Shulou(Shulou.com)06/01 Report--

This article mainly explains "what ARP", interested friends may wish to have a look. The method introduced in this paper is simple, fast and practical. Let's let Xiaobian take you to learn "what ARP"!

1. Description of ARP spoofing

Recently, a lot of Internet cafes encounter a kind of virus, resulting in frequent Internet cafes disconnected, specific reasons, because some plug-in and application programs carry a virus that can be ARP deception. ARP spoofing is actually not a new thing, a lot of old Internet bar tools, such as network law enforcement officers, etc., is to use ARP attacks to cause the Internet bar as a whole or part of the machine dropped.

ARP is a bridge between IP layer and data link layer, and its function is to query the physical address (MAC address) of the network card corresponding to a given IP address. Although we usually communicate with machines on the network, we usually give each other's IP address. It seems that we communicate with each other through IP addresses. As long as we know each other's IP addresses, we can communicate with each other. In fact, IP is a high-level protocol. In fact, the connection between computers still depends on the electrical signal or optical signal at the lower level, or it needs to be connected and communicated at the medium level. The address used to identify the data link is the MAC address. MAC address is the network card in the factory when burned in the chip of the network card, theoretically speaking, this address is unique in the world. Of course, this address can also be changed through the program.

When we need to communicate with an IP address, the local operating system will determine whether the target address and itself are in the same IP network according to the set IP address and subnet mask. If they are in the same IP network, the operating system will query the MAC address of the peer through the IP address of the target address, and then establish a connection with the peer at the data link layer. If the destination address is not in the same IP network as itself, the opportunity queries the MAC address of the gateway and establishes a connection with the gateway at the data link layer. The kernel module that resolves MAC addresses through IP addresses is ARP(Address Resolution Protocol).

And cause Internet bar to drop the virus of the line frequently at present, its principle undertook interference and deception to normal ARP desorption job namely. On the one hand, it deceives the gateway and confuses the MAC address and IP address correspondence on the gateway, so that the gateway cannot establish a correct data link layer connection with the workstation, and the TCP/UDP connection relying on the data link layer cannot be carried out normally. On the other hand, it deceives the client by tampering with the MAC address of the gateway on the client, which will cause the workstation to fail to establish contact with the gateway correctly at the data link layer and lose the connection with the external network.

Because ARP does not validate and confirm when it works, Windows operating systems will update their ARP cache table as soon as they receive ARP REPLY information. The data link layer protocol itself lacks security mechanisms, so ARP spoofing is difficult to defend, especially in the Internet cafe environment, the lack of better network equipment. Shengtian network emergency developed anti-ARP spoofing program is only an emergency version, can effectively defend against gateway and client ARP spoofing, not only can deal with the current virus ARP attacks, but also can effectively defend against the use of tools that ARP attacks.

Second, Shengtian network ARP spoofing protection program client program BMacclient.exe use method

1. Download the BMacclient.exe program on one of the workstations in the Internet cafe and double-click to run it;

2. After BMacclient.exe runs, it will be hidden directly to the system tray. Please right-click on the tray icon-> Settings;

At this time, a setting window will pop up. Fill in the description in the Remarks column, such as Gateway. This option is not required;

Fill in the gateway IP in the IP address column. Generally, we only need to bind the gateway.

After filling in the gateway IP, point to resolve the MAC address. The program will automatically resolve the MAC address of the gateway;

After filling it out, click Add directly, then Save and Exit.

3. Put the BMacclient.exe file into a directory on the movie server that can be accessed normally by all the clients below, and then add a boot update item to the system maintenance module of the online entertainment platform, and set each workstation to copy the BMacclient.exe tool locally.

4. In the system maintenance module, add a boot startup item at the same time, and set each workstation to start the BMacclient.exe program.

5. Enter the system maintenance module of the entertainment platform and perform a parameter upload operation, so that the parameters just set can be updated to each workstation. The BMacclient.exe program on other workstations does not need to be configured repeatedly.

6, other workstations, only need to restart once, you can automatically download the BMacclient.exe program, and automatically run the protection program according to the parameters you set. Third, Shengtian network ARP spoofing protection program gateway (server) side program BmacForGetway.exe use method

Because viruses attack gateways as well as clients, it is not enough to protect clients. Gateways must also be protected against ARP spoofing. If the gateway of Internet cafe is using Windows operating system, you can run BmacForGetway.exe program. If it is Linux operating system, you can use the function of static binding of MAC address of linux itself, and you can conveniently collect MAC address information of the whole network through BmacForGetway.exe program. How to Use BmacForGetway.exe Program on Windows Class Gateway

1. Download the BmacForGetway.exe program on the gateway. Double-click to run;

2. After BmacForGetway.exe runs, it will be hidden directly in the system tray. Please right-click on the tray icon-> Settings;

At this time, a settings window will pop up. The window is divided into two parts as a whole: the binding settings window on the left and the MAC address scanning tool window on the right. First of all, we need to scan the MAC address of the whole network. Please enter the range of your IP address first. For example, if you use the address field 192.168.1.0/255.255.0, enter 192.168.1 in the first window and set it from 1 to 254. The MAC address of the entire network will soon be scanned. Repeat this step if there are multiple segments; currently only one Class C segment address can be scanned at a time.

3. After scanning out the MAC address of the whole network, point in the middle "

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.