Shulou(Shulou.com)06/01 Report--

This article mainly explains "how to defend against arp attacks under Linux". Interested friends may wish to have a look. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn how to defend against arp attacks under Linux.

1. The method of obtaining the MAC addresses of all machines in the same network segment

If there is machine poisoning in the computer room, send arp packets. Although the mac address of the poisoned machine can be solved through arpspoof, it is difficult to find the IP corresponding to the mac address in the case of insufficient equipment in the computer room. Then, through a loop, we can use arping to send a packet to the machines under the entire subnet, so that we can look up the corresponding mac cache under arp.

The IP address that should be.

#! / bin/sh

# thanks to the author: Wu Hongsheng

For ((I = 1; I)

Mac_table

When the script is finished, look at the mac_table generated by the current directory.

# arp-a look up the MAC address of the gateway when you are poisoned, and record it to find the corresponding machine in mac_table. After that, you can find out that the machine is infected with ARP virus.

2.# original creator of the solution: yk103, thank you here!

Install libnet first

Http://www.packetfactory.net/libnet/dist/libnet.tar.gz

Tar-xvzf libnet.tar.gz

Cd libnet

. / configure

Make

Make install

Install arpoison

Http://www.arpoison.net/arpoison-0.6.tar.gz

Tar-xvzf arpoison-0.6.tar.gz

Cd arpoison

Gcc arpoison.c / usr/lib/libnet.a-o arpoison

Mv arpoison / usr/sbin

Write arpDefend.sh scripts.

#! bash

# arpDefend.sh

# yk103

# Gateway mac address

GATEWAY_MAC=00:11:BB:A5:D2:40

# destination mac address

DEST_MAC=ff:ff:ff:ff:ff:ff

# destination ip address (network segment broadcast address)

DEST_IP=60.191.82.254

# Local Nic interface

INTERFACE=eth0

# $mac address of INTERFACE

MY_MAC=00:30:48:33:F0:BA

# $ip address of INTERFACE

MY_IP=60.191.82.247

# create a static ip/mac entry on the local machine $DEST_IP--$GATEWAY_MAC

Arp-s $DEST_IP $GATEWAY_MAC

# send arp reply so that $DEST_IP updates the mac address of $MY_IP to $MY_MAC

Arpoison-I $INTERFACE-d $DEST_IP-s $MY_IP-t $DEST_MAC-r $MY_MAC 1 > / dev/null & at this point, I believe you have a better understanding of "how to defend against arp attacks under Linux". Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.