators, and I can only "watch from afar but not play with them"!

When the road was blocked, we changed our way, and arping caught my eye. When I returned to shell, I found that la had been installed:

"arping-send ARP REQUEST to a neighbour host" arping [- AbDfhqUV] [- c count] [- w deadline] [- s source]-I interface destination-U Unsolicited ARP mode to update neighbours' ARP caches. No replies are expected.

Key commands:

Arping-U-I network card interface for sending packets-s source ip destination ip

Example:

Suppose the ip corresponding to your eth0 interface is 192.168.1.1 and the gateway is 192.168.1.255, you can use it.

Arping-U-I eth0-s 192.168.1.1 192.168.1.255

Method two

Administrator user login, open terminal input

1. # arp-a > / etc/ethers

Import ip and mac addresses into ethers

2 、 # vi / etc/ethers

To edit the file format, the contents of the ethers file must be deleted as follows and changed to the form ip mac

192.168.1.X XX:XX:XX:XX:XX

192.168.1.X XX:XX:XX:XX:XX

...

/ / notice that mac capitalizes, and there is no O, only zero, ip and mac spaces

3. # vi / etc/rc.d/rc.local / / Open and display / etc/rc.d/rc.local file, startup item file

# I / / Edit

/ / execute arp-f at startup to bind according to the content in / etc/ethers

Add the last line to the / etc/rc.d/rc/local file

Arp-f

ESC exits editing

: wq / / Save edits

4. # arp-f / / execute the saved binding

(gateway mac is not included in ethers, otherwise an error will be reported)

This can only prevent some arp attacks. If all the ip mac in the network is imported into the ethers file, it can effectively prevent arp attacks.

1. Nmap-sP 192.168.11.0 Universe 24

Scan, it turns out that my arp table contains the mac of all the machines in that network segment, and copy all the information to the / etc/ethers file.

2, 3, 4 ditto

This is the end of the article on "how to make the Linux system defend against ARP attacks effectively". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, please share it out for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.