Shulou(Shulou.com)05/31 Report--

What this article shares with you is about what the server temporarily solves the ARP spoofing attack. The editor thinks it is very practical, so I share it with you to learn. I hope you can get something after reading this article.

The simplest explanation for ARP deception:

The normal state:

Your server-- > gateway-- > after many lines-- > arrive at the website visitor's computer.

Status of being attacked:

The malicious person attacks the gateway, disguises his server as a gateway, and asks your server to think of his server as a gateway and connect. Then, embed any code in the data you transmit (web page) and send it to the computer of the website visitor.

The only difference you can find is that the connected mac address is the MAC address of the network card that disguises the gateway, so it is easy to tell. You can use this mac address to inquire with the network administrator, but for a variety of reasons, the computer room network management may not be able to deal with it for you.

Start-> run: arp-a

The gateway IP and its corresponding MAC address can be queried, and the output is similar to the following:

API: 192.168.0.129-0xb

Internet address physical address type

192.168.0.00-23-89-e6-31-c3 dynamic

192.168.0.2 80-f6-2e-ca-c1-1e dynamic

192.168.0.5 f4-ec-38-77-7e-13 dynamic

192.168.0.101 b8-88-e3-e0-24-1c dynamic

192.168.0.102 b8-88-e3-f9-c7-d9 dynamic

192.168.0.115 b8-88-e3-f7-4f-c3 dynamics

192.168.0.11600-30-67-c1-ca-e2 dynamic

192.168.0.119 00-30-18-a3-a6-a1 dynamic

192.168.0.12000-24-1d-8a-9c-b6 dynamic

192.168.0.123 00-30-18-a5-0b-8f dynamic

192.168.0.12500-24-1d-bf-83-6b dynamic

192.168.0.137 00-e0-6f-22-9e-70 dynamic

192.168.0.147 00-30-18-a5-0b-3d dynamics

192.168.0.156 6c-f0-49-ae-83-8a dynamic

192.168.0.164 e0-cb-4e-53-da-d6 dynamic

192.168.0.172 00-e0-4c-37-9b-9a dynamic

192.168.0.17400-30-18-a4-72-f8 dynamic

192.168.0.184 00-30-18-a5-0b-3e dynamic

192.168.0.18900-0c-29-df-79-1f dynamic

192.168.0.190 cc-34-29-32-a7-63 dynamic

192.168.0.234 58-66-ba-f5-6d-49 dynamic

192.168.0.255 ff-ff-ff-ff-ff-ff static

224.0.0.2 01-00-5e-00-00-02 static

224.0.0.19 01-00-5e-00-00-13 static

224.0.0.22 01-00-5e-00-00-16 static

224.0.0.252 01-00-5e-00-00-fc static

224.1.1.1 01-00-5e-01-01-01 static

239.1.1.1 01-00-5e-01-01-01 static

239.1.1.10 01-00-5e-01-01-0a static

239.5.5.5 01-00-5e-05-05-05 static

239.10.2.1 01-00-5e-0a-02-01 static

239.255.255.250 01-00-5e-7f-ff-fa static

Temporary solution:

1. Create a file named arp.bat

2. The contents of the file are as follows:

@ echo off

Arp-s 192.168.0.00-23-89-e6-31-c3

Description: arp-s gateway IP gateway MAC address

The IP of the gateway can be seen by looking at the properties of your network card.

And the MAC address of the gateway is output with arp-a when your server is not attacked.

3. Set up the scheduled task and execute the arp.bat regularly. The time can be controlled by yourself, for example, once every 5 minutes.

This is only a temporary solution. You are not in front of the server all the time. Even if you are attacked by an ARP, it will automatically return to normal after 5 minutes.

The above is what the server temporarily solves the ARP spoofing attack. The editor believes that there are some knowledge points that we may see or use in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.